I need to have some pinhole rules for an external user whose IP
addressed is assigned dynamically. The user has a dynip.com hostname.
But I have just discovered that I can't seem to use a hostname as an
address for a rule. Nor will m0n0 allow a hostname as an address in an
The user is in a rural location. His only option is plain old dial-up.
I had advised him to use some dynamic DNS service, and then I would
configure rules based on that. However, I m0n0 doesn't allow me to do
what I want to do here. The more I think about it, the more I see why.
(We certainly don't want the filter to be doing name resolution every
time it needs to check a packet.)
Can anyone think of any work-arounds.
There were a couple of things that I wanted to open up for this user:
Destination port 22 to some DMZ machines (and maybe some LAN machines)
Dest 443 to the m0n0wall itself.
Here are the (very unpleasent) work-arounds that I can imagine.
(1) Let dst:22 through to the DMZ from WAN, but set up port knocking on
each machine on the DMZ.
(2) Once user can ssh in to LAN, then have the user tunnel X11 over his
ssh connection and work from there.
An alternative option is to have him use VPN.
I really don't like any of those. And I'm hoping that someone is aware
of a solution that I haven't thought of.