[ previous ] [ next ] [ threads ]
 From:  Peter Allgeyer <allgeyer at web dot de>
 To:  Dave Evans <dave dot whangarei at gmail dot com>
 Cc:  Monowall List <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] How to track a changing external IP to access the webGUI
 Date:  Sat, 16 Jul 2005 11:16:34 +0200
Hi Dave!

Am Samstag, den 16.07.2005, 19:57 +1200 schrieb Dave Evans:
> I do use a dynamic dns service (www.dyndns.org) to maintain a 
> current record of my home IP through one of their free domain 
> names but where would I put the DynDNS domain name into Monowall,
>  to allow it to automatically have a rule that points to my current IP ??
Not possible and somewhat risky. If your IP changes and the DNS-Server
m0n0wall uses has cached the old entry, it's possible that another user
has access to your WebGUI. Since this GUI is also protected by a
password, this might be acceptable. So I think, we can discuss including
DNS names in rulesets for next version of m0n0wall (if the filter code
accepts such a syntax - pf for example does [1]).

> As a workaround I have access to a W2K Remote Desktop session that 
> allows me to go into the W2K box and access the Monowall box from the 
> LAN to change the firewall rule that identifies what my current external 
> IP is but that can really only be considered a short-term solution.
Other solutions:

     1. Use IPSEC or PPTP with an inside http or socks proxy
     2. Use an m0n0wall ssh image [2] with certificates and redirect
        port 80 or 443 from m0n0wall to your ssh client (if dropbear [3]
        does support that)

Ciao ...
	... PIT ...

[1] http://www.openbsd.org/faq/pf/filter.html#syntax
[2] http://www.xs4all.nl/~fredmol/m0n0/
[3] http://matt.ucc.asn.au/dropbear/dropbear.html

 copyleft(c) by |   _-_     Less is more or less more  -- Y_Plentyn
 Peter Allgeyer | 0(o_o)0   on #LinuxGER