[ previous ] [ next ] [ threads ]
 
 From:  Lee Sharp <leesharp at hal dash pc dot org>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Remote access
 Date:  Mon, 27 Aug 2007 23:28:20 -0500
Bob Young wrote:

> I had several follow-up questions if I may.  I put the >> marks next to what
> you said earlier.  Hope I did it right.

This could make it tougher to follow now, but we will try.

>> I have also been trying to set up remote access  on my M0n0wall, using
>> Dyndns like you do.

As a side note, dyndns has recently done something I find fundamentally 
wrong.  I may be switching.  Frustrating as I have liked there service 
for a while now.  Watch the space for more to come.

> When you say "ssl", I assume you mean https, since I read that https uses
> ssl?  
> 
> I see I need to pick "https" in the System: General Setup page?

Sloppy on my part.  They are not really the same, but are often used 
interchangeably.  When you pick https: it will use ssl on port 443. 
However, you can set a different port for http or https.

> When you say "strong password", I assume you mean a complicated password for
> logging into M0n0wall?

Yes.

> That's nice to know I only have to set up rules in Firewall: Rules: WAN
> section.

To get into the firewall, yes.

> If I would have picked "http" on the System: General Setup page, then would
> I be going through Port 80 by default?  
> 
> I understand https is better, since it encrypts the data that is sent.  So
> if I choose "https" (which I probably will), I understand that I will have
> to go to Firewall: Rules, to put in 443 as the port?

Yes again.

> Since I'm using Dyndns, is this what I would type into my IE address window
> to remote into my M0n0wall?:

Yes.

> https://username.dyndns.org   ?  I understand this whole thing is called my
> "host name".

Yes.

> Assuming I'm going to use https (port 443) to remote into my M0n0wall, I'll
> try to give you what I think I might need to use. By the way my ISP hands
> out dynamic IP addresses.  
> 
> First I would go to: Firewall: Rules .  Click on the WAN tab.  Click on the
> "+" sign, to add a new rule.  Be sure to pick the "WAN" interface, and click
> on "Pass".
> 
>       Protocol    Source      Port        Destination       Port
> Description
> 
> Pass  TCP         ????        Any         ????              443         See
> next few lines for description

I have;
  TCP  *  *  WAN address  43 (HTTPS)  Allow Remote Admin

> On the WAN interface Pass: 
> 
> "TCP" incoming Protocol, coming from ???? Source, using "any" Port, 
> 
> GOING TO:   
> 
>  ???? Destination, on HTTPS (port 443).
> 
> I don't know what to use for Source and Destination.  

Source is any / any.  Destination is WAN address / 443.

> I'm thinking for destination I should use x.x.x.0/24 (with x.x.x being the
> first three dynamic IP numbers of my ISP).  I assume the subnet mask is
> 255.255.255.0.   Since it's dhcp,  my ISP didn't need to tell me.

Overkill.  m0n0wall knows what it's IP address is.

>>From what you say, it looks like Dyndns only allows me to get into my
> M0n0wall, and not to my AP or CPEs, which are connected to my AP.without
> doing something that you called "inbound NAT".

Dyndns gice you your external IP.  m0n0wall can forward you to your ap's 
or allow vpn or whatever.

>>From what you are saying it looks like I should go to.
> 
> Firewall: NAT: Inbound to set up the NAT rules that you speak of?

This is slightly more complex, and can be in a new thread. :)

			Lee