Hi,
Luca Ferrari wrote:
Adam T. Bowen's cat, on 09/09/2005 12.01, walking on the keyboard wrote:
Allowing external sFTP connections for normal users to your firewall box
[snip]
smbmount commands in there.
Dear Adam,
I'll appreciate any suggestion about this problem. How do you think it
can be possible to allow access from the external network to the share
on machine behind the firewall? I'd like a solution simper than setting
up a vnc network.
Thanks,
Luca
Port forwarding? Don't port forward the samba/netbios stuff through the
firewall though as that would be asking for trouble. It would be safer
to port forward the SFTP connections through it instead. So, you could
run the SFTP server on a machine behind your firewall and have the
firewall forward the connections to it.
Alternatively, if you have got a bunch of public IP addresses, you could
just use Network Address Translation (NAT) and then open up the ssh
ports through to the SFTP server.
Note that if you allow SFTP connections through your firewall (either
port forwarded or via NAT) then you are also allowing SSH connections.
This is because both SFTP and SSH use port 22. If this could be a
problem then you could try something like rssh to restrict users to only
certain services. You can find info about rssh here:
http://www.pizzashack.org/rssh/index.shtml
We have been using it for a while now, and it works fine.
A really good safe way to allow access to users from the internet to
your intranet is to use a Virtual Private Network (VPN). Doing so is
beyond the scope of this current thread though. Plenty of good howtos
on the web.
Cheers
Adam
-
: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
