Re: MAC addresses

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



quoth the Jason Opperisano:
> > What I would like to know is
> > could I use this rule to allow ssh connections ONLY from my notebook no
> > matter what its current IP address happens to be, and drop all other
> > connection requests?
>
> yes--as long as "notebook" and "ssh server" are on the same network.

I guess that won't look for what I want then, perhaps I can explain better: I 
already have ssh access for the notebook from the private interface of the 
server inside the LAN. The server accepts incoming www and smtp connections 
on the public interface, everything else is dropped. What I would like is ssh 
access from the public side, ie, the internet. This is so I could check my 
mail and update my website if I was on the road, from say,  web cafe's or 
somesuch where the IP address would change frequently.

> keep in mind--nothing prevents "badguy" from configuring his NIC to have
> the same MAC as your "notebook"

Good advice, and point taken.

> if you're worried about security of "ssh server"--disable
> PasswordAuthentication and only allow RSAAuthentication and/or
> PubkeyAuthentication.

I will look into this. I assume however that I would need to keep port 23 open 
for everyone on the public side for this to work. I was hoping to drop the 
packets from everyone except my notebook, hence the original question. Is 
there no way to do this?

Thanks Jason and Frank for taking the time to answer my questions,
-d
-- 
Part of the problem since 1976
http://badcomputer.no-ip.com
Get my public key from 
http://keyserver.linux.it/pks/lookup?op=index&search=bulliver
"...the number of UNIX installations has grown to 10, with more expected..."
- Dennis Ritchie and Ken Thompson, June 1972 

Attachment: pgpdUJ1ZYOS8T.pgp
Description: PGP signature


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux