Alex Feldman a écrit :
iptables -A INPUT -m mac --mac-source XX:XX:XX:XX:XX:XX -j ACCEPT
:> Be aware that this will work only when the client and the server are
:> on the same network (link layer). MAC addresses don't go through
:> routers.
And apparantly the wireless box I have that the phone company sold me
does this. I thought it wouldn't be a problem, since I treat the house
as one segment, but apparantly it is.
It all depends on what the wireless box really is and how you connected
the client and the server to it.
If the box is a simple wireless access point, it acts like a bridge and
the server should see the client MAC address. If the box is a wireless
router with a WAN port, (wired) LAN ports and a wireless WLAN interface,
usually the LAN ports and the WLAN interface are bridged together and
share the same subnet just like an access point, but the WAN port is
routed so MAC addresses between the WAN and the LAN/WLAN are hidden.
OK, so here is my idea now: Open up the computer to port 22 for a ssh
connection, with keys that I put on my computer at home and my laptop.
THen I can ssh in, securely. The risk is that I leave my laptop
somewhere, there would be no way to get in without that key. Once in
via ssh, I would open up a few other ports via ipchains to let me get my
IMAP mail or whatever else, and then close them right back down again.
You could also open TCP tunnels within the SSH session to make things
simpler.
