Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Firewalls, etc.' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Firewalls, etc.
Authored by: legacyb4 on Jan 31, '03 09:17:32PM

Actually, it is necessary to open a tunnel from the remote client (private network) to the intermediary Linux host (DMZ) due to firewall policy.

Basically, traffic looks like this:

Remote client =outgoing tunnel=> Linux host <=incoming tunnel= local host

where traffic from the local host is being forwarded back through the \"outgoing tunnel\" from the remote client.

The primary reason being that in a properly set up firewalled network, NO traffic should ever be allowed in FROM the DMZ TO the private network... thus, requiring the need for the initial outgoing tunnel FROM the private network TO the DMZ.

If that wasn\'t there, traffic from the local client would travel over the tunnel to the Linux host, but would hit a dead end.

For a home network, you normally don\'t have a separate DMZ so a simple TCP tunnel over SSH direct to your home Mac is good enough.

ssh user@your.macosx.host -L 10407:127.0.0.1:407

If you also have an Windows XP Pro machine on your home network, you could access that as well with a simple port forward of port 3389 (RDC traffic) with:

ssh user@your.macosx.host -L 3389:xxx.xxx.xxx.xxx:3389 (where xxx.xxx.xxx.xxx is your XP\'s IP address on your home network)

Make sense?



[ Reply to This | # ]