how do I target a specific machine - not ip address?
seandarcy2 at gmail.com
Sun Dec 10 19:33:37 CET 2006
Elvir Kuric wrote:
> Hi Sean,
> MAC address will not help you. But you can implenment
> many other ways to connect to your server.
> First you can change ssh port to listen different than
> 22, no mater which, I am hoping you know do this.
> Second you can implement iptables rule to accept all
> ssh connections to that port ... something like
> iptables -A INPUT -p tcp --dport 32022 -s any/0 -d
> your_server_ip -j ACCEPT
> Then implement rules to accept only 2 or more ( it
> depends on you ) ssh connection per minute, and you
> can make some rule for port knocking in combination
> with iptables ( I know port knocking is clear text,
> but posible intruder will get only ssh prompt ).
> Of course there are many other security considerations
> and I am hoping that other list member will take part
> in this discussion.
> I hope this helps
> Elvir Kuric
> --- sean <seandarcy2 at gmail.com> wrote:
>> I want to connect from travel to my server. Since
>> connecting through hot-spots or hotel connections,
>> my ip
>> address will be all over the place.
>> I thought about putting the laptop's MAC address in
>> packet, and using mac-source, but I've it seems to
>> address is stripped out over the internet.
>> So, how do I set it up so the server will know my
>> from whatever ip address I happen to have.
>> BTW, the laptop is linux, so I can mangle
>> POSTROUTING if
>> that helps.
>> I can ssh, but what I want to do is set up an NFS
ssh is not the problem. I can ssh into the server using the
techniques you describe.
My problem is mounting an NFS share. I want to set up
iptables so that it will accept packets from my laptop,
regardless of ip address.
Then I can open up NFS and not rely on the goofy hosts.allow
More information about the netfilter