loose access control that works for dynamic IP address
On 2010年09月27日 16:54, Scott Ferguson wrote:
Would dyn-dns help?
ahhh, yes. This is exactly what I used. I know how to get dynamic dns
running, but need a way to control access to it.
Here I re-ask the question in plain language and an improvised example:
I have computer A that runs a website. I only want
myhost.dyn-dns.com to be able to access this website, others who want
to access the website should get denied. How do I configure computer A?
09-27-2010, 10:12 AM
Scott Ferguson
loose access control that works for dynamic IP address
On 27/09/10 19:47, Zhang Weiwu wrote:
> On 2010年09月27日 16:54, Scott Ferguson wrote:
>> Would dyn-dns help?
> ahhh, yes. This is exactly what I used. I know how to get dynamic dns
> running, but need a way to control access to it.
>
> Here I re-ask the question in plain language and an improvised example:
>
> I have computer A that runs a website. I only want
> myhost.dyn-dns.com to be able to access this website, others who
> want to access the website should get denied. How do I configure
> computer A?
>
>
>
Ah, that indeed is the question. The exact one I happened to be working
on when you posted. The partial solution I've come up with so far
doesn't leave me satisfied - I want (as you) to restrict http (and
https) access to that routed through a dyn.dns site - I'm suspecting
that I need some sort of forwarding rule at the firewall but I haven't
gotten around to working out what.
In my case it's for (Debian) vm appliances which will be deployed on
client machines - where they could conceivably be (partially) DOSed
because they'll be running on <fnord>Windoof LANs. Not a lot of
bandwidth or resources to begin with, on a possibly noisy network - and
that's on the green side of the outer firewall :-(
Something I'll have a think about after dinner.
Please keep me posted as to your results.
Cheers
--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 4CA06E24.2060707@gmail.com">http://lists.debian.org/4CA06E24.2060707@gmail.com
09-27-2010, 10:25 AM
Jochen Schulz
loose access control that works for dynamic IP address
Zhang Weiwu:
>
> Here I re-ask the question in plain language and an improvised example:
>
> I have computer A that runs a website. I only want
> myhost.dyn-dns.com to be able to access this website, others who
> want to access the website should get denied. How do I configure
> computer A?
It would help to know what software "runs the website". Are we talking
about Apache2? Then you might find the following links interesting/
helpful:
J.
--
Fashion is more important to me than war, famine, disease or art.
[Agree] [Disagree]
<http://www.slowlydownward.com/NODATA/data_enter2.html>
09-27-2010, 10:59 AM
Zhang Weiwu
loose access control that works for dynamic IP address
On 2010年09月27日 18:25, Jochen Schulz wrote:
> It would help to know what software "runs the website". Are we talking
> about Apache2?
No. In fact I wanted to abstract the software running on there for a
reason: there is a http server (not apache2, but bozohttpd because I am
developing a modified version of it for special purpose), a nfsv4 mount
daemon, plus an ssh server. The last one doesn't have to be secured this
much for obvious reasons.
And VPN is not a good candidate because it cannot stand the crazy
network in Beijing where tcp connection drops after a while no matter
what. On the other hand, both http and nfs handle connection drop rather
easily (they simply re-connect).
--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 4CA0790B.1080905@realss.com">http://lists.debian.org/4CA0790B.1080905@realss.com
09-28-2010, 01:27 PM
Anand Sivaram
loose access control that works for dynamic IP address
On Mon, Sep 27, 2010 at 16:29, Zhang Weiwu <zhangweiwu@realss.com> wrote:
On 2010年09月27日 18:25, Jochen Schulz wrote:
> It would help to know what software "runs the website". Are we talking
> about Apache2?
No. In fact I wanted to abstract the software running on there for a
reason: there is a http server (not apache2, but bozohttpd because I am
developing a modified version of it for special purpose), a nfsv4 mount
daemon, plus an ssh server. The last one doesn't have to be secured this
much for obvious reasons.
And VPN is not a good candidate because it cannot stand the crazy
network in Beijing where tcp connection drops after a while no matter
what. On the other hand, both http and nfs handle connection drop rather
easily (they simply re-connect).
--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Try using openvpn in between. Â*That could make a secure and reliable connection over UDP. Â*So when the network comes back, it will re-establish the connection without any manual intervention.
09-28-2010, 08:34 PM
Klistvud
loose access control that works for dynamic IP address
Dne, 27. 09. 2010 12:25:51 je Jochen Schulz napisal(a):
J.
--
Fashion is more important to me than war, famine, disease or art.
[Agree] [Disagree]
Keep 'em coming, J. It's been a while since I've come across somehing
that poignant.
--
Regards,
Klistvud
Certifiable Loonix User #481801
http://bufferoverflow.tiddlyspot.com
Please reply to the list, not to me.
--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 1285706082.15388.0@compax">http://lists.debian.org/1285706082.15388.0@compax
loose access control that works for dynamic IP address
