FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 09-27-2010, 09:47 AM
Zhang Weiwu
 
Default loose access control that works for dynamic IP address

On 2010年09月27日 16:54, Scott Ferguson wrote:

Would dyn-dns help?

ahhh, yes. This is exactly what I used. I know how to get dynamic dns
running, but need a way to control access to it.



Here I re-ask the question in plain language and an improvised example:



I have computer A that runs a website. I only want
myhost.dyn-dns.com to be able to access this website, others who want
to access the website should get denied. How do I configure computer A?
 
Old 09-27-2010, 10:12 AM
Scott Ferguson
 
Default loose access control that works for dynamic IP address

On 27/09/10 19:47, Zhang Weiwu wrote:
> On 2010年09月27日 16:54, Scott Ferguson wrote:
>> Would dyn-dns help?
> ahhh, yes. This is exactly what I used. I know how to get dynamic dns
> running, but need a way to control access to it.
>
> Here I re-ask the question in plain language and an improvised example:
>
> I have computer A that runs a website. I only want
> myhost.dyn-dns.com to be able to access this website, others who
> want to access the website should get denied. How do I configure
> computer A?
>
>
>

Ah, that indeed is the question. The exact one I happened to be working
on when you posted. The partial solution I've come up with so far
doesn't leave me satisfied - I want (as you) to restrict http (and
https) access to that routed through a dyn.dns site - I'm suspecting
that I need some sort of forwarding rule at the firewall but I haven't
gotten around to working out what.

In my case it's for (Debian) vm appliances which will be deployed on
client machines - where they could conceivably be (partially) DOSed
because they'll be running on <fnord>Windoof LANs. Not a lot of
bandwidth or resources to begin with, on a possibly noisy network - and
that's on the green side of the outer firewall :-(

Something I'll have a think about after dinner.

Please keep me posted as to your results.

Cheers


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 4CA06E24.2060707@gmail.com">http://lists.debian.org/4CA06E24.2060707@gmail.com
 
Old 09-27-2010, 10:25 AM
Jochen Schulz
 
Default loose access control that works for dynamic IP address

Zhang Weiwu:
>
> Here I re-ask the question in plain language and an improvised example:
>
> I have computer A that runs a website. I only want
> myhost.dyn-dns.com to be able to access this website, others who
> want to access the website should get denied. How do I configure
> computer A?

It would help to know what software "runs the website". Are we talking
about Apache2? Then you might find the following links interesting/
helpful:

http://forum.dyndnscommunity.com/forum/viewtopic.php?f=17&t=2328&view=next
http://old.nabble.com/allow-from-%22hostname%22-not-working..-td17999519.html

J.
--
Fashion is more important to me than war, famine, disease or art.
[Agree] [Disagree]
<http://www.slowlydownward.com/NODATA/data_enter2.html>
 
Old 09-27-2010, 10:59 AM
Zhang Weiwu
 
Default loose access control that works for dynamic IP address

On 2010年09月27日 18:25, Jochen Schulz wrote:
> It would help to know what software "runs the website". Are we talking
> about Apache2?

No. In fact I wanted to abstract the software running on there for a
reason: there is a http server (not apache2, but bozohttpd because I am
developing a modified version of it for special purpose), a nfsv4 mount
daemon, plus an ssh server. The last one doesn't have to be secured this
much for obvious reasons.

And VPN is not a good candidate because it cannot stand the crazy
network in Beijing where tcp connection drops after a while no matter
what. On the other hand, both http and nfs handle connection drop rather
easily (they simply re-connect).



--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 4CA0790B.1080905@realss.com">http://lists.debian.org/4CA0790B.1080905@realss.com
 
Old 09-28-2010, 01:27 PM
Anand Sivaram
 
Default loose access control that works for dynamic IP address

On Mon, Sep 27, 2010 at 16:29, Zhang Weiwu <zhangweiwu@realss.com> wrote:

On 2010年09月27日 18:25, Jochen Schulz wrote:

> It would help to know what software "runs the website". Are we talking

> about Apache2?



No. In fact I wanted to abstract the software running on there for a

reason: there is a http server (not apache2, but bozohttpd because I am

developing a modified version of it for special purpose), a nfsv4 mount

daemon, plus an ssh server. The last one doesn't have to be secured this

much for obvious reasons.



And VPN is not a good candidate because it cannot stand the crazy

network in Beijing where tcp connection drops after a while no matter

what. On the other hand, both http and nfs handle connection drop rather

easily (they simply re-connect).







--

To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org

with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Archive: http://lists.debian.org/4CA0790B.1080905@realss.com




Try using openvpn in between. *That could make a secure and reliable connection over UDP. *So when the network comes back, it will re-establish the connection without any manual intervention.
 
Old 09-28-2010, 08:34 PM
Klistvud
 
Default loose access control that works for dynamic IP address

Dne, 27. 09. 2010 12:25:51 je Jochen Schulz napisal(a):


J.
--
Fashion is more important to me than war, famine, disease or art.
[Agree] [Disagree]

<http://www.slowlydownward.com/NODATA/data_enter2.html>




Keep 'em coming, J. It's been a while since I've come across somehing
that poignant.


--
Regards,

Klistvud
Certifiable Loonix User #481801
http://bufferoverflow.tiddlyspot.com

Please reply to the list, not to me.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 1285706082.15388.0@compax">http://lists.debian.org/1285706082.15388.0@compax
 

Thread Tools




All times are GMT. The time now is 12:55 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org