[aklug] Remote access setup

From: Damien Hull <dhull@digitaloverload.net>
Date: Wed Dec 12 2007 - 17:30:55 AKST

I'm remotely access my network from a Starbucks in Hawaii.

    * Gate Keeper box
          o Allows ssh access to the DMZ
                + port on the outside is above 10000
          o Hasn't been secured yet
          o Not using keys at the moment
          o squid
                + Can only access it through ssh
                + allows access to websites on the dmz
                + allows access to websites on my privet network
                + allows secure web surfing through ssh
                      # ssh -p [ssh port #] -L 3128:localhost:3128
                      # Configure Firefox to use a proxy on localhost
                        port 3128
                      # All web connections to the DMZ are tunneled
                        trough ssh
          o ssh access to the internal server
    * Test server
          o ssh access
          o web
          o email
          o webmin
                + not installed yet
    * Subversion
          o Using subversion to keep track of config data on the test server
          o Don't say anything about git. I know I need to switch.

So far everything is working fine. I do need to lock down the gate
keeper box though. I'm impressed with the internet connection at
Starbucks. I had to download a few things and got over 150 down. Nice!
It's T-Mobile Internet service. It's kind of pricey.

I did some Christmas shopping on Amazon through the ssh connection to
the squid proxy. It's a safe and secure connection from anywhere to the
proxy server. Even if T-Mobile is logging my traffic they won't be able
to see anything.

I'm sure my little setup has a few holes in it. Oh, I decided to use pin
holes. I use IPCop and didn't have the time to figure out a NAT
solution. That's for connections going into the privet network.

If anyone has questions or comments let me know. Again,I'm sure there
are holes in this setup. In my case I think I'm safe. It's a test
network. If something gets hacked I can always replace the data from
subversion.

---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Wed Dec 12 17:31:11 2007

This archive was generated by hypermail 2.1.8 : Wed Dec 12 2007 - 17:31:12 AKST