Re: Silly network question : communicating between 2 remote machines
- From: BearItAll <spam@xxxxxxxxxxxxx>
- Date: Tue, 21 Mar 2006 09:50:45 +0000
fda wrote:
A friend an I are both using SuSE on our respective machines, some miles
away. Both of us have (sort of) fixed IP addresses. Both of us have a
router because each of us has a numer of different PCs to connect to the
network.
We can both ping each other. Both of us launched nmap, and succeeded in
checking the open ports on the other one's machine. We both have
ADSL/cable high-speed connections.
Now, what we are lacking is a kind of checklist to know what we have to
do to use
* ssh (port 23 ?)
* X-windows (port 6000 ?)
* NFS (???)
between our machines, through the jungle of router firewall, SuSE
firewall, pam declarations, without inviting the whole planet to use the
same services. Does anybody know if there is such a checklist somewhere
on the net ? :-) Thanks in advance !
Ok, first security. Having secure comms means nothing if either end of the
tunnel is unsafe. So, each do a little check of your networks, no excess
services, check the secure log to see that nothing is being brought to your
attention. Check the machines on your network are clean.
Here is your check list, prepare ye well Gwassopper to undertake this task
put before you.
VPN, is a means of putting the traffic of one network into the traffic of
another. Either or both of those networks could be multi-computer or a
single computer. Obviously putting the traffic of a network in the class of
192.168.10.0 onto a network who's class is 192.168.2.0 would have little
meaning. So part of the function of the VPN is to translate the traffic of
the remote machine/network so that it appears as if it is local traffic. It
Masquerades.
So from that you can see that the next in our list of things to learn is
Masquerading. Masquerading is used in several areas of server systems, they
actually all mean the same thing, but have different uses. Put simply it
means Pretend Bobby is Kevin, if Bobby doesn't look like Kevin, then slap a
bit of grease paint on his face until he does. (Gads, thats a naff
description, just came to me in a moment of madness. But I'm sure your
bright enough to understand).
In these two that we have mentioned though we have not mentioned any
security what so ever. VPN on its own is Not secure, and Masquerading
'don't fool no one'.
You mention ssh and ssh is secure, but is not really right on its own for
this particular job anymore. Instead we should skip straight over and learn
about IPsec. In this you would learn about the creation and exchange of
keys. The Cisco web site goes into excruciatingly painfull detail about
this. But Gwassopper, learn where the public key is created and you find a
much more understandable source of information, in Africa no less. IPSec
isn't the only way, but it is currently the most popular. Security will
always be an ever changing beast, it has to be because in the end All
security can be cracked, so it is important to keep security a moving
target.
PPTP, point to point. Now pptp is one of those things that every one agrees
(disagree with me if you like, but you'll be the odd one out:) ), its just
bloody horrible. As in their other products, they forgot to add security so
slapped it on afterwards in a way that isn't particularly secure. Who came
up with pptp again? Oh, now I remember, but I wont mention it here because
I don't want to be accused of being an MS basher. So if you want to know
who look it up for yourself. But still, we're stuck with it now, so what is
it.
Think of the channel tunnel, you have a big wide tunnel for the passenger
trains (the data) and a smaller tunnel for services and rat exchange.
Luckily we in the Linux world have the means of securing that traffic, we
don't even get the rats.
So pptp is next on our list.
So there you have it, not a lot to study, between the two of you should have
it sorted by summer 2008.
However, although it is very wise to read up on the above because each of
those is involved, you can take a slight shortcut when it comes to
implementing it with OpenVPN.
Good luck Gwassopper.
.
- References:
- Prev by Date: Re: Hardware queery
- Next by Date: Re: how to erase a dvd+rw ?
- Previous by thread: Re: Silly network question : communicating between 2 remote machines
- Next by thread: YaST Online Update and new wine-version
- Index(es):
Relevant Pages
|
