fedora-users October 2011 archive
Main Archive Page > Month Archives  > fedora-users archives
fedora-users: Re: Remote access

Re: Remote access

From: Rick Sewill <rsewill_at_nospam>
Date: Fri Oct 14 2011 - 15:35:26 GMT
To: Community support for Fedora users <users@lists.fedoraproject.org>

On Friday, October 14, 2011 10:25:59 AM Rick Sewill wrote:
> On Friday, October 14, 2011 06:05:29 AM Marko Vojinovic wrote:
> > On Friday 14 October 2011 05:13:53 KC8LDO wrote:
> > > Is there a way to use ssh to get through a firewall for remote access
> > > to a system? The situation I'm looking at is a Fedora system sitting
> > > behind a company firewall, which I have no control over, that I wish
> > > to gain access to by logging into it over the Internet from a remote
> > > computer. In other words the connection is initiated from outside of
> > > the firewalled company network.
> > >
> > > What I'm thinking is using ssh to forward a port, 3389, to another
> > > computer on my own private network (also behind a firewall and NAT
> > > router) at home acting as a middle man. Then from another computer,
> > > lets say at a hotel, logging in to the same computer on my private
> > > home network and have it pass traffic bidirectionaly between the two
> > > end point computers.
> > >
> > > Is this something than can be done using ssh and if so how? I would
> > > also like to have the remote Fedora system connection to the middle
> > > man computer remain even if the remote computer is not connected.
> >
> > You want to look into OpenVPN. It does take some time to read the docs
> > and set it up, but it's worth it.
> >
> > http://openvpn.net/index.php/open-source.html
> >
> > Essentially, it adds a virtual ethernet device (called tap) to each
> > machine, and connects these into a virtual LAN. From that point on you
> > can do whatever you want, as if the machines were next to each other in
> > the same room, connected to an ethernet switch.
> >
> > It may happen that the default openvpn port is blocked by the company
> > firewall. In that case just reconfigure your machines to use openvpn on
> > some port that is not blocked. Other than that, openvpn will work for you
> > all over the globe, and it is completely under your control.
> >
> > Best, :-)
> > Marko
>
> Please talk with your manager and your sysadmin.
>
> A good sysadmin will look at the firewall logs, will see something strange,
> will report it up to the chain of command, to his boss.
>
> If the sysadmin doesn't, he should lose his job.
>
> If you do something, behind the companies back, the company can't trust
> you. If a company can't trust you, they have to design you out of the
> company. They have to get rid of you.
>
> I've worked remotely for a number of companies.
>
> In each case, the company, and the sysadmin, wanted me to vpn in.
> They helped me. They arranged which VPN I was to use and what I could
> access. They also insured their security wasn't compromised.
>
> If you bypassed security at a company where I worked, you would be
> discovered. You would be fired.

I should add, in each case, the company provided me with the laptop to use.
The company insured the laptop had the firewall and virus software they wanted.
The sysadmin managed the laptop; either remotely or I brought the laptop in.
I was to use that laptop for work, and nothing else.
I was not to use any other PC for accessing work, only that laptop.

-- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines