From: "Adam T. Bowen" <adam.bowen@connectinternetsolutions.com>
To: linux-admin@vger.kernel.org
Subject: Re: automount thru winscp
Date: Fri, 09 Sep 2005 13:01:32 +0100 [thread overview]
Message-ID: <4321799C.2080900@connectinternetsolutions.com> (raw)
In-Reply-To: <43216428.2040804@infinito.it>
Hi,
Luca Ferrari wrote:
> Adam T. Bowen's cat, on 09/09/2005 12.01, walking on the keyboard wrote:
>
>>
>> Allowing external sFTP connections for normal users to your firewall box
[snip]
>> smbmount commands in there.
>
> Dear Adam,
> I'll appreciate any suggestion about this problem. How do you think it
> can be possible to allow access from the external network to the share
> on machine behind the firewall? I'd like a solution simper than setting
> up a vnc network.
> Thanks,
> Luca
Port forwarding? Don't port forward the samba/netbios stuff through the
firewall though as that would be asking for trouble. It would be safer
to port forward the SFTP connections through it instead. So, you could
run the SFTP server on a machine behind your firewall and have the
firewall forward the connections to it.
Alternatively, if you have got a bunch of public IP addresses, you could
just use Network Address Translation (NAT) and then open up the ssh
ports through to the SFTP server.
Note that if you allow SFTP connections through your firewall (either
port forwarded or via NAT) then you are also allowing SSH connections.
This is because both SFTP and SSH use port 22. If this could be a
problem then you could try something like rssh to restrict users to only
certain services. You can find info about rssh here:
http://www.pizzashack.org/rssh/index.shtml
We have been using it for a while now, and it works fine.
A really good safe way to allow access to users from the internet to
your intranet is to use a Virtual Private Network (VPN). Doing so is
beyond the scope of this current thread though. Plenty of good howtos
on the web.
Cheers
Adam
next prev parent reply other threads:[~2005-09-09 12:01 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-09-08 17:39 automount thru winscp Luca Ferrari
2005-09-09 10:01 ` Adam T. Bowen
2005-09-09 10:30 ` Luca Ferrari
2005-09-09 12:01 ` Adam T. Bowen [this message]
2005-09-09 13:04 ` Stephen Samuel
2005-09-10 3:33 ` linux-user
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4321799C.2080900@connectinternetsolutions.com \
--to=adam.bowen@connectinternetsolutions.com \
--cc=linux-admin@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).