Re: how do I target a specific machine - not ip address?

[sean <seandarcy2@gmail.com>]

Elvir Kuric wrote:
> Hi Sean, 
> 
> MAC address will not help you. But you can implenment
> many other ways to connect to your server. 
> First you can change ssh port to listen different than
> 22, no mater which, I am hoping you know do this. 
> Second you can implement iptables rule to accept all 
> ssh connections to that port ... something like 
> iptables -A INPUT -p tcp --dport 32022 -s any/0 -d
> your_server_ip -j ACCEPT
> Then implement rules to accept only 2 or more ( it
> depends on you ) ssh connection per minute, and you
> can make some rule for port knocking in combination
> with iptables ( I know port knocking is clear text,
> but posible intruder will get only ssh prompt ). 
> 
> Of course there are many other security considerations
> and I am hoping that other list member will take part
> in this discussion.
> 
> I hope this helps 
> 
> Regards 
> Elvir Kuric
> 
> 
> --- sean <seandarcy2@gmail.com> wrote:
> 
>> I want to connect from travel to my server. Since
>> I'm 
>> connecting through hot-spots or hotel connections,
>> my ip 
>> address will be all over the place.
>>
>> I thought about putting the laptop's MAC address in
>> the 
>> packet, and using mac-source, but I've it seems to
>> MAC 
>> address is stripped out over the internet.
>>
>> So, how do I set it up so the server will know my
>> laptop 
>> from whatever ip address I happen to have.
>>
>> BTW, the laptop is linux, so I can mangle
>> POSTROUTING if 
>> that helps.
>>
>> I can ssh, but what I want to do is set up an NFS
>> mount.
>>
>> sean
>>
>>


ssh is not the problem. I can ssh into the server using the 
techniques you describe.

My problem is mounting an NFS share. I want to set up 
iptables so that it will accept packets from my laptop, 
regardless of ip address.

Then I can open up NFS and not rely on the goofy hosts.allow 
hosts.deny stuff.

sean