[vox] Re: security dilemma

Jeffrey J. Nonken jjn_lugod at nonken.net
Fri Sep 22 09:26:49 PDT 2006


On Thu, 21 Sep 2006 23:44:02 -0700 (PDT)
Cylar Z <cylarz at yahoo.com> wrote:

> >3) Run dyndns on your broadband connection, and use
> >cron to re-resolve 
> >your 
> >IP on a regular basis, and update an iptables rule
> 
> You mean, in effect, have the server write its own
> IPTABLES rules after it determines what my originating
> IP address is? How would it know that? Remember, the
> server is on a remote network, and it accepts my
> incoming connection only because my originating IP is
> within a range that the firewall has been programmed
> to allow in. To my way of thinking, dyndns is for
> servers that run on dynamic-ip connections. The
> server's IP is static; it's my incoming connection
> whose source address is subject to change.

Maybe he meant that you should use DynDNS or similar service to track
the IP of your client, and have your server use cron to
periodically resolve the IP based on the DynDNS hostname and re-write
the relevant IPTABLES rules.


More information about the vox mailing list