IPTABLES Remote User Question

[dalton]

Hi, Currently i'm using a RedHat 7.2 Iptables Firewall securing my network on an adsl broadband connection. The firewall is of course stripped down to refuse any incoming connections. The problem i have is that i want a remote user to be able to come onto my network through my firewall (i've arranged a static adsl address). What is the best way to go about this, bearing in mind that i also still want my network to be secure (i.e. how do i verify that the user coming into my network is an authorised user with permissions to access my network resources?)

Any help would be appreciated.

[Goran]

I didn't understand you completely: do YOU ( the firewall) have a staic ip or does the remote user have it ? Or do you both have it ? If the remote user has a static ip, then just add a rule in iptables on top of all others giving acces to that ip. like :
iptables -A INPUT -s 200.200.200.200 -j ACCEPT or something like that
On the other hand, if the remote user has a dyanmic ip address, sorry I am not sure which is the best way to do it.

[dalton]

thanks. the firewall has a static ip address, the user does not. so if ya think of any way.....?

[shankar]

try to use ipchains for the above solution

[dalton]

I can use ipchains but what way should i go about configuration?

[bpark]

Why ipchains? Ipchains doesn't support stateful packet inspection. Stick with iptables. If you do use stateful packet inspection, make sure you have the rules of the iptables in order to accept incoming connections on first adn then start rejecting other connections afterwards.

For your other question, I'd suggest running an OpenSSH server and possibly changing the port number to a higher one (above 1024). This way, even if people constantly try port 22 (default SSH port), they won't see anything. Also, you probably already have a good idea about this but make sure he/she has a strong password.