jcgreer
asked on
How can I use no-ip.org dns to update iptables for remote access with Linux router
Hello, I have a linux box that is a router/gateway running iptables rule sets. I have setup a dynamic dns account at www.no-ip.org. This runs a client on my laptop that updates my record at no-ip.org with my current ip address (ie. fred.myvnc.com = xxx.xxx.xxx.xxx).
What I would like to do of course, is have my iptables firewall update with my ip address from my resolved no-ip dns, and allow my laptop to connect to ssh and remote desktop from where ever I am. And have it update, every 5min? or so. (Usually at my home or another office (but my concern is that my home ip might change and cause me a problem in the future (or if I am out of town))). I realize that I would not want to do this from a cyber cafe, but I do not want to have the port open to the world full time either, and that IP would change as soon as I get to the office.
I looked a something called port-knocker, http://www.ducea.com/2006/07/05/how-to-safely-connect-from-anywhere-to-your-closed-linux-firewall/
that looked interesting, but I would rather have it more 'automatic' that I do not need to really do anything special to initiate this (aside from the no-ip.com stuff (which I already use for my home stuff))
Thanks
What I would like to do of course, is have my iptables firewall update with my ip address from my resolved no-ip dns, and allow my laptop to connect to ssh and remote desktop from where ever I am. And have it update, every 5min? or so. (Usually at my home or another office (but my concern is that my home ip might change and cause me a problem in the future (or if I am out of town))). I realize that I would not want to do this from a cyber cafe, but I do not want to have the port open to the world full time either, and that IP would change as soon as I get to the office.
I looked a something called port-knocker, http://www.ducea.com/2006/07/05/how-to-safely-connect-from-anywhere-to-your-closed-linux-firewall/
that looked interesting, but I would rather have it more 'automatic' that I do not need to really do anything special to initiate this (aside from the no-ip.com stuff (which I already use for my home stuff))
Thanks
ASKER
Thanks for the reply. However, let me add some more detail. I am trying to go the other way around.
The server is at my office and has a static ip address already.
My current configuration is working with remote desktop to my windows boxes and ssh to the server from my house (fortunately they do not change my ip address that often (but when they do.. of course it is 2am and I have to drive into the office)).
I need to be able to connect to ssh on that server with my laptop from my house or out of town, or from my dynamic ip on a SprintPCS broadband card.
So all I need is the server to lookup my no-ip.com address and rewrite the iptables rules from my (now) current ip address. So I can use it from anywhere, but I do not want the server to accept ssh from just any ip address in the world.
Thanks
The server is at my office and has a static ip address already.
My current configuration is working with remote desktop to my windows boxes and ssh to the server from my house (fortunately they do not change my ip address that often (but when they do.. of course it is 2am and I have to drive into the office)).
I need to be able to connect to ssh on that server with my laptop from my house or out of town, or from my dynamic ip on a SprintPCS broadband card.
So all I need is the server to lookup my no-ip.com address and rewrite the iptables rules from my (now) current ip address. So I can use it from anywhere, but I do not want the server to accept ssh from just any ip address in the world.
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
any news?
ASKER
Very complete!, code worked first time without change (except for my noip address), also included instructions for adding to cron (nice, makes a complete answer, so readers would not have to then go look that up).
Thank you!
Thank you!
http://ubuntulinuxhowto.blogspot.com/2006/06/dynamic-dns-no-ip.html