Modem / Router with inbound filter (for secure RDP)
I am searching for a modem/router with which I could limit the access to a specific port to a static hostname from a dynamic DNS provider (e. g. dyndns.org). That way I could use cryptic dynamic IP addresses to securely access the network (RDP).
I was searching for a good router that can do that, and was looking into LinkSys devices, but with no prevail.
Can anybody suggest a good router?
I was searching for a good router that can do that, and was looking into LinkSys devices, but with no prevail.
Can anybody suggest a good router?
ASKER
Yes, I know, but I need to limit incoming traffic to a static hostname.
I'm not sure what you mean. Firewalls work on IP addresses and ports, not host names. In the IP world, 99% of the time host names are not passed so there is no way for a firewall to check them.
When you RDP to a desktop, the RDP client resloves the name to an IP address and then connects to the IP address, the firewall has no clue what host name you entered in.
When you RDP to a desktop, the RDP client resloves the name to an IP address and then connects to the IP address, the firewall has no clue what host name you entered in.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks, I've done more research and decided to either go with VPN or with this scheme you've suggested.
Decided for Microtik routers www.mikrotik.com - they should be able to provide very robust and secure solution.
Decided for Microtik routers www.mikrotik.com - they should be able to provide very robust and secure solution.
ASKER
(The suggested scheme/reversed lookup could be most easily implemented in mikrotik router.)
The problem is you don't control the PTR record for the IP address, so you have no control over the host name that will be returned. So you would have to allow every single host name that your ISP has assigned to the PTR records it controls.
You MIGHT be able to do a forward lookup on the fixed host name you want to allow, see what IP address is returned, and compare that to the IP address that is making the request. But this is all custom code, nothing that is done by default.
VPN should work.
You MIGHT be able to do a forward lookup on the fixed host name you want to allow, see what IP address is returned, and compare that to the IP address that is making the request. But this is all custom code, nothing that is done by default.
VPN should work.
ASKER
"You MIGHT be able to do a forward lookup on the fixed host name you want to allow, see what IP address is returned, and compare that to the IP address that is making the request. But this is all custom code, nothing that is done by default."
This is exactly what I've meant. :-)
VPN, otoh should work out of the box and I think that I will spare myself from all this scripting and configuring by simply using it.
This is exactly what I've meant. :-)
VPN, otoh should work out of the box and I think that I will spare myself from all this scripting and configuring by simply using it.
I know most Linksys devices do.