Modem / Router with inbound filter (for secure RDP)

I am searching for a modem/router with which I could limit the access to a specific port to a static hostname from a dynamic DNS provider (e. g. dyndns.org). That way I could use cryptic dynamic IP addresses to securely access the network (RDP).

I was searching for a good router that can do that, and was looking into LinkSys devices, but with no prevail.

Can anybody suggest a good router?
mrmutAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
giltjrConnect With a Mentor Commented:
O.K, reading the other question you posted I understand what you want to do and it is impractical.   As I posted in

http://www.experts-exchange.com/Networking/Broadband/DSL_Cable/Q_24362903.html#a24259264

When you receive an inbound connection request all a firewall sees is the source IP address, no host name.  IP does not pass host names.  You would need the authorization to update the PTR record for all of the source IP addresses you could get assigned and then write/modify firewall code to do a reverse DNS lookup for all inbound connections and then match the results to the list of hosts you want.

The problem is, in order to have authorization to update PTR records, the actually assignee (normally your ISP) of the IP addresses must delegate that authority to you.   Which most ISP will only delegate the authority if you are assigned a static block.  If you were assigned a static block you would not need to filter based on host name, you could just filter based on IP address.

0
 
giltjrCommented:
Most home routers today will allow you to do port forwarding for inbound traffic and support dynamic dns updates with some dynamic DNS service providers.

I know most Linksys devices do.
0
 
mrmutAuthor Commented:
Yes, I know, but I need to limit incoming traffic to a static hostname.
0
Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

 
giltjrCommented:
I'm not sure what you mean.  Firewalls work on IP addresses and ports, not host names.  In the IP world, 99% of the time host names are not passed so there is no way for a firewall to check them.

When you RDP to a desktop, the RDP client resloves the name to an IP address and then connects to the IP address, the firewall has no clue what host name you entered in.
0
 
mrmutAuthor Commented:
Thanks, I've done more research and decided to either go with VPN or with this scheme you've suggested.

Decided for Microtik routers www.mikrotik.com - they should be able to provide very robust and secure solution.
0
 
mrmutAuthor Commented:
(The suggested scheme/reversed lookup could be most easily implemented in mikrotik router.)
0
 
giltjrCommented:
The problem is you don't control the PTR record for the IP address, so you have no control over the host name that will be returned.  So you would have to allow every single host name that your ISP has assigned to the PTR records it controls.

You MIGHT be able to do a forward lookup on the fixed host name you want to allow, see what IP address is returned, and compare that to the IP address that is making the request.  But this is all custom code, nothing that is done by default.

VPN should work.
0
 
mrmutAuthor Commented:
"You MIGHT be able to do a forward lookup on the fixed host name you want to allow, see what IP address is returned, and compare that to the IP address that is making the request.  But this is all custom code, nothing that is done by default."

This is exactly what I've meant. :-)

VPN, otoh should work out of the box and I think that I will spare myself from all this scripting and configuring by simply using it.
0
All Courses

From novice to tech pro — start learning today.