Opening port to FQDN in Centos?
Hi
I have a remote worker that needs access to my server for development processes.
They only have a dynamic ip address and using a VPN isnt very practical in this paticular situation.
Am i able to use iptables to open up a port to just their ddns.org fqdn?
thanks
I have a remote worker that needs access to my server for development processes.
They only have a dynamic ip address and using a VPN isnt very practical in this paticular situation.
Am i able to use iptables to open up a port to just their ddns.org fqdn?
thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Slightly depends on the actual implementation, most i know of will translate when the tunnel is started.
For iptables it will translate when the command is executed. Be in for a surpise when a name translates to several addresses... the address will change for each invocation. And the name cannot be used to REMOVE the entry as there is no name association for iptables.
Without remove you will start to add "all" addresses of that provider (depending on how often the address change).
Oh btw, the iptables "restart" (service iptables restart / systemctl restart iptables) wil only handle the IP addresses.
You will need to regularly run the iptables -I ... to insert a new rule and be sure to remove the old one (which CANNOT by done by name).
Effectively the internet runs without names, name resolution etc. is a bolt-on for human(oid)s.
For iptables it will translate when the command is executed. Be in for a surpise when a name translates to several addresses... the address will change for each invocation. And the name cannot be used to REMOVE the entry as there is no name association for iptables.
Without remove you will start to add "all" addresses of that provider (depending on how often the address change).
Oh btw, the iptables "restart" (service iptables restart / systemctl restart iptables) wil only handle the IP addresses.
You will need to regularly run the iptables -I ... to insert a new rule and be sure to remove the old one (which CANNOT by done by name).
Effectively the internet runs without names, name resolution etc. is a bolt-on for human(oid)s.
ASKER
Went down the openvpn route, thanks for the idea.
cheers
cheers
ASKER
I will look at possibly installing open vpn on the server.