On Thu, 2008-05-15 at 15:44 +0100, Anne Wilson wrote: > On Thursday 15 May 2008 15:24, Patrick O'Callaghan wrote: > > > > Incoming to the mail server. Outgoing from your laptop. We're talking > > about configuring your laptop at Wifi hotspots aren't we? Or have I > > totally lost the plot? > > > I was thinking about configuring the server to accept my connections from > hotspots, but not unknown ones. Hotspots will almost invariably use NAT, so the IP address of the laptop as seen from *outside* the hotspot is going to be known beforehand. What you won't know is the port number since it's assigned dynamically by the hotspot's router, so you can't use a firewall to distinguish between different machines within the hotspot's coverage. It's pretty much all or nothing. I don't think a firewall filter is what you need here. > > (Nota Bene: "incoming" and "outgoing" has nothing to do with the > > direction the mail is flowing. The machine behind the firewall that > > sends the initial TCP request is the "outgoing" machine from the point > > of view of the firewall, whether it's sending mail or reading it). > > > I *think* I'm still with you :-) But still, the first decision is whether to > accept the connection, isn't it? > > > Maybe I'm misunderstanding what you're trying to do. > > > Worry not - I confuse myself at times :-) What I'm really trying to do is get > my head around the issues regarding working away from home. I have imap > mail set up, and was wondering whether to go further to allow access to my > files while away from home, but I need some basic background understanding > before I try to get specifics. Otherwise I don't know what is relevant > reading and what isn't :-) I'm assuming that I'd have to do something like a > vnc connection - but since I don't have the basics, I could be way off beam. If it's just IMAP mail, then use SSL encryption. If you really want to make sure the connection is coming from your laptop (and not from you using e.g. a cybercafe machine) then you can set up an SSH tunnel using tokens instead of passwords. You have to physically copy the SSH token to your laptop (e.g. via a USB key) but this is a once-only operation. Or in fact keep the token on the key and thus allow connection only when the key is plugged in :-) If you just want to browse your desktop remotely, then VNC or NX is what you need. These can also work over SSH using either tokens or passwords. This will also cover the email case. Note that copying a mail attachment locally to the laptop's hard drive gets a little more complicated in this scenario. If you want general access to your files from any local app on the laptop, you're looking at a VPN of some kind. This can also be done via SSH, or if you're more ambitious then look at IPSEC systems such as FreeSWAN. (My knowledge of these things is mostly theoretical so I can give you a rough idea how they are *supposed* to work but if you need a cheat-sheet then Google is your friend). poc -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list