On Thursday 15 May 2008 16:08, Patrick O'Callaghan wrote: > On Thu, 2008-05-15 at 15:44 +0100, Anne Wilson wrote: > > On Thursday 15 May 2008 15:24, Patrick O'Callaghan wrote: > > > Incoming to the mail server. Outgoing from your laptop. We're talking > > > about configuring your laptop at Wifi hotspots aren't we? Or have I > > > totally lost the plot? > > > > I was thinking about configuring the server to accept my connections from > > hotspots, but not unknown ones. > > Hotspots will almost invariably use NAT, so the IP address of the laptop > as seen from *outside* the hotspot is going to be known beforehand. What > you won't know is the port number since it's assigned dynamically by the > hotspot's router, so you can't use a firewall to distinguish between > different machines within the hotspot's coverage. It's pretty much all > or nothing. I don't think a firewall filter is what you need here. > > > > (Nota Bene: "incoming" and "outgoing" has nothing to do with the > > > direction the mail is flowing. The machine behind the firewall that > > > sends the initial TCP request is the "outgoing" machine from the point > > > of view of the firewall, whether it's sending mail or reading it). > > > > I *think* I'm still with you :-) But still, the first decision is > > whether to accept the connection, isn't it? > > > > > Maybe I'm misunderstanding what you're trying to do. > > > > Worry not - I confuse myself at times :-) What I'm really trying to do > > is get my head around the issues regarding working away from home. I > > have imap mail set up, and was wondering whether to go further to allow > > access to my files while away from home, but I need some basic background > > understanding before I try to get specifics. Otherwise I don't know what > > is relevant reading and what isn't :-) I'm assuming that I'd have to do > > something like a vnc connection - but since I don't have the basics, I > > could be way off beam. > > If it's just IMAP mail, then use SSL encryption. > > If you really want to make sure the connection is coming from your > laptop (and not from you using e.g. a cybercafe machine) then you can > set up an SSH tunnel using tokens instead of passwords. You have to > physically copy the SSH token to your laptop (e.g. via a USB key) but > this is a once-only operation. Or in fact keep the token on the key and > thus allow connection only when the key is plugged in :-) > > If you just want to browse your desktop remotely, then VNC or NX is what > you need. These can also work over SSH using either tokens or passwords. > This will also cover the email case. Note that copying a mail attachment > locally to the laptop's hard drive gets a little more complicated in > this scenario. > > If you want general access to your files from any local app on the > laptop, you're looking at a VPN of some kind. This can also be done via > SSH, or if you're more ambitious then look at IPSEC systems such as > FreeSWAN. > > (My knowledge of these things is mostly theoretical so I can give you a > rough idea how they are *supposed* to work but if you need a cheat-sheet > then Google is your friend). > OK, lots to think about then. Thanks, Patrick. Anne -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
