![]() ![]() To open a port-forward for a user who do not understand the concept and risk is not a good solution - especially not if it is only to avoid a reverse port-forward ssh command (which is on the other hand an example for real good practice: the user has to act to let some third party in). Between the DMZ and the private network there is a firewall located also (the same as between public and DMZ in small setups and a separated one in better protected networks). Between the public networ and the DMZ we put a firewall. If there is a port-forward forwarding from unsecure public networks to a machine on a private network this concept is broken.Īctually we put any resources we want to have reachable from unsecure public networks into their own broadcast domain we call DMZ (de-militarized zone). I wouldn’t recommend this: A large part of security for inexperienced users is that they are in a private network not reachable from public networks. Optionally at this point, you could set up port forwarding on their router so as to bypass the need for reverse tunneling over SSH. Of course, none of this will work if the inexperienced user breaks his or her network. I totally get why you want an easier solution but then if the teamviewer client is not installed on the user’s computer then teamviewer is not a zero-experience solution either. The net effect is that you might have to communicate via the phone (or, better, via email) one shell command to execute (or two if the other user doesn’t currently have an SSH server running). Optionally at this point, you could set up port forwarding on their router so as to bypass the need for reverse tunneling over SSH.( remmina also supports RDP but that is more useful for remote access into a Microsoft Windows computer.) Yes, you can use remmina for this but there are other VNC client choices for you. You then VNC in (VNC-over-SSH, reverse tunneled). ![]()
0 Comments
Leave a Reply. |