Topic: Remote access from hotspots.

[arne]

As I finaly in the end found a way to do the hotspot access (and telephony) without replacing the original firewall and such "ugly things", it was my intention to post a howto in the wiki. I don't know if my account is locked off or restricted in some way, but I were not able to do any posting in the wiki.

I think it would be a good thing to make such a howto, also with some pictures, as the explanations of how to set up the tunnels often is explained as sometning more difficult than it has to be, in the guides found on the net.

Can the wiki be used while logged on as a ordinary user, or will it be required some kind of additional account ?

[stephen noble]

http://wiki.contribs.org/Help:Contents
To help edit this wiki, ...... <Click Link> (and be patient)

[stephen noble]

and if you think you have answered this bug close it, ta
http://bugs.contribs.org/show_bug.cgi?id=3278

[arne]

Yes and no. The problem how to set up a third network adapter has been solved. The soulution ha been tested over some time, it ha been tested with port scanners and diverse hacker tools and there is no problem. On the other hand this third adpapter problem is solved using the only way, I guess it can be solved, by taking a look into the underlaying Netfilter firewall. On the other hand, the only way of solving the 3'rd adapter problem is not considered as a "illegal" way to modify the SME server. When "the only way" is considered to be "the the illegal way", then this problem will remain to be unsolvable, until the method that will solve this problem is accepted.

When it comes to the question of making access from restricted lan and wlan zones, hotspots etc, this is a question that can also be solved quite easy using the UNmodified SME 7.3 firewall.

I will try to make a WIKI Howto for this last variant. (Just found out how to make logon for the WIKI.)   

[slords]

Yes and no. The problem how to set up a third network adapter has been solved. The soulution ha been tested over some time, it ha been tested with port scanners and diverse hacker tools and there is no problem. On the other hand this third adpapter problem is solved using the only way, I guess it can be solved, by taking a look into the underlaying Netfilter firewall. On the other hand, the only way of solving the 3'rd adapter problem is not considered as a "illegal" way to modify the SME server. When "the only way" is considered to be "the the illegal way", then this problem will remain to be unsolvable, until the method that will solve this problem is accepted.

There is more then one way to skin a cat.  I've worked on an updated firewall script for sme and wrote it in a way that not only obeys the rules of sme but also allow unlimited network interfaces.  I've not done much work on it lately because I didn't like the way I was doing some things.

Don't assume that your way is the only way.  Also don't assume that you are the only one that thinks of, or considers the security of the firewall on sme.  There are a number of us that have worked in or done security on linux.  Just because something hasn't changed in a number of years doesn't mean that it is insecure.