[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: limiting access thru pptp

[stephan beirer <beirer-debfw@itb.biologie.hu-berlin.de> wrote on Wed Oct 29, 2003 at 23:40:36PM +0100 To debian-firewall@lists.debian.org]:

Hi all,

thanks to all for your suggestions about my pptp-problem, especially
for clarifying about the use of the {pap,chap}-secrets file with
static ips (as a non-native speaker i misunderstood the docs :))

i think my problem is solved, i'm gonna setup a test-environment and
try it out.

thanks again, you helped me a lot, cheers: stephan.

> Hi list,

[stuff deleted]

> the problem is that i'll have to allow some database guys remote
> access to their Win 2003 Server to the Terminal Server Service so that
> they can maintain their DB. i don't want to open our whole network to
> them, just let them access their server. the first idea that came to my mind
> is that i could forward the port of the Terminal Server Service (it's
> 3389/tcp - please correct me if i'm wrong) to the Win 2003 Server
> machine. but i think i'll not know their source ip, so i would have to
> open that port to the whole world, which i would like to avoid at all
> costs. 
> So I came up with the second idea of using the pptp on the firewall,
> create an account for the database guys there and somehow restrict
> their access to the ip of their w3k machine (while my account still
> has access to the whole network). i think that could easily be
> implemented as a fw rule if i could force pptpd or pppd to assign a
> static ip to their user login. but scanning the docs of pptpd and pppd
> i couldn't find a way to assign a static ip to a special login name. 

Reply to: