Hi all,

Here is my situation.

My office LAN is protected by a linux firewall/gateway which is then connected to a hardware router which then connects to the Internet.

Our head office IT department has a win2000 machine in our office that runs laplink so that they can connect to our network. I know this is not the best or most secure setup, but it is that way by their request.

Basically I need to open port 1547 on my hardware router (done) and forward that port to the linux firewall/gateway (done). I know at this point I can just use prerouting to send that port traffic to the windows machine running laplink, but to me that just sounds like a bad idea as I have just open a path from the outside world to a windows machine. I feel like I might as well advertise tours of my network to any and all who want to see it.

Is there anything I can do with a few iptable rules that will allow me to put some sort of security layer on this connection. I know I can restrict the IP addresses that are allowed to connect to that resource, but they connect to us from various locations so that would not work out so well.

Thank you for any suggestions
mdkelly

I haven't used it much and would not really know if it could be used in the way I am thinkihg of. Could you set up a squid proxy (maybe even transparent) and use that to maintain some security?

Wondering if LL can be tunneled? (Never used it myself.)

Thank you for your responses.

I will look into the squid proxy solution, although the box in question is already behind a hardware router and a Linux firewall. Adding another level may get a bit too complex, but I will look.

I have no control over how they connect to the office. Basically the box was given to us and it sits in the back room so SSH or any other tunneling protocol is out. The solution has to be on this end only.


Thanks again
mdkelly