Sam Fourman Jr. wrote: > hello misc@ > > I am PRETTY sure there is no way to do a pf rdr command based on a hostname > and I am just trying to confirm this > Maybe I could somehow use hostated? > > What I want to do is have 4 seprate Windows XP Professional workstations > with 192.168.x.x address behind a pf firewall > > and be able to Remote Desktop From an outside location to anyone of the > workstations based on hostname > > eg have 4 hostnames point to the same public ip > then pf will rdr to the correct Workstation based on the hostname that is > specified.
as stated, you can't do what you want to do the way you propose doing it. But as others have already done, just change the definition of the game. Do you REALLY want remote desktop sitting live on the 'net? That's one heck of a hole to punch in your firewall. If SO, here are a couple other ideas: 1) authpf: People log into the firewall, which establishes the link to THEIR computer. Pros: fairly simple to configure, no changes needed to Windows on either end. Con: If you have multiple people on one public IP (i.e., behind NAT), they will rapidly begin to dislike this idea (second person will kick off first) 2) SSH tunnels: On firewall or even extra machine, let people login using PuTTY from their Windows workstation, and establish a tunnel to their target workstation. Fairly simple, walked a lot of novices through it over the phone. Pros: Absurdly simple to configure on OpenBSD end in the most trivial configuration, but can be locked down more if you so desire. Cons: some config needed on remote side, though can be automated with .REG files or batch files. On XP, you have to change the port on the client side, so Windows doesn't say, "HEY! You are connecting to me! That could be bad!" and keep it from working. Personally, I'd go for the tunnels. Both these systems have the advantage that you are making the first step of the connection through OpenBSD, rather than dangling a likely "soft" target (Windows RDP) out on the 'net directly. If nothing else, you can at least monitor who has logged in from where easily enough and look for oddities. And yes, rdesktop run on OpenBSD rocks. Nick.
