Ticket #3084 (new feature request)
remote desktop - nat passtrough.
| Reported by: | itech.services@… | Owned by: | jacalvo@… |
|---|---|---|---|
| Milestone: | nice to have someday | Component: | base |
| Severity: | normal | Keywords: | |
| Cc: |
Description
when you have installed zentyal on a remote network, for example a remote office. you may eventually face the need to be able to support users.
but since ip adresses are not abundant, not every pc will be acessible to be viewed remotely. this is why a lot of people had designed ways to bypass a nat. with clients for rdp vnc or freeNX. there are all sorts of solutions out there.
could zentyal implement a 'remote access / support' feature where for example vnc-reflector is running on the zentyal machine. so that outside people, could take controll of any pc located on a zentyal powered network. either for support, or an alternative to vpn, this would be a great feature.
for example take a look at: http://sourceforge.net/projects/vnc-reflector/
The method here I see as a bad idea. Its extra software operating on system fully exposed to network.
http://www.cipherdyne.org/fwknop/ I would say is the best solution. This would be a security upgrade since the ssh port and other exposed ports could be hidden to everyone who does not know the packet to send.
Next is fwknop single packets can assign the same port many times going to different locations inside based on the source ip address. The forwarding is depending on basic iptable redirection. So this one solution would support rdp, vnc, freeNX or anything else a person dreams up. Like some of the existing services like the internal jabber or hiding the openvpn server. The thing is the assigned paths would have to be setup in advance.