1

I dont know if this is the correct place to ask this question but here goes ..

(please note that I am pretty much a newbie in terms of networking and I work primarily on the windows platform)

I have been working on accessing and consuming some web services in C#/ASP.Net, these web services that I consume are IP restricted. Currently they allow access only from my work network (we have a static ip set up through which all our internet requests are routed).

Every now and then we have people who go out and about and are stuck with using a usb dongle based internet connection and hence are not able to now access these web services that they are working on.

What I would like to do is to provide some way for these remote workers to access the IP restricted web services using the static ip at our office. For example when the remote worker tries to access a service say http://exampleService.com .. the request gets routed to some box at our office and then out to the actual service. That way the service always sees the static ip of the office and not the dynamic ip that the remote user is actually using.

I have done a fair bit of googling and its difficult to search for it as most of the results come back for dynamic DNS which is not really what I am looking for.

I have also looked at a couple of posts on here namely Accessing IP restricted server from dynamic IP
which does provide some insight but the fellow seems to have access to the source that does the ip restriction and is able to change the restrictions. In my case i dont have that access. another one that looked interesting was Static IP for dynamic IP the first answer seems exactly what I need but I dont know how I would go about doing the same on a windows machine.

any help would be really appreciated. (am sorry about being soo noob-ish)

PS: Right now everyone is using RDC/LogMeIn to access an internet connected machine in the office to manually check the webservice and getting work done. Which is a very tedious process.

3 Answers3

1

I'd recommend setting up mobile VPN access for your mobile workforce, regardless, but upon doing so (and forcing all traffic through the VPN gateway vs. split tunnelling), they would be surfing the Internet through your work Internet connection and thus would have direct access to the Web Services.

Pick your poison: Windows Servers come with Routing and Remote Access for PPTP (not recommended) and most commercial/business-class firewalls have some sort of VPN server on them (if you post the make/model of your firewall at the office, we can tell you what it can and cannot do).

gravyface
  • 13,947
  • 16
  • 65
  • 100
  • yeah i did think of VPN but isnt it over kill for what i need The vpn would give me access to everything while all i just need simple routing. I thought there would be a less painfull way to do this some way to bounce traffic off a trusted IP. – Joel Alenchery Jan 06 '11 at 15:36
  • VPN should be used regardless for remote access: it's the defacto, secure way of encrypting and authenticating remote users from an untrusted network. You could setup a proxy server listening on your public IP address at the office, but how do you authenticate it? You can't leave it open or it would be abused/exploited. – gravyface Jan 06 '11 at 15:48
1

If you don't want to (or can't) use VPN, perhaps SSH might be an option. A Windows port of OpenSSH exists, which should allow you to set up a tunnel. Alternatively, you can set up an authenticating SOCKS proxy using FreeProxy.

  • I know where you're going with this, and it'll work, but if you have to go around and touch all these machines, you might as well setup a proper VPN that's going to be much more supported/easier to implement. – gravyface Jan 06 '11 at 16:50
  • No, you don't have to touch all the machines, merely the one with a static IP. If that's behind a NAT, you simply have to forward the port. For the first solution, you do need a SSH client on all the machines, but with PuTTY, that's only a question of unzipping the files. – Chinmay Kanchi Jan 06 '11 at 18:07
  • I did finally manage to make something work .. as a test using this http://www.dotcomunderground.com/blogs/2008/12/11/putty-ssh-tunnel-to-hide-ip/ as a guide. For the ssh server I made a free account on shellmix.com who provide free shell accounts. This was all just a test to see if the method would work. Now I plan to get OpenSSH installed on one of the machines at work and try and connect to that and finally to configure my machine to use the socks proxy that i have made using ssh to route all traffic though it. – Joel Alenchery Jan 07 '11 at 05:59
  • Yikes, but whatever floats your boat dude. – gravyface Jan 07 '11 at 17:38
1

I have to say that gravyface is right VPN is probably you best solution.

If you could answer what equipment manages your the internet connection you will get a more refined answer for your question.

I did note however that you use logmein, they do have the vpn Hamachi(2) service you may want to look into. As you do have the account at this point in time you may just want to add that to your account and move on.

Another option is the Authentication based proxy server, there are many flavors of this available from Cisco, IBM etc. or if there is an external facing linux box on your network apache&squid would work too.

Dan M.
  • 143
  • 6
  • I did try using Hamachi service but couldn't get it to connect to the Hamachi network for some reason. Could be beacuse I am trying to use it from a gulf country (Muscat, Oman) where they have some kind of government firewall in place. Plus am using a GSM modem to connect to a 3G network here. I am currently exploring the VPN option. – Joel Alenchery Jan 06 '11 at 17:25