Hi,

To be honest, you'd be better off using PPTP if coming from Windoze or IPSEC (FreeSWAN) if Linux. You can then firewall the resulting ppp* or ipsec* device to control access.

Your proposal begs the question "when do I close the hole?". We solved

I wont a bidirectional communication to get the hole. My actual idea is to play with the source-ports and simulate a connection to the server on a often used destination port, e.g. tcp 80, dont care a httpd is runing there. This should look like "normal" traffic, not know where the advantage is, yet :O) this by

establishing a connection that was open for the duration. It works as follows:

When I logout myself via .bash_logout e.g.

Nominate a port. can be udp but tcp preferred. The port should be one that should not attract much attention. Client calls server Server issues challenge Client responds Server opens firewall eg you drop into a jump to a pre-defined chain. After a timeout (60s/5m/or what you want) Server issues a new challenge Client responds. If no response, Server closes firewall If tcp is used, you can also close firewall when connection drops.

A time-out can be a good idea, e.g. my connection died before i closed the hole again. regards Michael