Re: expose internal network to the outside world

From: Roberto C. Sanchez (roberto_at_familiasanchez.net)
Date: 09/15/05

  • Next message: kamaraju kusumanchi: "Re: Freshness of packages" 
    Date: Wed, 14 Sep 2005 22:23:44 -0400
To: debian-user@lists.debian.org

    On Wed, Sep 14, 2005 at 10:16:49PM -0400, Matt Price wrote:
    > hi folks,
    >
    > I have 2 computers on a home network, connected to DSL through a modem
    > and a cheap SMC router (Barricade g = SMC2804WBRP-g). I would like to
    > be able to ssh into both of them form the outside world. I have
    > successfully set up "inadyn" to associate a stable URL (x.dyndns.org)
    > with my dynamic IP, which is great. Now the problem is to tunnel remote
    > ssh requests to the two local machines. I don't really understand this
    > very well (though I tried something similar about 2 years ago -- got
    > stumped then).
    >
    > As I understand it, what I need to do is set up some kind of a table
    > where external requests on particular ports are forwarded by the router
    > on to corresponding (perhaps not identical) ports on one or the other
    > local machine. SO I imagine something like this:
    >
    > from work, I type:
    >
    > ssh -p 2000 -l me mydomain.dyndns.org
    > which gets to the router; the router sees that it's supposed to forward
    > requests on port 2000 to 192.168.2.199; 192.168.2.199 picks up the
    > request and an ssh tunnel is formed
    >
    > on the other hand, if I type
    > ssh -p 3000 -l metoo mydomain.dyndns.org
    > the router sends the request to 192.168.2.254 instead.
    >
    > On my router confiugration screen, there seem to be 3 places where this
    > sort of thing can be done:
    > 1. "DDNS" -- here I'm allowed to have 1 static IP address designated as
    > a "server" ; requests on ports 80,21,and 25 (http, ftp, smtp) are
    > forwarded on to the "server". I've tried this and it works fine for
    > http at least (I get the standard debian default index page from my
    > local machine). But there seems to be no further flexibility.
    > 2. "NAT". This section comes with the following instructions:
    >
    > *Special Applications*
    >
    > Some applications require multiple connections, such as Internet gaming,
    > video conferencing, Internet telephony and others. These applications
    > cannot work when Network Address Translation (NAT) is enabled. If you
    > need to run applications that require multiple connections, specify the
    > port normally associated with an application in the "Trigger Port"
    > field, select the protocol type as TCP or UDP, then enter the public
    > ports associated with the trigger port to open them for inbound traffic.
    >
    > Note: The range of the Trigger Ports is from 1 to 65535.
    >
    > THen there's a tablei nwhich I can associate "trigger ports" with
    > "public ports". But I odn't think I really understand what this is
    > about, as thre seems to be no way to associate a particular local
    > machine with a forwarded port.
    >
    > 3. DMZ. THis screen lets me associate a local IP address (192.168.2.x)
    > with a public IP address. But this isn't what I want, is it? Because
    > after all I only have one constantly-changing IP address available to
    > me...
    >
    > Anyway -- I feel a little bit stumped. I wondered whether anyone else
    > had ideas about what I should do, whether I'm out of luck, etc.
    >
    I use shorewall for my firewall, which lets me specify in simple rules
    any ports I want forwarded and to which hosts they should be forwarded.
    Other than that, I am sure you could whip up a short iptables script to
    do what you want.

    -Roberto 

    -- 
Roberto C. Sanchez
http://familiasanchez.net/~roberto



    -- 
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
  • Next message: kamaraju kusumanchi: "Re: Freshness of packages"

    Relevant Pages

    • Re: Net Meeting and Ports
      ... I had TCPView open to try ... a View of the Porst & Endpoints, with the state of the Connections etc. ... which other Ports & Protocols to use. ... > I opened up a range of ports on the router and tried calling Aries ...
      (uk.people.silversurfers)
    • Re: incoming connection port 80
      ... connections if ports are blocked? ... does indeed require that the router _somehow_ be configured to forward ... nothing you can do short of changing the firewall configuration is ...
      (comp.lang.java.programmer)
    • Re: incoming connection port 80
      ... Bit Torrent connects out to a server, it does not accept incoming connections. ... Its incoming connections are not low number ports and have to be specifically enabled on the router/firewall or it won't work well. ... an application that has a listening TCP socket does indeed require that the router _somehow_ be configured to forward connection requests to that socket. ... changing the firewall configuration is not something that would be done automatically by a software client without any user intervention. ...
      (comp.lang.java.programmer)
    • Re: Port 25 connections?
      ... The domain I use to post here and elsewhere gets typically 3000 SMTP connections a day, of which about 100 are genuine. ... I don't bother collecting router logs, so there is probably about the same number originating in the APNIC area, which my main firewall blocks and which never make it to the mail server logs. ... Typically high-numbered ports are used for outgoing connections, so if you're receiving connection *from* those ports, or making outgoing connections *from* them it's OK. ...
      (microsoft.public.windows.server.sbs)
    • Re: ssh may be crashing my Linksys router
      ... I will log in to my home server from afar ... > using ssh, on a port other than the usual ssh port. ... > router so that my server is accessible. ... screwing up SSH connections, a bit of payback is only fair :-) ...
      (comp.security.ssh)