Hi Folks,
A couple of distinct questions.
1. Computers on a LAN are "behind" an ADSL modem/router which faces out to the Net.
Seen from outside, this router has IP address
PPP.QQQ.RRR.SSS
From inside the LAN it can be accessed either from the above address or from an "internal" IP address
192.168.1.1
On the LAN are sundry machines with IP addresses
192.168.1.yyy
or (on a subnet)
192.168.0.zzz
Question: Is there any way by which one can address one of the "internal" machines from outside (i.e. the Net).
Clearly, for instance,
telnet PPP.QQQ.RRR.SSS
would at best connect to the router (which does respond to telnet, by the way).
What I'm wondering is if there's anything like
telnet @PPP.QQQ.RRR.SSS!192.168.1.yyy
i.e. to "route" the telnet request for connection to the internal machine at 192.168.1.yyy through the externally visible address PPP.QQQ.RRR.SSS
2. This one's a real Linux question!
Suppose the internal machines, instead of having static IP addresses set up on them, get dynamic IPs handed out by the router.
With the static IPs, each machine can have a /etc/hosts file which associates the IP address with the machines name within the LAN, including a short "nickname". E.g.
192.168.0.6 brandy.my.home.lan brandy br so, e.g., in the LAN I can do "telnet br".
But, with dynamic IPs, this association would break down. "brandy" would no longer have IP address 192.168.0.6
So -- What's the equivalent mechanism when dynamic IPs are used? If I do
telnet br
would this simply not work (because there's no IP/name association), or is there a mechanism whereby allocation of a dynamic IP address to brandy.my.home.lan would set up an association with this name (and to chosen nicknames "brandy", "br") as in the /etc/hosts file?
And, if so, where does it (and its components) reside?
Thanks, and best wishes to all, Ted.
-------------------------------------------------------------------- E-Mail: (Ted Harding) Ted.Harding@nessie.mcc.ac.uk Fax-to-email: +44 (0)870 094 0861 Date: 11-Jan-06 Time: 17:15:20 ------------------------------ XFMail ------------------------------
Ted Harding wrote:
A couple of distinct questions.
Computers on a LAN are "behind" an ADSL modem/router which faces out to the Net.
Seen from outside, this router has IP address
PPP.QQQ.RRR.SSS
From inside the LAN it can be accessed either from the above address or from an "internal" IP address
192.168.1.1
On the LAN are sundry machines with IP addresses
192.168.1.yyy
or (on a subnet)
192.168.0.zzz
Question: Is there any way by which one can address one of the "internal" machines from outside (i.e. the Net).
Clearly, for instance,
telnet PPP.QQQ.RRR.SSS
would at best connect to the router (which does respond to telnet, by the way).
What I'm wondering is if there's anything like
telnet @PPP.QQQ.RRR.SSS!192.168.1.yyy
i.e. to "route" the telnet request for connection to the internal machine at 192.168.1.yyy through the externally visible address PPP.QQQ.RRR.SSS
What you want is "Port Forwarding". Tell your server to forward a port to an internal address, for example if you forward port 1023 to port 23 on 192.168.1.17 then you can do "telnet PPP.QQQ.RRR.SSS 1023" and get connected to the machine at 192.168.1.17 - though I'd advise using SSH (port 22) rather than telnet.
Home routers tend to only support a limited number of forwarded ports - and they may call it something different (servers,gaming, and a few other things have been seen). One way round this is to port forward SSH to just one machine, then use the port tunneling facilities of SSH - this is what I do to access stuff at home.
For example "ssh -l <yourname> -L 10023:192.168.1.17:23 PPP.QQQ.RRR.SSS" will allow you to use "telnet localhost 10023" to connect to the second machine. I have a script with all the options for multiple port tunnels and X support to save all the typing !
This one's a real Linux question!
Suppose the internal machines, instead of having static IP addresses set up on them, get dynamic IPs handed out by the router.
Then you're screwed !
If you have one linux box at a fixed address and port forward SSH traffic to that, then you can look at the leases and see where you machine is now and adjust the ssh options to suit. This will be hard if you let the router do the DHCP, but if you use ISCs DHCP server and turn on dynamic DNS updates to an internal zones then you just have to do a host lookup ...
% ssh -l <yourname> PPP.QQQ.RRR.SSS Password: simon@saffy:~> host backupserver backupserver.<homedomain> has address 192.168.0.143 simon@saffy:~> logout Connection to saffy.thehobsons.co.uk closed. % ssh -l <yourname> -L 15900:192.168.0.143:5900 PPP.QQQ.RRR.SSS Password: simon@saffy:~>
The above show an ssh login, check the address of a machine, then reconnect with a port forwarded to allow a VNC connection.
Another advantage of this, is that the other services are not exposed to the internet, so you only have the one ssh server which if you set it up right should be fairly secure.
Of course, there is always the option of setting up a VPN tunnel, but that's not something I've bothered with yet.
Simon
On Wed, Jan 11, 2006 at 05:36:27PM +0000, Simon Hobson wrote:
Ted Harding wrote:
A couple of distinct questions.
- Computers on a LAN are "behind" an ADSL modem/router
which faces out to the Net.
Seen from outside, this router has IP address
PPP.QQQ.RRR.SSS
From inside the LAN it can be accessed either from the above address or from an "internal" IP address
192.168.1.1
On the LAN are sundry machines with IP addresses
192.168.1.yyy
or (on a subnet)
192.168.0.zzz
Question: Is there any way by which one can address one of the "internal" machines from outside (i.e. the Net).
Clearly, for instance,
telnet PPP.QQQ.RRR.SSS
would at best connect to the router (which does respond to telnet, by the way).
What I'm wondering is if there's anything like
telnet @PPP.QQQ.RRR.SSS!192.168.1.yyy
i.e. to "route" the telnet request for connection to the internal machine at 192.168.1.yyy through the externally visible address PPP.QQQ.RRR.SSS
What you want is "Port Forwarding". Tell your server to forward a
... for 'server' read 'router' in this instance.
port to an internal address, for example if you forward port 1023 to port 23 on 192.168.1.17 then you can do "telnet PPP.QQQ.RRR.SSS 1023" and get connected to the machine at 192.168.1.17 - though I'd advise using SSH (port 22) rather than telnet.
Home routers tend to only support a limited number of forwarded ports
- and they may call it something different (servers,gaming, and a few
other things have been seen). One way round this is to port forward SSH to just one machine, then use the port tunneling facilities of SSH - this is what I do to access stuff at home.
My Zyxel router has all this in the firewall set up. I have three rules set up at the moment and it's using 2% of the available space.
Q1
Depend on you dsl router, in the management interface look for Virtual Server or DMZ or Port Forwarding. You'll need to assign a different port to every internal host you want to access. For example PPP.QQQ.RRR.SSS port 8000 maps to 192.168.2.10 PPP.QQQ.RRR.SSS port 8001 maps to 192.168.2.11
To access them from the outside world telnet PPP.QQQ.RRR.SSS 8000 *should* get you to 192.168.2.10.
Of course ssh would be much better than telnet :)
Q2
You can have each internal computer assigned a static ip by a dhcp server. Or you can use bind9 and dhcpd from isc (www.isc.org), that way dhcpd can update the dns records.
Hope this helps
Stuart
Hi Folks,
A couple of distinct questions.
Computers on a LAN are "behind" an ADSL modem/router which faces out to the Net.
Seen from outside, this router has IP address
PPP.QQQ.RRR.SSS
From inside the LAN it can be accessed either from the above address or from an "internal" IP address
192.168.1.1
On the LAN are sundry machines with IP addresses
192.168.1.yyy
or (on a subnet)
192.168.0.zzz
Question: Is there any way by which one can address one of the "internal" machines from outside (i.e. the Net).
Clearly, for instance,
telnet PPP.QQQ.RRR.SSS
would at best connect to the router (which does respond to telnet, by the way).
What I'm wondering is if there's anything like
telnet @PPP.QQQ.RRR.SSS!192.168.1.yyy
i.e. to "route" the telnet request for connection to the internal machine at 192.168.1.yyy through the externally visible address PPP.QQQ.RRR.SSS
This one's a real Linux question!
Suppose the internal machines, instead of having static IP addresses set up on them, get dynamic IPs handed out by the router.
With the static IPs, each machine can have a /etc/hosts file which associates the IP address with the machines name within the LAN, including a short "nickname". E.g.
192.168.0.6 brandy.my.home.lan brandy br so, e.g., in the LAN I can do "telnet br".
But, with dynamic IPs, this association would break down. "brandy" would no longer have IP address 192.168.0.6
So -- What's the equivalent mechanism when dynamic IPs are used? If I do
telnet br
would this simply not work (because there's no IP/name association), or is there a mechanism whereby allocation of a dynamic IP address to brandy.my.home.lan would set up an association with this name (and to chosen nicknames "brandy", "br") as in the /etc/hosts file?
And, if so, where does it (and its components) reside?
Thanks, and best wishes to all, Ted.
E-Mail: (Ted Harding) Ted.Harding@nessie.mcc.ac.uk Fax-to-email: +44 (0)870 094 0861 Date: 11-Jan-06 Time: 17:15:20 ------------------------------ XFMail ------------------------------
main@lists.alug.org.uk http://www.alug.org.uk/ http://lists.alug.org.uk/mailman/listinfo/main Unsubscribe? See message headers or the web site above!
On 11-Jan-06 Ted Harding wrote:
Hi Folks,
A couple of distinct questions.
- Computers on a LAN are "behind" an ADSL modem/router which faces out to the Net.
[...]
Thanks to everyone for their learned and resourceful responses!
This has given me quite a lot to learn about, and I'm looking forward to that.
Best wishes to all, Ted.
-------------------------------------------------------------------- E-Mail: (Ted Harding) Ted.Harding@nessie.mcc.ac.uk Fax-to-email: +44 (0)870 094 0861 Date: 12-Jan-06 Time: 09:14:04 ------------------------------ XFMail ------------------------------