 |
 |
SSH via internet
|
|
|
|
|
Forum Regular
Join Date: Aug 2006
Status:
Offline
|
|
Hi,
I have one external ip from my Comcast internet connect, on my LAN, I have several computers, they all connected to a router o share the internet and they all have their own local ip address. I obtained a domain name from DynDNS using the external ip. Now I am able to log on to the Mac remotely with this domain name. However, what do I need to do in order to be able to remote log in on in other computers? since there's only one external ip and multiple internal ips, I assume I need to configure the router, but how do I do that?
B.
|
|
|
| |
|
|
|
|
|
|
|
Junior Member
Join Date: May 2003
Status:
Offline
|
|
You need to configure the router to do port forwarding. Basically, you want incoming requests on <external ip>:<port x> to go to <internal ip>:<port 22>. I can't give you specifics as I'm not familiar with the router you are using, but somewhere in its setup/control panel/options/whatever should be an option for port forwarding. Give it the port you want to forward, and the internal ip and port to forward it to.
|
|
|
| |
|
|
|
|
|
|
|
Mac Elite
Join Date: Sep 2006
Status:
Offline
|
|
Yeah, but that only works for one internal computer at a time. In order to connect to any computer in house the router has to accept an incoming request and forward that request to both a defined internal IP address and it's SSH port. That is the killer. Basic routers can not do that.
|
|
|
| |
|
|
|
|
|
|
|
Forum Regular
Join Date: Aug 2006
Status:
Offline
|
|
Yea, that's exactly the problem I have. On the router, I have it configurated to forward SSH to port 22, which is the Mac, I have no problem logging on to it remotely, I am trying to find a way so I can log on to the other machines as well. It ough to be pretty simple if I have the reght gears.
I am using a Linksys WRT54G router, there is a section called Advance Routing. I am not sure if this is the place to do it and I am not sure how to use it. I wish I could post a snap shot of this so that you may have an idea what I need to do, but Macnn won't let me post attachment . 
BTW, do you know of any router can do this for sure? If I am going to get one, is there a name for this feature?
Thanks.
MacPC.
|
|
|
| |
|
|
|
|
|
|
|
Senior User
Join Date: Jul 2003
Location: Asia
Status:
Offline
|
|
Hi,
The only way I can think of to do this is to SSH out on different ports for each machine.
SSH normally outputs on port 22 by default. But if you add -p #### then it will ouput on port ####
So you could set the router to forward:
port 8122 to port 22 on machine 1's LAN address
port 8222 to port 22 on machine 2's LAN address
port 8322 to port 22 on machine 3's LAN address etc.
(Pretty much any router with port forwarding should be able to do this.)
Then when you want to connect to machine 2, e.g. you would use terminal command
ssh -p 8222 username@youripaddress
Hope that helps 
(Last edited by rjt1000; Dec 21, 2006 at 08:21 AM.
)
|
|
|
| |
|
|
|
|
|
|
|
Forum Regular
Join Date: Aug 2006
Status:
Offline
|
|
Thanks for the reply rjt.
How do I do this on the router?
"port 8122 to port 22 on machine 1's LAN address
port 8222 to port 22 on machine 2's LAN address
port 8322 to port 22 on machine 3's LAN address etc."
Is this this what's called port mapping? Are port maaping and port forwarding the same thing just different terminologies?
Sorry if it sounds like a dumb question. I am just starting to understand this network stuffs.
(Last edited by MacPC; Dec 21, 2006 at 01:13 PM.
)
|
|
|
| |
|
|
|
|
|
|
|
Forum Regular
Join Date: Aug 2006
Status:
Offline
|
|
Come to think of it, ideally, I should be able to type:
ssh xyz.DynDNS.com {something here] 192.168.1.100 to connect to machine 1
ssh xyz.DynDNS.com {something here] 192.168.1.101 to connect to machine 2
ssh xyz.DynDNS.com {something here] 192.168.1.102 to connect to machine 3
etc.
But how?
MacPC
|
|
|
| |
|
|
|
|
|
|
|
Clinically Insane
Join Date: Mar 2001
Location: yes
Status:
Offline
|
|
Why not just SSH into any machine, and then SSH out to the machine you wish to connect to? Adds an extra step, but it's a very simple solution.
|
|
|
| |
|
|
|
|
|
|
|
Mac Elite
Join Date: Sep 2006
Status:
Offline
|
|
Please post your results when you can! This is one of the more complicated issues in SOHO networking.
|
|
|
| |
|
|
|
|
|
|
|
Senior User
Join Date: Jun 1999
Location: San Jose, CA
Status:
Offline
|
|
Originally Posted by besson3c 
Why not just SSH into any machine, and then SSH out to the machine you wish to connect to? Adds an extra step, but it's a very simple solution.
Exactly what I was thinking. You can SSH into the one "public" machine (ie, the one that has port forwarding setup on your router). Then you can just ssh to the other machines from within that session (so you would be ssh'ing to 192 addresses, because now that you are in your network, you can access it locally).
So you would do something like:
ssh username@xyz.DynDNS.com
Then once it establishes a connection, initiate another ssh command (from within that same terminal session):
ssh username@192.168.1.X
where X is the last part of the IP of the machine on your local network you want to connect to. What this has done is created a tunnel from your remote machine to you "public" home machine. Then you created a tunnel from that home machine to another machine on your network
(Last edited by kupan787; Dec 21, 2006 at 05:23 PM.
)
|
|
|
| |
|
|
|
|
|
|
|
Forum Regular
Join Date: Aug 2006
Status:
Offline
|
|
Yea, I tried that and it works . I was think of a fancier solution, so that each mahince can have its own domain name.
MacPC
|
|
|
| |
|
|
|
|
|
|
|
Senior User
Join Date: Jul 2003
Location: Asia
Status:
Offline
|
|
Originally Posted by MacPC
Thanks for the reply rjt.
How do I do this on the router?
"port 8122 to port 22 on machine 1's LAN address
port 8222 to port 22 on machine 2's LAN address
port 8322 to port 22 on machine 3's LAN address etc."
Is this this what's called port mapping? Are port maaping and port forwarding the same thing just different terminologies?
Sorry if it sounds like a dumb question. I am just starting to understand this network stuffs.
Yes, some router manufacturer's call it port forwarding and some call it port mapping.
Opening the ssh tunnel to one machine and then a tunnel from there to the local machines is a solution I hadn't considered and probably the best choice if you will mostly be connecting to one main machine and only occasionally tunneling to the other machines. If you will be connecting to all of the machines regularly, it might be worth the extra effort to set up the routers port forwarding/ mapping as above so you can tunnel to each machine directly. BTW, hackers sometimes scan for open external port 22. Using nonstandard ports to access your router adds another barrier.
|
|
|
| |
|
|
|
|
|
|
|
Forum Regular
Join Date: Aug 2006
Status:
Offline
|
|
I just think of it, perhaps the answer is not port forwarding, it's ip forwarding. I read something about NAT host, which translate one external ip to internal ips, perhaps I shall pursuit that route?
This is getting more interesting.
MacPC
|
|
|
| |
|
|
|
|
|
|
|
Senior User
Join Date: Jul 2003
Location: Asia
Status:
Offline
|
|
Originally Posted by MacPC
I just think of it, perhaps the answer is not port forwarding, it's ip forwarding. I read something about NAT host, which translate one external ip to internal ips, perhaps I shall pursuit that route?
This is getting more interesting.
MacPC
You shouldnt need anything fancy to do what you want to do except a modern router. The setting goes by different names, but snoop around in your router set-up for one where you specify: if traffic comes into the router on port x that I want it sent to this LAN address on port y. It is usually in the form of a table.
If you have it setup already to forward incoming port 22 to a specific LAN address on port 22 then you have found the right setting.
Just add the additional specifications to forward traffic on the incoming ports you specify to the LAN address and ports you want.
e.g. if you currently have external port 22 mapped to 192.168.1.2 on port 22 the table currently looks something like this:
22 : 192.168.1.2 : 22
and if you change to the specifications mentioned in the thread, the table would look something like this:
8122 : 192.168.1.2 : 22
8222 : 192.168.1.3 : 22
8322 : 192.168.1.4 : 22
Then when you ssh you just have to remember to add the -p 8122 to reach 192.168.1.2 etc.
|
|
|
| |
|
|
|
|
|
|
|
Mac Elite
Join Date: Oct 2000
Location: Oakland, CA
Status:
Offline
|
|
What you want is a Port Trigger. This will route port 22 to any machine on the network.
|
|
|
| |
|
|
|
|
|
|
|
Senior User
Join Date: Jul 2003
Location: Asia
Status:
Offline
|
|
|
|
|
|
| |
|
|
|
|
|
|
|
Forum Regular
Join Date: Aug 2006
Status:
Offline
|
|
Thank you all for the info.
To rit :
"22 : 192.168.1.2 : 22
and if you change to the specifications mentioned in the thread, the table would look something like this:
8122 : 192.168.1.2 : 22
8222 : 192.168.1.3 : 22
8322 : 192.168.1.4 : 22
Then when you ssh you just have to remember to add the -p 8122 to reach 192.168.1.2 etc."
What you said makes sense, my problem now is how to configure the router to do it
And to exca1ibur, I do remember seeing something called prot trigger on my router. I am going to snoop into the router this weekend. Great way to spend a X'mas huh. I will post back on my findings.
Happy holidays everyone.
MacPC
|
|
|
| |
|
|
|
|
|
|
|
Clinically Insane
Join Date: Jun 2001
Location: planning a comeback !
Status:
Online
|
|
Originally Posted by exca1ibur
What you want is a Port Trigger. This will route port 22 to any machine on the network.
How is this supposed to work ?
If it goes to *ANY* machine, how would you address a *specific* machine ?
I don't think that's what port triggering is.
AFAIK, port triggering will open multiple ports to one single machine upon being activated (triggered) on ONE specific port.
-t
|
|
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
 
|
|
|
Forum Rules
|
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|
|
Top
