Leo
On 9/14/05, Roberto C. Sanchez <[EMAIL PROTECTED]> wrote:
On Wed, Sep 14, 2005 at 10:16:49PM -0400, Matt Price wrote:
> hi folks,
>
> I have 2 computers on a home network, connected to DSL through a modem
> and a cheap SMC router (Barricade g = SMC2804WBRP-g). I would like to
> be able to ssh into both of them form the outside world. I have
> successfully set up "inadyn" to associate a stable URL (x.dyndns.org)
> with my dynamic IP, which is great. Now the problem is to tunnel remote
> ssh requests to the two local machines. I don't really understand this
> very well (though I tried something similar about 2 years ago -- got
> stumped then).
>
> As I understand it, what I need to do is set up some kind of a table
> where external requests on particular ports are forwarded by the router
> on to corresponding (perhaps not identical) ports on one or the other
> local machine. SO I imagine something like this:
>
> from work, I type:
>
> ssh -p 2000 -l me mydomain.dyndns.org
> which gets to the router; the router sees that it's supposed to forward
> requests on port 2000 to 192.168.2.199; 192.168.2.199 picks up the
> request and an ssh tunnel is formed
>
> on the other hand, if I type
> ssh -p 3000 -l metoo mydomain.dyndns.org
> the router sends the request to 192.168.2.254 instead.
>
> On my router confiugration screen, there seem to be 3 places where this
> sort of thing can be done:
> 1. "DDNS" -- here I'm allowed to have 1 static IP address designated as
> a "server" ; requests on ports 80,21,and 25 (http, ftp, smtp) are
> forwarded on to the "server". I've tried this and it works fine for
> http at least (I get the standard debian default index page from my
> local machine). But there seems to be no further flexibility.
> 2. "NAT". This section comes with the following instructions:
>
> *Special Applications*
>
> Some applications require multiple connections, such as Internet gaming,
> video conferencing, Internet telephony and others. These applications
> cannot work when Network Address Translation (NAT) is enabled. If you
> need to run applications that require multiple connections, specify the
> port normally associated with an application in the "Trigger Port"
> field, select the protocol type as TCP or UDP, then enter the public
> ports associated with the trigger port to open them for inbound traffic.
>
> Note: The range of the Trigger Ports is from 1 to 65535.
>
> THen there's a tablei nwhich I can associate "trigger ports" with
> "public ports". But I odn't think I really understand what this is
> about, as thre seems to be no way to associate a particular local
> machine with a forwarded port.
>
> 3. DMZ. THis screen lets me associate a local IP address ( 192.168.2.x)
> with a public IP address. But this isn't what I want, is it? Because
> after all I only have one constantly-changing IP address available to
> me...
>
> Anyway -- I feel a little bit stumped. I wondered whether anyone else
> had ideas about what I should do, whether I'm out of luck, etc.
>
I use shorewall for my firewall, which lets me specify in simple rules
any ports I want forwarded and to which hosts they should be forwarded.
Other than that, I am sure you could whip up a short iptables script to
do what you want.
-Roberto
--
Roberto C. Sanchez
http://familiasanchez.net/~roberto
