expose internal network to the outside world

Matt Price matt.price-H217xnMUJC0sA/PxXw9srA at public.gmane.org
Thu Sep 15 02:19:12 UTC 2005 

hi folks,

I have 2 computers on a home network, connected to Sympatico DSL through
a modem
and a cheap SMC router (Barricade  g = SMC2804WBRP-g).  I would like to
be able to ssh into both of them form the outside world.  I have
successfully set up "inadyn" to associate a stable URL (x.dyndns.org)
with my dynamic IP, which is great.  Now the problem is to tunnel remote
ssh requests to the two local machines.  I don't really understand this
very well (though I tried something similar about 2 years ago -- got
stumped then).

As I understand it, what I need to do is set up some kind of a table
where external requests on particular ports are forwarded by the router
on to corresponding (perhaps not identical) ports on one or the other
local machine.  SO I imagine something like this:

from work, I type:

ssh -p 2000 -l me mydomain.dyndns.org
which gets to the router; the router sees that it's supposed to forward
requests on port 2000 to 192.168.2.199; 192.168.2.199 picks up the
request and an ssh tunnel is formed

on the other hand, if I type
ssh -p 3000 -l metoo mydomain.dyndns.org
the router sends the request to 192.168.2.254 instead.
(even better would be to control destination by hostname, eg.
1.mydomain.dyndns.org, 2.mydoain.dyndns.org, etc -- but I think this is
unlikely to work).


On my router confiugration screen, there seem to be 3 places where this
sort of thing can be done:
1. "DDNS" -- here I'm allowed to have 1 static local IP address
designated as
a "server" ; requests on ports 80,21,and 25 (http, ftp, smtp) are
forwarded on to the "server".  I've tried this and it works fine for
http at least (I get the standard debian default index page from my
local machine).  But there seems to be no further flexibility.
2. "NAT".  This section comes with the following instructions:

*Special Applications*

Some applications require multiple connections, such as Internet gaming,
video conferencing, Internet telephony and others. These applications
cannot work when Network Address Translation (NAT) is enabled. If you
need to run applications that require multiple connections, specify the
port normally associated with an application in the "Trigger Port"
field, select the protocol type as TCP or UDP, then enter the public
ports associated with the trigger port to open them for inbound traffic.

Note: The range of the Trigger Ports is from 1 to 65535.

THen there's a table in which I can associate "trigger ports" with
"public ports".  But I don't think I really understand what this is
about, as thre seems to be no way to associate a particular local
machine with a forwarded port.

3. DMZ.  THis screen lets me associate a local IP address (192.168.2.x)
with a public IP address.  But this isn't what I want, is it?  Because
after all I only have one constantly-changing IP address available to
me...

Anyway -- I feel a little bit stumped.  I wondered whether anyone else
had ideas about what I should do, whether I'm out of luck, etc.

THanks much,

matt



--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml

More information about the Legacy mailing list