expose internal network to the outside world

Alex Beamish talexb-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Thu Sep 15 02:40:29 UTC 2005 

Hi Matt,

I believe what you want is port forwarding, or what you referred to as 
'trigger ports'.

As you described, a call on port 1000 will go to one machine, and a call to 
port 2000 will go to another machine.

I believe if you had a real firewall instead of a little router (I have a 
Netgear, same kind of box as yours), you could have subdomains, because 
dyndns.org <http://dyndns.org> would pass
1.mydomain.dyndns.org<http://1.mydomain.dyndns.org>to your machine,
identified as
mydomain.dyndns.org <http://mydomain.dyndns.org> for further subdomain 
resolution. But I'll be happy to hear an explanation from someone who knows 
what they're talking about.

I use dyndns.org <http://dyndns.org> and port forwarding myself -- works 
beautifully.

Alex

On 9/14/05, Matt Price <matt.price-H217xnMUJC0sA/PxXw9srA at public.gmane.org> wrote:
> 
> hi folks,
> 
> I have 2 computers on a home network, connected to Sympatico DSL through
> a modem
> and a cheap SMC router (Barricade g = SMC2804WBRP-g). I would like to
> be able to ssh into both of them form the outside world. I have
> successfully set up "inadyn" to associate a stable URL (x.dyndns.org<http://x.dyndns.org>
> )
> with my dynamic IP, which is great. Now the problem is to tunnel remote
> ssh requests to the two local machines. I don't really understand this
> very well (though I tried something similar about 2 years ago -- got
> stumped then).
> 
> As I understand it, what I need to do is set up some kind of a table
> where external requests on particular ports are forwarded by the router
> on to corresponding (perhaps not identical) ports on one or the other
> local machine. SO I imagine something like this:
> 
> from work, I type:
> 
> ssh -p 2000 -l me mydomain.dyndns.org <http://mydomain.dyndns.org>
> which gets to the router; the router sees that it's supposed to forward
> requests on port 2000 to 192.168.2.199 <http://192.168.2.199>; 
> 192.168.2.199 <http://192.168.2.199> picks up the
> request and an ssh tunnel is formed
> 
> on the other hand, if I type
> ssh -p 3000 -l metoo mydomain.dyndns.org <http://mydomain.dyndns.org>
> the router sends the request to 192.168.2.254 <http://192.168.2.254>instead.
> (even better would be to control destination by hostname, eg.
> 1.mydomain.dyndns.org <http://1.mydomain.dyndns.org>, 2.mydoain.dyndns.org<http://2.mydoain.dyndns.org>, 
> etc -- but I think this is
> unlikely to work).
> 
> 
> On my router confiugration screen, there seem to be 3 places where this
> sort of thing can be done:
> 1. "DDNS" -- here I'm allowed to have 1 static local IP address
> designated as
> a "server" ; requests on ports 80,21,and 25 (http, ftp, smtp) are
> forwarded on to the "server". I've tried this and it works fine for
> http at least (I get the standard debian default index page from my
> local machine). But there seems to be no further flexibility.
> 2. "NAT". This section comes with the following instructions:
> 
> *Special Applications*
> 
> Some applications require multiple connections, such as Internet gaming,
> video conferencing, Internet telephony and others. These applications
> cannot work when Network Address Translation (NAT) is enabled. If you
> need to run applications that require multiple connections, specify the
> port normally associated with an application in the "Trigger Port"
> field, select the protocol type as TCP or UDP, then enter the public
> ports associated with the trigger port to open them for inbound traffic.
> 
> Note: The range of the Trigger Ports is from 1 to 65535.
> 
> THen there's a table in which I can associate "trigger ports" with
> "public ports". But I don't think I really understand what this is
> about, as thre seems to be no way to associate a particular local
> machine with a forwarded port.
> 
> 3. DMZ. THis screen lets me associate a local IP address (192.168.2.x)
> with a public IP address. But this isn't what I want, is it? Because
> after all I only have one constantly-changing IP address available to
> me...
> 
> Anyway -- I feel a little bit stumped. I wondered whether anyone else
> had ideas about what I should do, whether I'm out of luck, etc.
> 
> THanks much,
> 
> matt
> 
> 
> 
> --
> The Toronto Linux Users Group. Meetings: http://tlug.ss.org
> TLUG requests: Linux topics, No HTML, wrap text below 80 columns
> How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
> 



-- 
----------
Linux, Firefox and GMail .. what a combination.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gtalug.org/pipermail/legacy/attachments/20050914/bfa9df73/attachment.html>

More information about the Legacy mailing list