[YLUG] Router

Mike Cohler mike.cohler at gmail.com
Sun Nov 4 20:04:22 GMT 2007 

It is not entirely cleat what your setup is - but I have linux
machines sitting in a LAN connecting to the outside internet (via
broadband to an isp) via a modem/router which is analogous to your
setup I guess.

In order to see the machine on the inside from the outside I need to
setup port forwarding through the router from the outside on port 22
to port 22 on the specific ip address of one particular machine on the
inside which in your case is presumably 192.168.0.100.  I set the
linux machine with a static ip on the internal LAN. The external
address is static for my address as given by my isp. This works well
and gives no problems. Dynamic ip is problematic for this - see below.

If you are setting up your internal address via dhcp from your router
then I am not sure that you will be able to forward port 22 to a
machine from the router if your ip address can continue to change
periodically.  In any event it is straightforward to set a static
internal address. In my case I use one linux machine as a dhcp server
and when the mac address of another machine such as a laptop from a
member of the family boots up the main dhcp server gives it s specific
static internal address rather than one of a range from the dhcp pool.
This means that the port forwarding can be set up to forward port 22
from the outside direct to a specific machine of my choice on the
inside on the same port.  If you do run dhcp from a main server then
you usually need to remember to turn off dhcp in the router itself as
it is usually on by default and will serve from an internal address
pool - otherwise you may get an ip from the router instead of from
your server linux machine.

If you want to access more than one machine from the outside then you
can set up a different port as seen from the outside to port 22 of a
different machine on the inside. So you could call port 23 from
elsewhere and route ssh into port 22 on machine2 in your LAN for
example. This is done usually via the embedded web interface on the
router.

If you are talking about an external dynamic ip given by an ISP and
are connecting to a machine on an internal network then this can be
done but it take a bit more work.

Internally and on the router the setup is as above, but the problem
then lies in knowing the external ip so that it can be called from
elsewhere.

The ip as seen from the outside world can change from time to time if
dynamic - I set up this system for my daughter who wanted to save
money by choosing a broadband account with a dynamic ip.

So you still need is port forwarding from the outside network through
the modem/router to a machine with a fixed internal ip that can be
specified to the router. I make sure the machine is given a fixed
internal address.

All that then remains is to know the external ip to be called from
elsewhere and it will work.
Some people use websites such as dynnds.com to keep track of the ip by
using a small script running on a machine inside the internal LAN.
There are different ways to do it and if you are adept with running
your own scripts you can make calls to the modem/router under a cron
job (from an internal machine) and find the ip address, and then send
a mail to yourself at an external mail service machine, to notify if
the ip changes. Once you know the ip address then you can make a
standard ssh call to the external address by ip rather than name, and
it will be forwarded to the machine you specified in your port
forwarding setup.

Hope this helps.

Mike

On 04/11/2007, Dr P Dupre <pd520 at york.ac.uk> wrote:
> Hello,
>
> Saturday at 15:45 I have been at the Danish Kitchen, but I did not find
> anybody !
>
> By the way I have a some problem with a router.
> I have a LInux machine connected on the network by a dynamic IP. I can
> access it without any problem from the network. Then, I put a router
> (TRENDnet) between the machine and the network. Every thing is fine
> until I try to reach the machine from the outside. Of course I enable the
> port 22 for the machine 192.168.0.100.
> Checking the status:
> WAN IP: 82.3.205.41
> Subnet Mask: 255.255.252.0
> Gateway: 82.3.204.1
>
> I though that it was a routing problem since a ping to 82.3.204.1
> does not respond.
> I do not block the ping from the WAN side.
>
> How can I solve this problem ?
>
> Regards.
>
> --
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> Patrick Dupré                                             pd520 at york.ac.uk
> University of York                                 Department of Chemistry
> Heslington, York              YO10 5DD                      United Kingdom
> Phone: +44-(0)-1904-434384                        Fax: +44-(0)-1904-432516
> +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> _______________________________________________
> York mailing list
> York at lists.lug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/york
>
>


-- 

mike cohler

More information about the York mailing list