On Wed, Sep 14, 2005 at 10:16:49PM -0400, Matt Price wrote: > hi folks, > > I have 2 computers on a home network, connected to DSL through a modem > and a cheap SMC router (Barricade g = SMC2804WBRP-g). I would like to > be able to ssh into both of them form the outside world. I have > successfully set up "inadyn" to associate a stable URL (x.dyndns.org) > with my dynamic IP, which is great. Now the problem is to tunnel remote > ssh requests to the two local machines. I don't really understand this > very well (though I tried something similar about 2 years ago -- got > stumped then). > > As I understand it, what I need to do is set up some kind of a table > where external requests on particular ports are forwarded by the router > on to corresponding (perhaps not identical) ports on one or the other > local machine. SO I imagine something like this: > > from work, I type: > > ssh -p 2000 -l me mydomain.dyndns.org > which gets to the router; the router sees that it's supposed to forward > requests on port 2000 to 192.168.2.199; 192.168.2.199 picks up the > request and an ssh tunnel is formed > > on the other hand, if I type > ssh -p 3000 -l metoo mydomain.dyndns.org > the router sends the request to 192.168.2.254 instead. > > On my router confiugration screen, there seem to be 3 places where this > sort of thing can be done: > 1. "DDNS" -- here I'm allowed to have 1 static IP address designated as > a "server" ; requests on ports 80,21,and 25 (http, ftp, smtp) are > forwarded on to the "server". I've tried this and it works fine for > http at least (I get the standard debian default index page from my > local machine). But there seems to be no further flexibility. > 2. "NAT". This section comes with the following instructions: > > *Special Applications* > > Some applications require multiple connections, such as Internet gaming, > video conferencing, Internet telephony and others. These applications > cannot work when Network Address Translation (NAT) is enabled. If you > need to run applications that require multiple connections, specify the > port normally associated with an application in the "Trigger Port" > field, select the protocol type as TCP or UDP, then enter the public > ports associated with the trigger port to open them for inbound traffic. > > Note: The range of the Trigger Ports is from 1 to 65535. > > THen there's a tablei nwhich I can associate "trigger ports" with > "public ports". But I odn't think I really understand what this is > about, as thre seems to be no way to associate a particular local > machine with a forwarded port. > > 3. DMZ. THis screen lets me associate a local IP address (192.168.2.x) > with a public IP address. But this isn't what I want, is it? Because > after all I only have one constantly-changing IP address available to > me... > > Anyway -- I feel a little bit stumped. I wondered whether anyone else > had ideas about what I should do, whether I'm out of luck, etc. > I use shorewall for my firewall, which lets me specify in simple rules any ports I want forwarded and to which hosts they should be forwarded. Other than that, I am sure you could whip up a short iptables script to do what you want. -Roberto -- Roberto C. Sanchez http://familiasanchez.net/~roberto
Attachment:
pgp9zxqeQrzAU.pgp
Description: PGP signature