[TriLUG] enabling SSH into private network
Greg Brown
gwbrown1 at gmail.com
Wed Jan 2 09:50:19 EST 2008
I do this very thing on several networks. I have my firewall (m0n0wall)
registering the DHCP addresses provided by the ISPs with dyndns.org. I have
port forwarding set up to listen for incoming connections, mostly on port
22, and I forward that port from my public IP address to the private IP
address (192.168.xxx.50 where "xxx" differs by site as to not have
overlapping addr spaces when dealing with site-to-site VPNs).
Anyway, it works fine this way and I can then ssh to my account name at
<site>.dyndns.org and as an added bonus I don't have to set up a full domain
for each site and I don't have to keep track of changing IP addresses. Nice
and simple.
This works great using squid to redirect ssh to allow web configuration of
anything on the 192.168.xxx.xxx network as well.
Greg
On Jan 2, 2008 9:40 AM, Engle, Victor <Victor.Engle at netapp.com> wrote:
>
>
> > I read that I hafta use separate ports in order for the
> > several boxes to each be able to accept SSH connections
> > through the firewall.
> > Looking around for ports that look (relatively) unused and
> > which are mnemonic for the service and the hostnames, I'm
> > thinking of using port#s 222x: does that seem reasonable/feasible?
> >
>
> Tom,
>
> Are your internal systems assigned private IPs like 192.168.x.x? If so
> then you also need to port forward from the router to the internal box
> running sshd. The idea of running the several systems on 222x ports
> sounds ok but I would prefer to allow incoming ssh connections to only 1
> internal system and just require developers to use that as an access
> point to your internal net.
>
> Regards,
> Vic
>
>
> > I read that I hafta use separate ports in order for the
> > several boxes to each be able to accept SSH connections
> > through the firewall.
> > Looking around for ports that look (relatively) unused and
> > which are mnemonic for the service and the hostnames, I'm
> > thinking of using port#s 222x: does that seem reasonable/feasible?
> >
> --
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>
More information about the TriLUG
mailing list