[TriLUG] enabling SSH into private network
G.Wolfe Woodbury
ggw at wolves.durham.nc.us
Wed Jan 2 10:20:06 EST 2008
Tom Roche wrote:
> Coupla questions about enabling SSH from the internet into a private
> network:
<snip>
> In any case, whatever I use for the port#s, I'll need to open them on
> the firewall: fortunately that seems straightforward.
>
> Then from outside the private network one will need to run
>
> ssh <id>@<FQ hostname> -p <port#>
>
> where <FQ hostname> belongs to one of the boxes on the private
> network. I know how to setup IDs, and port# is discussed above. I'm
> wondering, what do I need to do to publicize the hostnames from the
> private network to the world? Or is there A Better Way to do this?
You don't need to publish the FQDN of the internal boxes, just a name
for the firewall/router where the ports are forwarded to the real ssh on
each machine. Here I have a D-Link DI-604 and have setup "virtual
servers" for each of the machines I want to access, with the external
port translated/NATted to the internal ssh port.
The internal LAN runs in the 10.x.x.x ipspace, and the router gets it's
dynamic IP from verizon DSL and a useable name from dyndns.com. The
dyndns.com name also is listed as the MX server for the "permanent"
legacy email name.
Hope This Helps
--
Wolfe
More information about the TriLUG
mailing list