[TriLUG] enabling SSH into private network

Tom Roche Tom_Roche at pobox.com
Thu Jan 3 22:09:01 EST 2008 

<warning: ascii art/>

Thanks to everyone for their help! esp David Mann for the Linksys
BEFW1S4 and James Tuttle for the D-Link DI-604 (and Wolfe Woodbury for
offline advice about that). I first setup my testbed private network
like

                                   lane
                                  /
Roadrunner -- Surfboard -- DI-604 -- laptop
                                  \
                                   backend

with all connections=cat5 (which is what I want for deployment:
see e.g. our POS' docs "word on security" @ end of

http://www.wedge.coop/is4c/installation/connect.html

) and {backend, lane}=Ubuntu SE. Thanks to all the help, Wednesday I
was able to

* uplevel firmware on the DI-604

* make the DI-604 serve stable DHCP to the hosts

* registered the DI-604 with dyndns.org (dfctestwall.dyndns.org)

* make the DI-604 forward 2222 -> backend:22

* setup SSH from laptop to backend and lane from inside the PN

* from outside the PN, SSH from laptop to backend, and from there to
   lane

Which was great! except that, once roadrunner gave the DI-604 a new
IP#, it broke dfctestwall.dyndns.org. But I was expecting that: after
reading

https://www.dyndns.com/support/clients/hardware/

I noticed the DI-604 lacked DDNS support, as did the BEFW1S4. However,
at the Durham Food Co-op we already have a Linksys WRT54Gv5 in
service, and that *does* have DDNS support. So I swapped the BEFW1S4
with that; now the co-op has wireless *and*

                                     lane
                                    /
Roadrunner -- Surfboard -- WRT54Gv5 -- laptop
                                    \
                                     backend

does DDNS. And I gained much understanding (I think :-) esp why

https://www.dyndns.com/services/dns/dyndns/readme.html
 > (We recommend using software clients over hardware clients whenever
 > possible, as software clients are easier to install, configure and
 > troubleshoot than hardware clients.)

Plus, from the thread, I'm interested in setting up netcat, since I'm
gonna hafta setup remote data entry so we can get some databases
populated. But that's a topic for another time :-) as is setting up a
firewall/switch, e.g. with m0n0wall. (I note the love it's getting on
this list.) For now I'm getting on with the end-to-end POS testing.

Your assistance is appreciated! Tom Roche <Tom_Roche at pobox.com>

More information about the TriLUG mailing list