Accessing server behind router :: setting up network
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Accessing server behind router :: setting up network
I think this is a somewhat stupid question, but I've searched for it, and couldn't find anything. I want to set up a home network with an apache and proftpd server that I can access from outside my house. So basiclly what I want to do is have the apache server on one computer and the proftpd on another. I want to have a third act as a router.
My question is how do I actually do this. I assumed I would use a DHCP dameon to assign IP's to the computers, but then how would they be accessable to people outside the network? What address would they use? Basiclly I'm looking for a How To, I've searched google, those how tos don't tell how to access computers from outside the network.
that is to say PC1 is the only one connected directly with interet whether connected via dsl, cable or ppp modem. So I assume that you don't have a router device because if you had a router device (not pc) the situation would be totally different.
Well I would assign statics IP to PC1, PC2 and PC3. PC1 should have (at least) two network interfaces (with 2 ip's). One visible from internet and one visible from local network, so I would do:
PC1 : 192.168.0.1 ( & X.X.X.X assigned to you by your internet provider)
PC2 : 192.168.0.2
PC3 : 192.168.0.3
In all of them the local network mask is 255.255.255.0.
In PC2 and PC3 you must set the default gateway to 192.168.0.1 (PC1 internal IP).
In PC1 I would create rules (with iptables) to route all the traffic incoming (from internet) to the 80 port to 192.168.0.2:80 and the traffic incoming (from internet) to the 21 port to 192.168.0.3:21. Of course you can have the apache server and the ftp server running in the same pc. You don't need 2 pc's.
People who wants to access the servers from the outside only has to know the IP that your internet provider has assigned to yo.
So if the hostname of the computer with apache is www and the hostname of the computer with proftpd is ftp, then would I telnet to the one with apache by doing
# telnet apache.mycomputer.com
assuming mycoputer.com was the domain?
and how would the situation be different if I had a real router?
First of, what Goala is describing is a NAT router. You can forward any port from the NAT router outside address to one ip address on your lan (you would have to set up static ips on the lan, generally with a 192.0.0.x address) You can't forward the same port to two different addresses, so your best bet would be to telnet (or better yet SSH) to the computer you're using as the router and telnet to the lan computers from there.
Secondly, a real router wouldn't be worth it for your situation. if you use a real router, as opposed to a NAT router, you would have to get a seperate "real world" static ip address for each computer on your lan, including a second one for the router. Could be with a seperate network address from your isp, but all the ips on your lan would have to have the same network address.
Hope that cleared things up instead of just confusing more.
so what you're saying is that I could forward 21 to the proftpd computer and 80 ( or in my case 1025) to the apache computer, but I would not be able to telnet them both without special measures?
Last edited by slackwarefan; 06-03-2004 at 02:37 AM.
(look for virtual domains in google, perhaps you can find anything that may help you. I know (almost) nothing about it).
instead you could do:
$ telnet mycomputer.com 8855
$ telnet mycomputer.com 8844
to do that you must do the telnetd service in www to listen to 8855 and in the ftp machine to listen 8844 (use the ports you like). And make rules in the router to route the traffic according to that.
Actually, it might not be such a good idea to doing any remote administration of the firewall. Maybe a better idea to forward the ssh port to the ftp box (assuming it has less of a load than the apache box) and ssh from there to the apache box? Depends on how paranoid you are about somebody getting on the firewall.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.