Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
My Linux server is on my school's network. But I want to access it at home. There is a router between the school's LAN and the Internet. The only way to access the server is to be on the school's side of the router. My school uses local class A address internally <EX: 10.*.*.*>. How can I get through the router to contact my server from home?
Get with the admin and see if he can make access by opening up either a port or services, etc... for you. There's no other way, well probably, but that is something we don't tell people how to do here.
I know what ports are open, but I don't know how to go through them to an inside IP address, I want to go through the router through the open port 22 and sftp my server that has IP 10.4.0.17
Since the address is in a non-routable subnet the only way I could think of to access the machine behind the NAT/router remotely would be to have the school network administrator to set up something for you. i.e. when the NAT gets a request on port 1025 forward it to 10.4.0.17:22
how does a web site, I accessed, forward packets through the router to me? If they can get through to my port 80, why cann't I get through to port 22? <ps. the system administrator is in another county>
Originally posted by hotrodowner how does a web site, I accessed, forward packets through the router to me? If they can get through to my port 80, why cann't I get through to port 22? <ps. the system administrator is in another county>
Because different services are using different ports. Your admin might have port 80 opened and forwarded for the website that server is running, but that doesn't mean you can telnet or ssh into that same server on port 22, cause its most likely blocked then or not forwarded to that IP on the network. If your admin has port 22 open, most likely he just has to make is so the request thru that port is forwarded to your 10.x.x.x IP or whatever..
There is another opensource way to accomplish this. It is called http tunnel. As the following website states, it creates a bi-directional connection through port 80
My thoughts on this. You are using NAT ( private IP address 10.x.y.z) , so you will not be able to access this IP address from a remote system outside your LAN.
Now what kind of router you have in between your server and the internet ? Check if your router supports port forwarding. If your router supports port forwarding your problem is solved.
If you have port forwarding, let me know I can help you out in this.
-Manas
Originally posted by terryfunk There is another opensource way to accomplish this. It is called http tunnel. As the following website states, it creates a bi-directional connection through port 80
Did you read his first post, the actual question and the rest of the posts, he doesn't need anything for http, port 80 or the such, he wants direct access, like ssh or telnet to login to his machine.
But apparently no one is reading my posts as well or hotrodowners. He is not the admin of the router, until the router is configured to do this, it won't happen or work most likely.
hotrodowner,
The first thing for you to do is to get with your ADMIN on this, there isn't anything you can do at this point til then unless you have actual access to the router, which for a school and your a student, I wouldn't think so.
If your school is behind that router, which I presume has a firewall along with it, only the admin will be able to set this up so you can have direct access to the server your speaking of. Unless he doesn't give you direct access which would totally make sense on a security type issue. So get with him/her and let them know what you want to do. They either say, yay or nay.
There are three non-routable IP ranges. 10.0.0.0 (subnet mask 255.0.0.0). 192.168.0.0 (subnet mask 255.255.0.0), and I forget the third 172 something. Regardless, if you have an address on one of these subnets then you can not communicate directly with the routable IP network.
What happens is your machine communicates with a NAT (Network Address Translation) router/gateway. The NAT takes the request from the inner private address then forwards it on to the net in general using it's own outer routable address. As far as any machine in the routable IP range is concerned the request came from and is returned to the NAT's outer address. When the NAT get's the response it can then forward it onto the original inner address.
Here is the crux of the problem, in order for a response to be forwarded to the inner address it must have been initiated from a machine inside the NAT. If the NAT gets a request (not response, a request) for say port 1025 it has no way of knowing which of the machines inside the non-routable range to send it to. Remember all communication from the outside world is actually going to one IP, the NAT's outer address, and then forwarded to any of the machines with non-routable addresses.
The way to get around this problem is port-forwarding. In essence you are telling the router/gateway "When you get a request on port X send that on to machine ###.###.###.### on port Y" where ### et al is a machine on the inner network.
So, the only viable way of directly communicating with your server is if you have the administrator set up port-forwarding for you. Keep in mind the requested port on the NAT and the destination port on your inner machine do not have to be the same. I usually only allow forwarding from the unpriviledged range of IP's.
DISCLAIMER: This is actually a bit of a simplification, though I made it as accurate as I could. Also to quelch the peanut gallery, there are other ways of establishing the connection (A relay being the most obvious), but if you want to do it drectly and with minimal aggravation of the Network Administrator Port Forwarding is it.
I hope that clarifies things.
Edit: content modified to clarify IP ranges/subnet masks
Originally posted by hotrodowner Does anybody know how to make a school district's computer administrator listen to a high school senior?
Money always works.. or a bribe, try to find something dirty on'em and threaten to tell the School Superintendent... Just kidding.
Just present to them what you want to accomplish, know the pro's and cons of the task and work.. Outsmart them, make them know you know what your talking about might be one way to convince them.
But not sure though.. Been out of school for way too long it seems.
Originally posted by Mephisto Not to show my age but we did not have internet connectivity at school when I was in high school. Good luck though.
Yeah, we had computer labs with just several connected, but most of the time we didn't have access to them when I was in school. I do remember in 6th grade though, it was cool being in a Computer Lab class where we learned how to program in I think it was GWBasic.. ah well. Yeah, forgot to tell you good luck though with the Admin.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.