Quote:
Originally Posted by Ryanms3030
If I am way off, please help me understand. Thanks!
|
No, you're pretty much spot on.
The IP addresses on your home LAN are
private, non-routable addresses. Due to a shortage of public IP addresses, ISPs typically allocate only a single IP address to each customer, and the router has to "hide" outbound connections behind that one address using Network Address Translation (NAT).
Since there's only one public IP involved, when you SSH to that IP address from the outside, you actually end up connecting to the router. However, it is possible to have the router forward such requests to a private address on the inside rather than replying to the request, which is why when you SSH to the public IP, your internal server responds. At some point you (or someone else) must have configured this forwarding on the router, otherwise it wouldn't have worked.
As for forwarding an incoming connection request to a second server, that's only possible if the request is somehow different. The router must be able to differentiate between requests that are to be forwarded to the first server and requests that should go to the second server.
When it comes to SSH you're in luck, as SSH uses TCP as a transport protocol, and TCP has port numbers. The standard TCP port number for SSH is 22, and currently you have port 22 on the router forwarded to port 22 on the first server. What you can do, is forward a
different port on the router to port 22 on the second server. You would have to explicitly tell the SSH client to use a non-standard port when you connect from the outside, but it would work.
There are 65536 ports in total, and you can basically just pick a number. Port 0 is "reserved" and 1-1023 are considered "privileged" (that is, a lot of them are assigned to common services), but the rest is mostly free game. The procedure for configuring port forwarding on a router varies somewhat depending on make and model, but a quick Google search ought to point you in the right direction.