I'm learning my way around the various networking concepts of the internet and have stumbled across an interesting situation. I've been playing with apache on my home server and have forwarded the appropriate port from my router so that I can access it from the internet by going to my home ip address from a web browser outside of my home network (from work, for example =P).

The issue I have come across is that now I can no longer get to my router's setup page by typing in its ip address (which is now forwarded to my home server) so I can no longer change any other settings remotely.

My first thought was to set up a webpage on the home box that redirects me to 192.168.1.1 but this doesn't have the intended result.

Is there a way to set up a "pipe" through my home box, or something of a similar nature? In this case I will be able to access the machine physically in a few hours, but what if it was not accessible?

Hi.

Maybe it would be easier to run Apache on a different port, so you can use the router interface on port 80 and the Apache instance from, say, port 8080 ?

Dave

What router?

Most routers allow administrative access internally only. I presume you have ssh access to your server?

You were nearly there by redirecting to 192.168.1.1, but as my understanding, that tells your browser to go to 192.168.1.1, not to route the connection. your work computer tries to lookup 192.168.1.1 on the work network, which hopefully isnt attached to anything.

You need to port foward port 80 on 192.168.1.1 to a port on your windows client and then connect to that port from your client, eg

ssh -L 8080:192.168.1.1:80 user@host

or use putty in windows.

Good luck

EDIT: Fogot to say after all that on the client fire up a web browser and go to http://localhost:8080, and the local port traffic will be routed through the ssh session to your server from the server to the router internally.

Also, dave, if the port is externally fowarded it wouldnt matter if he changed the apache port now cus the router would still just foward the connection on to a server that isnt listening

Obviously, he'd have to change the forwarded port from 80 to 8080...

My apologies, I think were getting confused; your right, if the apache port is changed to 8080, to access the apache server externally the forward would need to be changed to 8080, which would then *presumably* allow external access to the router configuration pages.

My previous response was about keeping the apache server externally accessible on port 80, and eliminating "public" external access to router configuration and enabling a tunneled connection from client port 8080 to the internally accessible router port 80.

As stated, this would be alot simpler if we knew what router we were talking about.

The router is a Linksys WRT54GL, and I was able to access the administration page externally before I added the port forwarding and can ssh into the server.

Thanks for all the info, server is offline right now but I will try all of this out as soon as I get it back up and running again.

I use exactly the same router (its actually acting as a bridge atm, but nvm) altho I didnt know the default firmware allowed external admin access.........

While I'm here, check out the DD-WRT and Tomato firmwares. Lots more control and a helluva lot prettier than the factory firmware. I'd recommend Tomato.

Anyway, good luck and let us know how it turns out.

G

Just tried it out and it is working properly. So let me see if I understand exactly what is going on here:

ssh -L 8080:192.168.1.1:80 user@host

We are creating a socket that listens to port 8080 on the local machine, and when any traffic is received by the local machine on that port (for example, by going to http://localhost:8080), it is re-routed over the ssh connection to the remote host and sent to 192.168.1.1:80. Right?

Yup, that's the long and short of it.