As a long-time Lx user I have a friend who relies on my assistance for his own home Lx box. I'd like to be able to login to his machine across the 'Net from time to time for routine maintenance and repair, and am unsure of how to go about this.

My googling has resulted in a number of 'HowTo' pages that mostly refer to IP tunnelling as the solution, but these all seem to address the 'workstation behind a server' scenario - i.e. the typical corporate setup. We both have standard broadband accounts with a modem/router as the gateway to the 'Net.

Two issues are immediately obvious:

1. How to determine our IP addresses. I know that this can be done via such sites as the following, but I'm unsure as to whether the address given is permanent:

http://whatismyipaddress.com/

2. How to 'get past the router'. I'd guess that the tunnelling info may answer part of this, but would like some more specific info.

Once these two have been solved, a standard SSH login should be easy, and could presumably be expanded to VNC and/or VoIP.

If those more knowledgeable about these matters are kind enough to respond, I'd be happy to summarize the info collected, add the results of my efforts, and post the lot on my LxQ blog to serve as a future reference.

With thanks to all who may reply.

do you have public IP-addresses? perhaps dynamic DNS is your best choice for determining IP-addresses of each other

You can use a dynamic DNS setup, or if you have a 3rd party web/ftp host you can periodically run a script to grab the public IP and push it to the ftp, so you always know what the current public IP is. Or you can just have him go to whatismyip.com every time you need to connect to see what the public IP is.

Unless he's purchased a static IP through his ISP, chances are it's going to change periodically. How often depends on the ISP...I technically have a dynamic IP, but it hasn't changed in over two years.

Then you'll need to set up port forwarding in the router to push incoming connections on port 22 (or a custom port of your choosing) to the local IP of his machine. The machine should have a static IP on the local network so you don't need to worry about changing the port forwarding IP in the router every time his box comes up with a different IP.


So the overall chain goes:
Give his linux box a static IP on the local network
Set up his router to forward incoming connections on port 22 (or a custom port of your choice) to the linux box
Find out his public IP via whatever means you like
Connect to the public IP at the specified port

Thanks for the info, guys. First up, we both use a large local ISP (Optus) here in Australia, mine via 3G wireless broadband, his via copper ADSL. I'd figured that something like this was the case:

> Unless he's purchased a static IP through his ISP, chances are it's going to change periodically. How often depends on the ISP...I technically have a dynamic IP, but it hasn't changed in over two years.

> Then you'll need to set up port forwarding in the router ...

Haven't done this, so will investigate.

> The machine should have a static IP on the local network ...

Yep, have this covered.

> You can use a dynamic DNS setup ...

This is an option in the router, so I'll take a closer look.

> you can periodically run a script to grab the public IP ...

I'm fluent enough in Perl to cover this.

> So the overall chain goes:
> Give his linux box a static IP on the local network
> Set up his router to forward incoming connections on port 22 (or a custom port of your choice) to the linux box
> Find out his public IP via whatever means you like
> Connect to the public IP at the specified port

Good summary! But it's the last one that's still uncertain. What does a "through the router" IP address look like on the commandline? Perhaps:

># ssh fred@49.35.129.11-192.168.1.101

... where the first IP is the router on the Inet, and the second is the LxBox on the LAN?

actually what you want can easily be done with a free logmein account and a copy of hamachi, bascially it allows you to create a virtual private lan and then with the client, join both machines to that lan and then they can talk to each other as if they are on an actual lan.

the linux client can be downloaded here:
https://secure.logmein.com/labs/

The Dynamic DNS option in your friend's router is most likely just an updater for a dynamic DNS provider. It doesn't provide a dynamic DNS service, it just updates one. You'd need to set up the dynamic DNS provider account and hostname first with someone like dyn.com or no-ip.com.

As an alternative to using the router's updater, you can use something like ddclient on your friend's system to keep the dynamic DNS hostname updated with the current IP. There are some good reasons for doing that. Some dynamic DNS providers of free DDNS will delete your account if you don't update it periodically. The router's dynamic DNS updater probably only updates the DDNS name when the IP address changes, which may not be often enough to keep the DDNS account from being deleted. This is generally not a problem if you have a paid DDNS account.

You would just ssh to the public IP, "ssh fred@49.35.129.11" or to the dynamic dns hostname "ssh fred@fredsbox.homelinux.net". The homelinux.net domain name is one that you can define a hostname on (in this example, fredsbox) at dyn.com. The dynamic DNS providers generally have a number of domain names you can pick from when you define your hostname@domainname.

Getting to the proper internal IP behind your friend's firewall is a function of the port forwarding on the router. You will set up his router to forward port 22 to his internal static IP.

^ This

You just connect to the public IP, and the router uses the port forwarding rule you set up to push the connection to the correct IP on the LAN.

Thanks for all the replies; I'm starting to get an overview of the situation. My question about a "through the router" IP address was prompted by this short page on IP tunnelling. It's evidently well-established, but requires two kernel modules:

http://lartc.org/howto/lartc.tunnel.ip-ip.html

This would work if the router were a server, but not for a standard "black-box" home unit, since the modules couldn't be installed. Port forwarding seems to be the answer:

> You just connect to the public IP, and the router uses the port forwarding rule you set up to push the connection to the correct IP on the LAN.

The Dynamic DNS and hamachi solutions look interesting. I'll take some time to investigate these options and post back with results.