LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Router headaches (https://www.linuxquestions.org/questions/linux-networking-3/router-headaches-34673/)

hotrodowner 11-05-2002 05:56 PM

Router headaches
 
My Linux server is on my school's network. But I want to access it at home. There is a router between the school's LAN and the Internet. The only way to access the server is to be on the school's side of the router. My school uses local class A address internally <EX: 10.*.*.*>. How can I get through the router to contact my server from home?

trickykid 11-05-2002 06:32 PM

Get with the admin and see if he can make access by opening up either a port or services, etc... for you. There's no other way, well probably, but that is something we don't tell people how to do here.

hotrodowner 11-05-2002 08:08 PM

I know what ports are open, but I don't know how to go through them to an inside IP address, I want to go through the router through the open port 22 and sftp my server that has IP 10.4.0.17

Mephisto 11-05-2002 08:18 PM

Since the address is in a non-routable subnet the only way I could think of to access the machine behind the NAT/router remotely would be to have the school network administrator to set up something for you. i.e. when the NAT gets a request on port 1025 forward it to 10.4.0.17:22

hotrodowner 11-05-2002 08:24 PM

how does a web site, I accessed, forward packets through the router to me? If they can get through to my port 80, why cann't I get through to port 22? <ps. the system administrator is in another county>

trickykid 11-06-2002 12:14 AM

Quote:

Originally posted by hotrodowner
how does a web site, I accessed, forward packets through the router to me? If they can get through to my port 80, why cann't I get through to port 22? <ps. the system administrator is in another county>
Because different services are using different ports. Your admin might have port 80 opened and forwarded for the website that server is running, but that doesn't mean you can telnet or ssh into that same server on port 22, cause its most likely blocked then or not forwarded to that IP on the network. If your admin has port 22 open, most likely he just has to make is so the request thru that port is forwarded to your 10.x.x.x IP or whatever..

terryfunk 11-06-2002 01:26 AM

There is another opensource way to accomplish this. It is called http tunnel. As the following website states, it creates a bi-directional connection through port 80

http://www.nocrew.org/software/httptunnel.html

manaskb 11-06-2002 07:43 AM

My thoughts on this. You are using NAT ( private IP address 10.x.y.z) , so you will not be able to access this IP address from a remote system outside your LAN.

Now what kind of router you have in between your server and the internet ? Check if your router supports port forwarding. If your router supports port forwarding your problem is solved.

If you have port forwarding, let me know I can help you out in this.
-Manas

trickykid 11-06-2002 08:23 AM

Quote:

Originally posted by terryfunk
There is another opensource way to accomplish this. It is called http tunnel. As the following website states, it creates a bi-directional connection through port 80

http://www.nocrew.org/software/httptunnel.html

Did you read his first post, the actual question and the rest of the posts, he doesn't need anything for http, port 80 or the such, he wants direct access, like ssh or telnet to login to his machine.

But apparently no one is reading my posts as well or hotrodowners. He is not the admin of the router, until the router is configured to do this, it won't happen or work most likely.

hotrodowner,

The first thing for you to do is to get with your ADMIN on this, there isn't anything you can do at this point til then unless you have actual access to the router, which for a school and your a student, I wouldn't think so.
If your school is behind that router, which I presume has a firewall along with it, only the admin will be able to set this up so you can have direct access to the server your speaking of. Unless he doesn't give you direct access which would totally make sense on a security type issue. So get with him/her and let them know what you want to do. They either say, yay or nay.

hotrodowner 11-06-2002 05:08 PM

so the only way to make contact with an internal IP is to have the router's table set to forward on a certain port to it?

Mephisto 11-06-2002 08:12 PM

Correct.

There are three non-routable IP ranges. 10.0.0.0 (subnet mask 255.0.0.0). 192.168.0.0 (subnet mask 255.255.0.0), and I forget the third 172 something. Regardless, if you have an address on one of these subnets then you can not communicate directly with the routable IP network.

What happens is your machine communicates with a NAT (Network Address Translation) router/gateway. The NAT takes the request from the inner private address then forwards it on to the net in general using it's own outer routable address. As far as any machine in the routable IP range is concerned the request came from and is returned to the NAT's outer address. When the NAT get's the response it can then forward it onto the original inner address.

Here is the crux of the problem, in order for a response to be forwarded to the inner address it must have been initiated from a machine inside the NAT. If the NAT gets a request (not response, a request) for say port 1025 it has no way of knowing which of the machines inside the non-routable range to send it to. Remember all communication from the outside world is actually going to one IP, the NAT's outer address, and then forwarded to any of the machines with non-routable addresses.

The way to get around this problem is port-forwarding. In essence you are telling the router/gateway "When you get a request on port X send that on to machine ###.###.###.### on port Y" where ### et al is a machine on the inner network.

So, the only viable way of directly communicating with your server is if you have the administrator set up port-forwarding for you. Keep in mind the requested port on the NAT and the destination port on your inner machine do not have to be the same. I usually only allow forwarding from the unpriviledged range of IP's.

DISCLAIMER: This is actually a bit of a simplification, though I made it as accurate as I could. Also to quelch the peanut gallery, there are other ways of establishing the connection (A relay being the most obvious), but if you want to do it drectly and with minimal aggravation of the Network Administrator Port Forwarding is it.

I hope that clarifies things.

Edit: content modified to clarify IP ranges/subnet masks

hotrodowner 11-07-2002 10:42 AM

Does anybody know how to make a school district's computer administrator listen to a high school senior?

trickykid 11-08-2002 08:52 AM

Quote:

Originally posted by hotrodowner
Does anybody know how to make a school district's computer administrator listen to a high school senior?
Money always works.. or a bribe, try to find something dirty on'em and threaten to tell the School Superintendent... ;) Just kidding.

Just present to them what you want to accomplish, know the pro's and cons of the task and work.. Outsmart them, make them know you know what your talking about might be one way to convince them.

But not sure though.. Been out of school for way too long it seems.

Mephisto 11-08-2002 09:11 AM

Not to show my age but we did not have internet connectivity at school when I was in high school. Good luck though.

trickykid 11-08-2002 11:21 AM

Quote:

Originally posted by Mephisto
Not to show my age but we did not have internet connectivity at school when I was in high school. Good luck though.
Yeah, we had computer labs with just several connected, but most of the time we didn't have access to them when I was in school. I do remember in 6th grade though, it was cool being in a Computer Lab class where we learned how to program in I think it was GWBasic.. ah well. Yeah, forgot to tell you good luck though with the Admin.


All times are GMT -5. The time now is 12:16 AM.