-   Linux - Networking (
-   -   Router headaches (

Mephisto 11-08-2002 12:51 PM

The computer lab at my high school had Apple IIe's, a couple of Apple II+'s and 2 pc's (386 or 486). None of which were networked.

The computer classes were in Basic, but by my senior year I was coding in Assembler. C was too eclectic to get a compiler for.


peter_robb 11-08-2002 03:29 PM

You will find that the only way to be trusted is by being honest, all the time...

And unfortunately that don't always look cool...

Your school admin will have his reasons for not letting you get a foot in a door in that he will lose control of...
There are libraries full of hindsight on this one.
And the price for getting caught for doing it the sneaky way can be long lasting.
I'm sure the admin and the students think the other is the bad guy.

So I'd advise you to relax and look at the school as another one of those places you don't have priveleges. Their money, their choices...

Of course, keep learning, and quickly, but in a different venue with your rules...

hotrodowner 11-11-2002 05:17 PM

Ya'll make me look bad, I didn't learn how to use QBASIC till I was a Freshman, and then it was because I needed it on a boot disk to use EDIT.COM!! Well, I wish I knew more about programming than I did. I've tried to learn C, and then Java, but the bracks () and source code structure is hard for me to learn. Anyways, I think I'll ask my computer teacher to ask the administrator for me. He thinks I'm a genius because I got my Linux server set up with SFTP (SECURE!!! WO-HOO!!). Thanx for the help!

Mephisto 11-11-2002 06:37 PM

Don't feel bad. The main reason I started learning programming in the first place was so that I could get time in the coputer lab to play Tai Pan when the librarian was not looking. :) (The lab was in the library.)

But stick with it and you will get the hang of it. Programming is 50% study, 50% attention to detail, and 50% patience. Math helps too. :D

iamnotherbert 11-11-2002 10:08 PM

Ahhh grasshopper... An avenue to investigate is a vpn connection out of the school network to your computer at home. Then you can connect to your school pc's services from home over the vpn tunnel..

Worth a shot..


hotrodowner 11-12-2002 07:20 PM

How do I create a virtual private network connection in Linux and connect to it in Windows?

Mephisto 11-12-2002 07:46 PM

While setting up a VPN or some other form of tunnel is a possibility make sure to get permission first. If the Network supervisor finds out about it and it comes down that no one in authority knew about it you could be in for a lot of trouble. Network administrators don't have a sense of humor about these things.

Again if you want to do it above board, port forwarding is your best bet. If you get permission to try and connect using whatever means are at your disposal then let us know and someone here can probably point you in the right direction.

Edit: Please help me I am starting to sound like my parents!!! I am not ready to be responsible!

Mephisto 11-12-2002 08:33 PM

I decided to throw caution to the wind.. a little. There are a number of ways to set up a bi-directional tunnel such as you need. I will explain how to do it with OpenSSH which will do nicely.

First on your Windows box you will need to install cygwin . Cygwin is in essence a POSIX shell for windows, which allows you to a number of nifty things but the main one for our purposes is to allow sshd to run on your windows box. Do a google search for sshd and cygwin and you will get a number of how-to's on set-up for sshd.

Once sshd is running on your Windows box, from your Linux box inside the firewall you can call the Windows box and tell it to forward certain ports on the remote box (Win) to certain ports on the local box (Lin) and vice versa. man ssh on your linux box will explain the port forwarding, the ones to focus on are -L and -R.

Provded you can get permission from anybody (even your teacher), if you get stuck drop another note and I will help further. Somebody else may help regardless but I have a conscience to soothe.

hotrodowner 11-13-2002 04:28 AM

Don't worry about permission. I have it from both my CET teacher and my CISCO teacher. I just cant get the system administrator to forward the packets because they think most all students are stupid and those that know anything about computers want to destroy them. <Despite the fact that I fix the computer problems on the campus after school.> Well, I think it would be a good learning experience because my CET teacher heard about VPNing but didn't understand it. I will get back to you (plural) with the results as soon as possible. Thanx for the help so far!!

Mephisto 11-13-2002 06:50 AM

What I am suggesting is not a true VPN, though I suppose it is close enough not to matter. If you want yo do a true VPN, IPSEC is one option. I use a (expensive) commercial solution so my experience on doing IPSEC by hand is limited.

Set up cygwin and try and get sshd working at a minimum. Also if you don't already have one set up a firewall on your Win box that you can selectively block ports on. Read up on PrtForwarding a bit as well if you really want to learn, I could walk you through it all but you won't learn as much.

hotrodowner 11-13-2002 05:56 PM

Actually, when it comes to learning, if I'm left with a book's worth of info. then I will usually give it a good effort, but it is usually to much at a time, so I just give up. If someone talks me through the basic, and I see that it worked when I did it, then I have the understanding to understand what I am reading. Then I will learn ALOT faster and understand it better.

So, your suggesting that the administrator tells the router to forward the packets to my server and then I can ssh it? I don't think I understand what you are saying. I need to get through the router and communicate between my home computer and the server, in both directions, without packet forwarding.

Mephisto 11-13-2002 07:06 PM

No here is what we will be doing, and the administrator can go hang, if you will pardon the expression. We will call your Linux box "L" and Your Windows box "W." From L you are going to call W and say "When you get a request on your IP for Port 8088 I want you to take that request and go ahead and give it to me (L) through this tunnel (SSH) I created, I will then treat that request as if it came across Port 21 (FTP Control)" Better yet Read This and see if you follow what they are talking about. We are simply going to reverse the procedure and set the remote machines port 8088 to forward to 21 on the local (-R instead of -L).

Right now I am concentrating on FTP but is there a specific protocol (HTTP, FTP, etc...) you wanted? Another thing to keep in mind is that I can not categorically state this will work, I understand networking fairly well but I have never tried to to do this through a NAT intiated from the server. I will give it a go this weekend as a sanity check, I have everything I need between home and work but can't play around with it during business hours. The bigest risk is what will happen if DHCP reassigns the IP address. I'm not sure.

Here is another choice from an older thread. Or we could try a different VPN. Finally there is the HTTP tunnel mentioned earlier. An HTTP tunnel is very similar in nature to the SSH tunnel I am describing. Since you have gotten permission, I am willing to help you try whichever you like until you get tired of trying.

I leave it up to you, check each option out, or find a different one and tell me how you would like to proceed. :study: It depends a lot on what you need the connection for. SSH is the easiest for me, others may give you more power. In the meantime I will see if I can find something that explains TCPIP port communication in terms that are not painfully obscure.

The way I have gotten around this (from my home system behind a NAT on a cable modem) is to have my Natted machine connect to a known relay in JXTA and then when I get into my office I open the peer and create a tunnel in JXTA, if the code for the tunnel worked right I would even suggest this route. But it will be months, maybe a year before I consider it functional. But since I have only been working on the code for maybe 5 or 6 hours I felt a need to brag. :D

I think we are down to the two of us BTW.... I have this instinctive fear someone else might have a better idea but have given up on the thread. Oh well, insecurity is it's own reward. Easily the longest I have stuck with a thread though.

Mephisto 11-13-2002 08:12 PM

Not to cloud the issue with the facts but on another thread Stickman mentioned CIPE which actually looks like a good solution to your problem. I never looked into it before but it looks sound and has a Win32 version. The CIPE athor also argues convincingly against the SSH tunnel method that i am recommending...

hotrodowner 11-14-2002 08:06 PM

I had time to think yesterday <about 4 hours!!> and I thought of the following idea:
1) set up a VPN server on Windows XP at home
2) set up a VPN share at school (on a Windows XP machine), and connect to the one at home through the internet
3) set up openssh on both XP computers <for use with SFTP and the telnet replacement>
4) go home and backtrack through the VPN tunnel with ssh.

I have one question though, I have never used a VPN before; will I be able to access the entire school network from the VPN connection, or is it just to the XP machine directly connected? In other words, will I be able to access the other machines attached to the network of the computer that is VPN'ing mine? If it wont go to other computers, thats ok, I'll just ssh the xp machine, then sftp my server, and then sftp the xp machine. It seems long, but I think it would work.

Mephisto 11-15-2002 01:46 PM

You won't need the SSH if you set up a VPN connection. So all you will need to do are steps 1,2, and 3 not counting the SSH part of 3. SSH using port forwarding performs the same basic thing as the VPN will but only on one port.

Read up on installing CIPE (link in an earlier message) since that looks to be the most promising route. Install it on both the server and the Win32 machine and we will go from there.

All times are GMT -5. The time now is 07:20 AM.