LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Router headaches (https://www.linuxquestions.org/questions/linux-networking-3/router-headaches-34673/)

hotrodowner 11-15-2002 02:44 PM

So, I still have to set up a VPN? Now I think I need some VPN troubleshooting because I set Windows XP at home to accept connections, and windows XP at school to connect, but the machine at school said it couldn't connect. I could access my ftp server from internet explorer, but I just couldn't get the VPN going, so I'm assuming that the VPN connection is the problem. It could also be a block port on the router, but that is unlikely. I don't have a firewall enabled on either computer. I am now going to try a Windows XP VPN howto (the one on the help index said it was an unknown code). Wish me luck!!

Mephisto 11-15-2002 03:52 PM

You will either need to set up a VPN or SSH but not both. What VPN are you using?

To determine wheteher a particular port is blocked/available try this. Think of it as ping on steroids. This is a Win32 application. nmap in the Linux world does much the same thing.

hotrodowner 11-17-2002 08:23 AM

How do I connect using SSH if I can only talk to the router and it doesn't let me in?

By the way, (with VPN) will I be able to access computers on the same network as the CLIENT? I know the client can access the server's, but can the server access the client's LAN?

Mephisto 11-20-2002 06:39 PM

Quote:

Originally posted by hotrodowner
How do I connect using SSH if I can only talk to the router and it doesn't let me in?

By the way, (with VPN) will I be able to access computers on the same network as the CLIENT? I know the client can access the server's, but can the server access the client's LAN?

Sorry about the delay. Had to go onsite with a client for a few days.

As far as how do oyu connect with SSH. You can connect using SSH (or VPN for that matter) because you will be initiating the cnnection from the machine befind the router. Then when you get home you will use the already established connection to by pass the NAT.

In the case of a VPN the initiater of the tunnel effectively becomes part of the LAN segment at the destination. I.E. You Linux box as the initiator will become part of the LAN segment that the Windows box is on and will be able to acess things on that segment, if you do not restrict access through the VPN. It would probably be wise to restrict access though.

hotrodowner 11-20-2002 06:51 PM

I am unable to establish a vpn because the vpn port is blocked. I don't understand how to backtrack through an ssh tunnel, as far as I know, the connection is one-way. If someone ssh'ed my computer, I wouldn't even know it!! how can I backtrack to the host of the ssh connection when I am on the server?

Mephisto 11-20-2002 07:24 PM

Go to post 27 and read the page from the first link. That explains what I am suggesting except we will be reversing the portforwarding. i.e. from the remote to the local rather than from the local to the remote.

hotrodowner 11-20-2002 07:33 PM

I don't mean to be a bother, but I don't think I understand what I'm reading. This article says that I can forward packets on the localhost to those on a remote host. I cann't even see the computer around the router, how do I forward connections to a port if the computer cann't even be seen. I can see mine from inside the network, but I cann't see the school computer from outside the network. I need access to the computers' IP address, then I can handle it. Can I change the port VPN uses on the client and server?

Mephisto 11-20-2002 07:46 PM

Quote:

Originally posted by hotrodowner
I don't mean to be a bother, but I don't think I understand what I'm reading. This article says that I can forward packets on the localhost to those on a remote host. I cann't even see the computer around the router, how do I forward connections to a port if the computer cann't even be seen. I can see mine from inside the network, but I cann't see the school computer from outside the network. I need access to the computers' IP address, then I can handle it. Can I change the port VPN uses on the client and server?
What I am suggesting is that you cna forward the packets from the remote host to the local host. The reason you can do this is because the local host, not the remote, established the connection. And yes depending on the VPN solution you are using oyu could change the port it uses.

hotrodowner 11-20-2002 08:13 PM

So your saying I can connect to the outside computer from inside the network (by logging on to it with ssh), and then physically go to the outside computer, start ssh, and logon to the computer protected by the router?

hotrodowner 03-23-2003 02:18 PM

I think httptunnel might be a good idea, by what I think I understand about it. my situation now, is that I need to get to a ftp server inside the school. I figured if I could figure out how to use this software, then I could set up a server on the outside, a client on the inside, and then connect to the my home computer from the inside, go home, and then ftp my computer at school. Does anyone know how to use this software, or have another good idea for acomplishing this?

DavidPhillips 03-23-2003 11:38 PM

I think I would go wth ssh if you need a shell login.

The only way I can see it working reliably is for the router to do port forwarding to your internal system.

if you can do that then the ssh connection to the internet address will be forwarded to your internal system.


The other way would not require the router to be configured for port forwarding. However the internal machine would need to make the connection and establish a remote forward of a local port. It would also need to check the connection and if the connection was lost it would need to reconnect.


This would in a sense make the internal machine the client and your home system the server.

If the connection is made and a local port on the client is forwarded to the server's local port then a connection to the client can be made locally on the server.

DavidPhillips 03-24-2003 01:03 AM

For the connection itself this will work...

First lets setup ssh to run on two ports, one for normal ssh and the other for the remote connection..

I use port 513 because it's available on my systems



On the internal machine..

I assume sshd is already running and working on the normal port.

Start ssh on port 513...

Code:

sshd -p 513
Now connect to the ssh server on the machine available on the internet, and forward port 513...

Code:

ssh -R 513:localhost:513  www.yourhomeserver.com
You can use the ip address of your machine at home ( www.yourhomeserver.com) if you have no domainname

Now you will get the connection established


On the home machine...
Code:

ssh -p 513 127.0.0.1
The login prompt will be from the internal machine

Once the connection is established you will be logged into the machine inside the router. Any file transfers between the two machines can be established from the internal machine using ftp or whatever. The home server will be acting as an ftp server or sftp server, etc..


You can setup sshd to come up on port 22 and 513 in the

/etc/ssh/ssh_config file

You will probably want to set this up to use certificates instead of passwords, so you can do the connection from a script on the internal machine.

You will need a script on the internal machine that runs the ssh command, checks for the connection, and continues to try the connection when it fails.


Having a domainname for the home machine would be best. That way if your ip address changes for some reason you can fix the domainname from anywhere and the connection will be resumed without having to access the internal machine to change the script.

hotrodowner 03-25-2003 07:50 AM

I tried changing the port from 22 to 21, and internet explorer just gives me error messages. It worked for my web server on port 80, but not the ftp server. I just need to transfer files across it, I dont need remote logins.

DavidPhillips 03-25-2003 10:48 AM

you cannot do anything without port forwarding on the router.

The work around is the remote login. You can transfer files to and from anywhere on the internet once you are logged in.

hotrodowner 03-25-2003 11:13 AM

well, I can use the apache web server through the tunnel, so how can I make apache force a login to use it?


All times are GMT -5. The time now is 08:53 AM.