Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I need to access a server on a remote site from a Windows workstation via ADSL/NAT port forwarding. The server is running an OS called THEOS and I have just found out from the suppliers that the particular version of THEOS that's running will not accept a workstation connection from an IP-based client that's off the local network. I do have access to a PC on site via an RDP session but this means 'taking over' a user's PC.
One option would be a bridge/vpn to the network but I have also been reading about using iptables to do local port forwarding - there's a Linux server on site so maybe I could bounce a connection through it? THEOS Workstation needs to use UDP port 3256.
A couple of issues for which I'd appreciate some input:
iptables is not currently running on the remote linux server and I am concerned that if I turn it on I will chop off ssh access (on port 8429) and then need to make a trip to site (4 hour round trip) to fix the problem because the Linux server is headless (no monitor/keyboard) and there's no-one technical on site. Any pre-setup I can do and check? I have not really used iptables before.
I can't get my head round whether an SSH tunnel using ssh -D is an option - would this be setup between a pair of Linux servers (possible if workable)? If so, what command/s would I use?
This THEOS box, can it be connected via ssh? If so, if you can connect to the box thats your gateway and tunnel from there. My idea is this:
You ---Internet---- Gateway device -- forward traffic through or act as firewall. eth0 to eth1 for example
------ If traffic is trying to conenct with 65000 forward to eth1:1(alias ;P) which is the gateway box and from there you can do your tunnel.
With 4 hours between you and the hardware, I would take the path of least risk.
It is safe to presume they have a perimeter firewall, and they have opened the RDP port so that you can access remotely? And they have also opened a port, forwarded to the Linux box's SSH port ?
Finally, how do you connect to the THEOS box (GUI app, cmd line, etc.)?
If you have a linux box on your side a fairly easy way to do this is set GatewayPorts to yes in your local linux sshd config file (restart its ssh server) and the ssh -L 3526:ip_of_THEOS_box:3526 user@remote_linux_host
Then just tell your windows workstation to connect to the linux box like its the theos box and all the port 3526 access will get forwarded to the theos box and it'll look local to its network.
Once you've done what you want I'd turn off the GatewayPorts option.
This THEOS box, can it be connected via ssh? If so, if you can connect to the box thats your gateway and tunnel from there. My idea is this:
You ---Internet---- Gateway device -- forward traffic through or act as firewall. eth0 to eth1 for example
------ If traffic is trying to conenct with 65000 forward to eth1:1(alias ;P) which is the gateway box and from there you can do your tunnel.
No SSH on THEOS - I'm just grateful it has FTP as to get data off the system I am going to run a script to dump a database to csv files, FTP them to the Linux server and then rsync via ssh to head office.
With 4 hours between you and the hardware, I would take the path of least risk.
It is safe to presume they have a perimeter firewall, and they have opened the RDP port so that you can access remotely? And they have also opened a port, forwarded to the Linux box's SSH port ?
Finally, how do you connect to the THEOS box (GUI app, cmd line, etc.)?
Yep, perimeter firewall to which I have full access as I setup the router.
THEOS supports local serial terminals or local Windows clients using its own, proprietary GUI client software.
Last edited by linker3000; 07-07-2008 at 01:26 AM.
There is no real trouble with establishing a secure connection to an internal box; the question here, if I'm understanding, is how you ensure all the right packets get to THEOS. Some thoughts:
If the firewall/router has VPN software, this might be the most straightforward, and useful. Your system simply becomes a member of the remote network, and THEOS is none the wiser.
Because THEOS uses UDP, to use SSH and a tunnel, you'll have to also do some trickery to force UDP into a FIFO, to push that down the tunnel. Only testing will determine if this will ultimately work for you. ( I'm assuming you don't want to open the UDP port that THEOS listens on, a risky proposition at best.).
A third alternative is to setup a simple Windows box on the inside, that is your connection station. Then you can use RDP, VNC, or even the old, but venerable NetMeeting.
Perhaps yet another option is a serial cable from the Linux box to the THEOS box.
There is no real trouble with establishing a secure connection to an internal box; the question here, if I'm understanding, is how you ensure all the right packets get to THEOS. Some thoughts:
If the firewall/router has VPN software, this might be the most straightforward, and useful. Your system simply becomes a member of the remote network, and THEOS is none the wiser.
Because THEOS uses UDP, to use SSH and a tunnel, you'll have to also do some trickery to force UDP into a FIFO, to push that down the tunnel. Only testing will determine if this will ultimately work for you. ( I'm assuming you don't want to open the UDP port that THEOS listens on, a risky proposition at best.).
A third alternative is to setup a simple Windows box on the inside, that is your connection station. Then you can use RDP, VNC, or even the old, but venerable NetMeeting.
Perhaps yet another option is a serial cable from the Linux box to the THEOS box.
Lets see if any of these grabs your interest.
Cheers,
VPN is a possibility - all routers are Drayteks and support a hardware VPN.
THEOS box is well away from the Linux one and getting them together would be problematic - although a mains-borne/wireless serial link might be a way forward.
I may stick with taking over a local PC via RDP for now because once I have setup the file transfer scripts on the THEOS server they will be run by local staff anyway.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.