ICF, Linux, SSH and me

I have two machines at my apartment, a Windows XP Home box and a
RedHat 9.2 box. I have a cable modem connection. Background:

WINXP MACHINE
-------------
256 RAM, 1.5GHz Intel P4 chip
Intel PRO 10/100 LAN Adapter, connected to my cable modem
Linksys EtherFast 10/100 LAN Card, connected to a Linksys switch
ICS enabled: provides IP address of 192.168.0.67 to my Linux box
ICF enabled: "SSH Service," hosted IP 192.168.0.67, TCP, ext. port
8181, int. port 22
ICF enabled: "ProFTPd Service," hosted IP 192.168.0.67, TCP, ext. port
8877, int. port 21
ZoneAlarm 3.7.143, Firewall: Internet Zone=Medium, Trusted Zone=Low

LINUX MACHINE
-------------
128 RAM, 233MHz Intel P3
Linksys EtherFast 10/100 LAN Card, connected to same Linksys switch
iptables set to allow everything from everywhere with every protocol
sshd server set up and running on port 22
ProFTPd server set up and running on port 21

MISC
----
noip.org domain name of xxxxx.noip.org (not the real name)

I want users to be able to SSH and ftp into my Linux box via my XP box
using the domain name xxxxx.noip.org. Currently I can SSH and ftp
into the Linux box from my XP machine with no problems by using the
192.168.0.67 address, but I can't get in from outside. I had this
working once before at my old apartment, but my ICF rules for the two
services above have vanished somehow, and I can't get this working
again to save my life. I've tried shutting down ZoneAlarm, accessing
the system using just my XP machine's IP (as opposed to the domain
name), among other things. I'm not about to shut off ICF as a long-term
solution because I prefer to have as many lines of defense up as possible.

I did this once before -- what am I missing now?

Dave Baker

Mr Geetar wrote:
> I have two machines at my apartment, a Windows XP Home box and a
> RedHat 9.2 box. I have a cable modem connection. Background:

Curiuos,

Why in the heck would you want a windows machine protecting a Linux box? Should
be the other way around.. Have the linux box protect the windows box via
iptables.

penguin-rox wrote:
> Mr Geetar wrote:
>
>>I have two machines at my apartment, a Windows XP Home box and a
>>RedHat 9.2 box. I have a cable modem connection. Background:
>
>
> Curiuos,
>
> Why in the heck would you want a windows machine protecting a Linux box? Should
> be the other way around.. Have the linux box protect the windows box via
> iptables.
>

Because to do so would require an inordinate amount of swapping cables,
resetting my cable modem, etc., and I'd rather not attempt it right now.
Maybe that can be my New Year's resolution or something. Anyways,
my Linux box is nothing greater than a learning project -- the only
"real" use I have for it right now is storing files I don't use much,
such as program setups, ZIPped archives and sound/movie files. For the
time being, I'd like to keep things the way they are. I know it's not
the "best" way, but it worked once and I'd like to get it running again.

Dave Baker

["Followup-To:" header set to comp.os.ms-windows.networking.tcp-ip.]

On 2003-12-02, Mr Geetar <(E-Mail Removed)> wrote:
> I have two machines at my apartment, a Windows XP Home box and a
> RedHat 9.2 box. I have a cable modem connection.

[...]

> I want users to be able to SSH and ftp into my Linux box via my XP box
> using the domain name xxxxx.noip.org. Currently I can SSH and ftp
> into the Linux box from my XP machine with no problems by using the
> 192.168.0.67 address, but I can't get in from outside. I had this
> working once before at my old apartment, but my ICF rules for the two
> services above have vanished somehow, and I can't get this working
> again to save my life. I've tried shutting down ZoneAlarm, accessing
> the system using just my XP machine's IP (as opposed to the domain
> name), among other things. I'm not about to shut off ICF as a long-term
> solution because I prefer to have as many lines of defense up as possible.
>
> I did this once before -- what am I missing now?

You need to set up NAT (network address translation). This is done in the
remote access server configuration menus.

But I think it would be better, and perhaps easier to use your linux
machine as the gateway and have it handle NAT for your network.

--

-John ((E-Mail Removed))