buck <(E-Mail Removed)> writes:
>On Fri, 02 Jun 2006 11:23:07 -0400, bird <(E-Mail Removed)> wrote:
>>Hi every one,
>>
>>I have a couple of machines sharing a broadband
>>connection through a router at home. Each machine
>>as an IP number as 192.168.2.x. One machine has
>>Fedora Core (FC) installed. Everything is fine
>>until recently when I need to access the FC machine
>>when I am out of town.
Short answer-- you cannot. Those private addresses are non-routable on the
public network.
Longer answer, if your router, is able to do port forwarding, then you can
set it up so that if you try to ssh to say port 22 on the router IP
address, it will automatically send on the packet to port 22 on your
internal machine. Whether or not your router allows port forwarding and how
to enable it will require a trip to your router manual.
>>
>>The FC machine has daemon sshd running, and I can
>>access it by sftp and ssh on any machine at home.
>>My question is how I can access it on a machine
>>outside of my router?
What your FC machine has or does is irrelevant. Packets cannot reach it.
>>
>>I did try to connect the FC machine directly to
>>the broadband (bypassing the router), and I was
>>able to ssh and sftp the FC machine from a public
>>one successfully. However, by this way my other
>>machines at home did not have internet access
>>any more.
>>
>>Can any one please tell me how I can keep the FC
>>machine behind my router while let it accessible
>>by internet? Thank you.
>>
>>-Kevin
NOthing you do on the FC machine can change the situation. packets cannot
reach it because it has a private address which will be thrown away at the
first public router they reach.
>Maybe with something like this?
># This allows access to A when VNC connects to Z:
>#A="192.168.1.76"
>#Z="external.ip.address"
># Tear down
>iptables -D FORWARD -p tcp -d 192.168.1.76 --dport 5900 -j ACCEPT
>2>/dev/null
>iptables -D FORWARD -p tcp -d 192.168.1.76 --dport 5500 -j ACCEPT
>2>/dev/null
>iptables -t nat -D PREROUTING -p tcp -d external.ip.address \
> --dport 5501 -j DNAT --to 192.168.1.76:5500 2>/dev/null
>iptables -t nat -D PREROUTING -p tcp -d external.ip.address \
> --dport 5901 -j DNAT --to 192.168.1.76:5900 2>/dev/null
># Set up
># This is the key! Redirect from external to internal whatever
># port(s) - 22 in your case?
>iptables -t nat -I PREROUTING -p tcp -d external.ip.address \
> --dport 5901 -j DNAT --to 192.168.1.76:5900
>iptables -t nat -I PREROUTING -p tcp -d external.ip.address \
> --dport 5501 -j DNAT --to 192.168.1.76:5500
These would work if he had two ethernet cards on that single machine, one
of which was connected tot he external world. He has a router.
># You must allow the packets through the FORWARD chain:
>iptables -I FORWARD -p tcp -d 192.168.1.76 --dport 5900 -j ACCEPT
>iptables -I FORWARD -p tcp -d 192.168.1.76 --dport 5500 -j ACCEPT
>You may also want to check out the REDIRECT target. I avoid it
>because it did not correctly compile so it causes Seg Faults. DNAT
>works so I use it.
>--
>buck
|
Similar Threads
Linear Mode
