RE: HOWTO Ping LAN???

From: Rich Shinnick (rich_at_stigroup.net)
Date: 08/20/04

  • Next message: Eric Crist: "RE: HOWTO Ping LAN???" 
    To: "'Hakim Singhji'" <Hakim.Singhji@nychhc.org>, "'Hakim Z. Singhji'" <system-administrator@earthlink.net>, "'MatthewSeaman'" <m.seaman@infracaninophile.co.uk>
Date: Fri, 20 Aug 2004 00:46:20 -0400

    Hakim,
     
    What you are trying to do is possible in two ways:
     
    1. SSH to the box, and tunnel to other internal machines according to the
    tunnels you have set up. (See the last email I sent).
    2. Port forward connections from the Internet "thru" the BSD to internal
    machines.
     
    Check these links:
    http://www.rootprompt.net/freebsd_firewall.html
    http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls.html

      _____

    From: Hakim Singhji [mailto:Hakim.Singhji@nychhc.org]
    Sent: Thursday, July 29, 2004 10:27 AM
    To: Hakim Z. Singhji; MatthewSeaman
    Cc: Bill Moran; freebsd-questions@freebsd.org
    Subject: Re: HOWTO Ping LAN???

    Hi Matt,

    You say that the only way I will be able to connect to my network is by
    tunneling.
    This is not what I want to do, I thought I may be able to SSH, Telnet, www,
    etc.
    from the outside to my default gateway and have the gateway pass SSH,
    Telnet,
    www., or any other request to the machine on the private network by
    including the
    "localhost.defaultgateway.domain.org" or something to that affect.

    Does NAT Overloading only go one way???

    Hakim Z. Singhji
    Coordinating Mgr. / Infection Control
    718-245-3923
    hakim.singhji@nychhc.org

    >>> Matthew Seaman <m.seaman@infracaninophile.co.uk> 7/29/2004 5:32:32 AM
    >>>
    On Thu, Jul 29, 2004 at 01:40:02AM -0400, Hakim Z. Singhji wrote:

    > Figure 1
    >
    > ***************
    > * Internet *
    > *24.199.1xx.xx*
    > ***************
    > ~ |
    > ~ |
    > *************** **************
    > * Defaut GW * __ __ *Kids Machine*
    > *192.68.0.1 * *192.68.0.3 *
    > FreeBSD 4.10 * * Mandrake 10*
    > *************** **************
    > ~ |
    > ~ |
    > *****************
    > *Wrk Station1*
    > *192.68.0.2 *
    > *Redhat 9 *
    > *****************
    >
    > This is a rough diagram of the network... I would like to ssh, ping,
    > etc. the machines behind the default gateway directly (without
    > tunneling) from the outside the network (at work for example). Is this
    > possible and if so how do I config. Keep in mind that my default
    > gateway is FreeBSD. I know this may be a complicated project but if you
    > could help that would help me greatly. Many thanks to everyone in advance.

    I'm afraid that's not going to be possible with your current network
    layout. If you want all of your machines to be accessible from the
    Internet, then you'll need routable addresses on all of your machines.

    I know you've said you don't want to use tunnelling, but
    unfortunately, that's the only way you can access a private address
    space as you have from outside it. A relatively simple way of doing
    that is to ssh into your gateway box, and use the '-L' or '-R'
    portforwarding options to create a tunnel to one of the internal
    machines, and then ssh or otherwise connect through that tunnel: see
    eg.

    http://www.linux.ie/articles/tutorials/ssh.php

    One other point: you're going to have problems if you're using
    192.168.0.0 as the IP number on your FreeBSD machine. That's the
    *network* address, and shouldn't be applied directly to any specific
    machine. If you're running your internal network using 192.168.0.0/24
    as the address space, then you have 254 addresses (from 192.168.0.1 to
    192.168.0.254) to use for client machines, since 192.168.0.0 (network
    address) and 192.168.0.255 (broadcast address) are reserved as part of
    the networking setup.

    Cheers,

    Matthew 

    -- 
Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks
Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey Marlow
Tel: +44 1628 476614 Bucks., SL7 1TH UK

    • application/x-pkcs7-signature attachment: smime.p7s
  • Next message: Eric Crist: "RE: HOWTO Ping LAN???"

    Relevant Pages

    • RE: HOWTO Ping LAN???
      ... SSH to the box, and tunnel to other internal machines ... > network is by tunneling. ...
      (freebsd-questions)
    • Re: Multiple RDP access on one Inet line
      ... A better solution is to use a VPN or Secure Shell (SSH) tunnel. ... How is your network connected to the internet? ... External port 10001 redirect to 3389 for Internal IP 192.168.1.1 ...
      (microsoft.public.windowsxp.work_remotely)
    • Re: public internet security
      ... tunnel thus keeping everything encrypted. ... If the op wishes to get to his deskop at home, again, ssh is the ... have a faster, non-encumbered connection. ... nonsecure Internet connections available at motels. ...
      (Ubuntu)
    • Re: Tunnneling?
      ... >> might be able to do something temporarily using ssh and port forwarding. ... > I don't have a machine with a real IP on the internet on my network. ... > That could theoretically be set-up for a tunnel or something like that... ...
      (comp.os.linux.networking)
    • Re: LAN access while VPN is up
      ... The two most common reasons for choosing the "Class A" range of RFC1918 ... appear on the Internet, and no one else is going to know you are using it. ... net via SSH over the Internet, but the number of hoops to jump through ... >the tunnel, and disconnects the tunnel if I mess with the routing table. ...
      (comp.security.firewalls)