Can i reach a system behind a firewall with ssh ? 2

[gosuc]

Hello Network-Gurus,

I have not so much experience with firewalls, but I need
to know if it is possible to reach a system thats inside
the firewall from outside the firewall. From what I know,
if the firewall is using NAT, it should be possible, as the source - and destination address in ssh is not encrypted. But the adresses of systems behind the firewall are private adresses (192.168. ...). Does this mean, I
can only get to the systems having "real IP's" within the DMZ , and would I have to telnet from there to the inside - Systems?

Any help would be apreciated!

The reason I need to know this is, that I have do make
some remote-diagnosis on systems behind the firewall.
Using ssh would allow me to use the GUI's of some utilities on the target Systems.

Thanks for any help.

Regards,

Fred !

 

[manarth]

hi gosuc -

The feature you're looking for is port forwarding.

Setup of this depends on your model of router - check your user manual for instructions.

Port forwarding -
When someone outside your LAN tries to connect to your public address, the router forwards the connection to the specified local IP (i.e. your server).

You can either
a) Put a PC from your LAN into the DMZ - which means all ports are forwarded to it. NB - this isn't very secure.
b) Forward the appropriate ports. (I'm not sure which one's are used for SSH - try checking your helpfiles)

Once port forwarding is setup, you should be able to connect in the same way as you would from inside your network - instead of trying to connect to IP 192.168.x.x, connect to your public IP address.
<marc>[ul]help us help![sup][li]please provide feedback on what works / doesn't[/li]
[li]not sure where to start? click here: faq581-3339[/li][/sup][/ul][/sup]

 

[pansophic]

gosuc,

Try forwarding port 22, it is the only required port for ssh. You'll probably also want to tunnel X through this connection. It is pretty straight forward, simply make sure that your /etc/ssh/ssh_config has FowardX11 yes in it and you should be fine.

You can also configure ssh to run on a non-standard port in the config file by setting Port #.

Good luck!
pansophic

 

[gosuc]

Hello,

thank you for helping. With this help I knew what topic
I had to read. I could implement my ssh-connection via port 22 and it worked.

Thanks again to mark and pansophic


Fred

 

[reverendm]

i have a prob with local and public ip also. i see every where that i need to port forward but no mention on exactly how to do it. i've even bypassed my router to simplfy my prob but i still have that 192.168.1.1 as my ip displayed in my dynamic ip updater. thats how i'm asuming my apache server is only visable on my lan and not the internet

 

[manarth]

port forwarding is a feature found on your router. what make/model is it?
the feature is sometimes called Virtual Server.

<marc> i wonder what will happen if i press this...[ul][li]please give feedback on what works / what doesn't[/li][li]need some help? how to get a better answer: faq581-3339[/li][/ul]

 

[reverendm]

i've learned about port forwarding now and my router. it's my westell wirespeed modem that seems to be the prob.

 

[bcastner]

The Westell modem utility to enable bridge mode depends on the model. For a discussion and link to the Westell Icon utility:

http://www.broadbandreports.com/forum/remark,6807090~root=ilec,vz~mode=flat