Niki Kovacs wrote:
> Les Mikesell a écrit :
>> You don't really need to change the ports on the hosts.  Just configure the 
>> router to accept different ports on the internet side and redirect to port 
>> 22 at 
>> the different IP addresses on the inside.  Then you only have to change the 
>> client settings for access from outside.   I'd move both of them away from 
>> port 
>> 22 on the outside, though - you'll avoid a lot of password guessing attempts 
>> that will happen otherwise.
>>
> 
> Sorry, but I don't quite follow you. (One of these cases where I feel my 
> IQ is just a bit insufficient :oD)
> 
> How can I possibly access two distinct machines behind one single IP 
> address when they run SSH on the same port ?

The router configuration for port forwarding should let you specify the port to 
accept on (where each does have to be different because of the single IP) and 
then the IP and port for redirection.  Since the inside targets have different 
IPs, it doesn't matter that they have the same port.  At least most routers 
work 
this way - you can redirect to a different port on the inside but they may have 
a different config section for 'custom' forwarding and a simplified one that 
just sends a service port to the same port on one inside target.

> Or, I'll reformulate my question more simply.
> 
> I have a router with *one* public IP address (213.41.141.252). And 
> behind that router, on the local network, I have two different machines: 
> 192.168.1.2 and 192.168.1.3.
> 
> Is there a (normal, orthodox) way to SSH into these machines directly 
> from the outside? That is, without logging into the main box and then 
> hopping around internally? Something where in one case, ssh 
> 213.41.141.252 -option gets me into machine A, and then ssh 
> 213.141.141.252 -otheroption gets me into machine B.

Yes, just pick different port numbers for the router to redirect to port 22 at 
each internal IP.  Then everything works normally internally and externally you 
  use 'ssh -p nnn public_address'  where your port number will be the one 
redirected to the internal machine you want (and the NX client also has a place 
in the config screen to set the port number).

Another option if most of your outside access is from a single location or from 
a laptop would be to set up openvpn to one of the inside machines, configuring 
the router to pass a single udp port for it.  Then you can treat it like a 
routed subnet with normal access to all services.  But, if you use freenx it 
doesn't make much difference because the session runs over ssh and the desktop 
will have 'inside' access anyway.

-- 
    Les Mikesell
    lesmikes...@gmail.com

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Reply via email to