Setting up Linksys WRT54GL for Remote Server

[Jim]

Two boxes FC8-i386 behind a Linksys WRT54GL  router, both boxes have a  
static IP.
How do I set the router to allow me to connect by port 22 ssh to both 
boxes.


--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: Setting up Linksys WRT54GL for Remote Server

[Hugh Caley]

This will not work unless your two FC8 servers have routeable IP 
addresses.  Generally people with routers like the WRT54GL have only one 
IP address assigned by their ISP and are using NAT to get access to the 
internet for several machines.  You will not be able to connect to both 
machines FROM the internet if that is the case.  The router can route 
traffic for the single IP address to ONE of those machine.  Once you can 
SSH into that machine, you can then SSH from there to the other one.


I suppose you might run SSHD on a different port on one of those 
machines, but that doesn't seem worth the effort, really.


Hugh

Message: 1
Date: Wed, 17 Dec 2008 19:52:09 +0300
From: "Waleed Harbi"
Subject: Re: Setting up Linksys WRT54GL for Remote Server
To: "Community assistance, encouragement,  and advice for using
Fedora."
Message-ID:

Content-Type: text/plain; charset="utf-8"

You just need configure Linksys in Security tab, then forward any connection
via port 22 to the two boxes.


On Wed, Dec 17, 2008 at 7:49 PM, Jim  wrote:

   

>  Two boxes FC8-i386 behind a Linksys WRT54GL  router, both boxes have a
>static IP.
>  How do I set the router to allow me to connect by port 22 ssh to both
>  boxes.
>
>  --
>  fedora-list mailing list
>  fedora-list@redhat.com
>  To unsubscribe:https://www.redhat.com/mailman/listinfo/fedora-list
>  Guidelines:
>  http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
>
 


   


--
Hugh Caley, Linux Administrator
Aldon Computer Group
6001 Shellmound St. Suite 600
Emeryville, CA 94608

(510) 285-8542 | hu...@aldon.com


--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: Setting up Linksys WRT54GL for Remote Server

[Les Mikesell]

Jim wrote:
Two boxes FC8-i386 behind a Linksys WRT54GL  router, both boxes have a  
static IP.
How do I set the router to allow me to connect by port 22 ssh to both 
boxes.


You probably only have one public IP so you can port-forward port 22 to 
only one inside address.  You can pick a different port to forward to 
port 22 on the other box - or if you want more convenient access, set up 
something like openvpn between the private networks behind the routers.


--
  Les Mikesell
   lesmikes...@gmail.com

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: Setting up Linksys WRT54GL for Remote Server

[Dave Ihnat]

On Wed, Dec 17, 2008 at 12:59:04PM -0600, Les Mikesell wrote:
> You probably only have one public IP so you can port-forward port 22 to  
> only one inside address.  You can pick a different port to forward to  
> port 22 on the other box - or if you want more convenient access, set up  
> something like openvpn between the private networks behind the routers.

I've done this often when dealing with retail-grade router/firewalls
that don't allow VPN termination at the device.  I can't recall if the
WRT54GL allows for port mapping, though--which you need for the scheme
mentioned above.  It's not really a problem, though; just have the
second machine listen on a different port, and forward the same port.

I do recommend you not use port 22 in any case.  Most automated scans
know and search for 22; it's security through obscurity, sure, but you
wouldn't believe how the port scans dropped off when I picked another
port for SSH connections.
--
Dave Ihnat
dih...@dminet.com

-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: Setting up Linksys WRT54GL for Remote Server

[Jim]

Waleed Harbi wrote:

example:

http://portforward.com/english/routers/port_forwarding/Linksys/WRT54G/SSH.htm

On Wed, Dec 17, 2008 at 7:52 PM, Waleed Harbi > wrote:


You just need configure Linksys in Security tab, then forward any
connection via port 22 to the two boxes.



On Wed, Dec 17, 2008 at 7:49 PM, Jim mailto:mickey...@sbcglobal.net>> wrote:

Two boxes FC8-i386 behind a Linksys WRT54GL  router, both
boxes have a  static IP.
How do I set the router to allow me to connect by port 22 ssh
to both boxes.

-- 
fedora-list mailing list

fedora-list@redhat.com 
To unsubscribe:
https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines:
http://fedoraproject.org/wiki/Communicate/MailingListGuidelines




-- 
---

Yours,
Waleed Harbi
If you want your goals to come true, don't sleep.




--
---
Yours,
Waleed Harbi
If you want your goals to come true, don't sleep.

Thanks Waleed that link was very helpful.
But, below, in the part about "Port Forwarding" , Read paragraph below.

A port can only be used by one program at a time! Think of how this rule 
interacts with NAT. Well you've only got one external ip address on your 
router. When computer 1 is using port 500, it is using port 500 on it's 
internal ip address. If you have set up a port forwarding rule for 
computer 1 and port 500, the external ip address's port 500 is also in 
use. This means that you can only use port 500 on one computer on the 
network at a time. Using port 500 on two computers at the same time 
would violate the one program rule, and your data would get messed up. 
Most routers require you to specify an internal ip address to forward 
ports to, just for this reason. Some do not, so be aware of this. Port 
Forwarding rules will only work for one computer at a time!


This is where my problem is, I have two boxes, different IP's  (box 1) 
192.168.1.253   (box  2)  192.168.1.254
both set up in router in Port Forwarding  as Port 22 and it conflicts 
with the paragraph above.

How do  I get around this.

The first  IP 192.168.1.253, it allows me to  remotely login  with 
correct password.
The second IP 192.168.1.254, won't let me remotely login with correct 
password "Authenication for user Failed"


Does anyone know how to fix this  ?  


--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: Setting up Linksys WRT54GL for Remote Server

[Les Mikesell]

Dave Ihnat wrote:

On Wed, Dec 17, 2008 at 12:59:04PM -0600, Les Mikesell wrote:
You probably only have one public IP so you can port-forward port 22 to  
only one inside address.  You can pick a different port to forward to  
port 22 on the other box - or if you want more convenient access, set up  
something like openvpn between the private networks behind the routers.


I've done this often when dealing with retail-grade router/firewalls
that don't allow VPN termination at the device.  I can't recall if the
WRT54GL allows for port mapping, though--which you need for the scheme
mentioned above.  It's not really a problem, though; just have the
second machine listen on a different port, and forward the same port.


I haven't tried it, but I believe the WRT54GL is one of several that can 
have the firmware replaced with a free linux version that includes 
openvpn and other tools.


--
  Les Mikesell
   lesmikes...@gmail.com

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: Setting up Linksys WRT54GL for Remote Server

[Ted Roche]

Map port 8122 on the external IP to be routed to the first box's port 22
Map port 8222 on the external IP to be routed to the second box's port 22

When you want to log into the boxes remotely, specify the port as part
of the command:

ssh -p 8222 example.com
ssh -p 8122 Yo.ur.IP.Address

or

scp -P 8122 yourfile example.com:

Note that Secure Copy (scp) uses capital -P while Secure Shell (ssh)
uses lowercase. Trips me up all the time.

-- 
Ted Roche
Ted Roche & Associates, LLC
http://www.tedroche.com

-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: Setting up Linksys WRT54GL for Remote Server

[Waleed Harbi]

example:

http://portforward.com/english/routers/port_forwarding/Linksys/WRT54G/SSH.htm

On Wed, Dec 17, 2008 at 7:52 PM, Waleed Harbi wrote:

> You just need configure Linksys in Security tab, then forward any
> connection via port 22 to the two boxes.
>
>
>
> On Wed, Dec 17, 2008 at 7:49 PM, Jim  wrote:
>
>> Two boxes FC8-i386 behind a Linksys WRT54GL  router, both boxes have a
>>  static IP.
>> How do I set the router to allow me to connect by port 22 ssh to both
>> boxes.
>>
>> --
>> fedora-list mailing list
>> fedora-list@redhat.com
>> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
>> Guidelines:
>> http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
>>
>
>
>
> --
> ---
> Yours,
> Waleed Harbi
> If you want your goals to come true, don't sleep.
>



-- 
---
Yours,
Waleed Harbi
If you want your goals to come true, don't sleep.
-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: Setting up Linksys WRT54GL for Remote Server

[Jim]

Ted Roche wrote:

Map port 8122 on the external IP to be routed to the first box's port 22
Map port 8222 on the external IP to be routed to the second box's port 22

When you want to log into the boxes remotely, specify the port as part
of the command:

ssh -p 8222 example.com
ssh -p 8122 Yo.ur.IP.Address

or

scp -P 8122 yourfile example.com:

Note that Secure Copy (scp) uses capital -P while Secure Shell (ssh)
uses lowercase. Trips me up all the time.

  

I'm using NX for my remote connections on both ends.
How would I do this using NX ?

So I think what your saying is, in the WRT54GL (Server) , "port 
forwarding",

map 8122 to 22 to 192.168.1.253
map 8222 to 22 to  192.168.1.254
That's on the Server side.

But on the client side in NX for each user on server, how do you treat 
that in NX ?


--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: Setting up Linksys WRT54GL for Remote Server

[Waleed Harbi]

You just need configure Linksys in Security tab, then forward any connection
via port 22 to the two boxes.


On Wed, Dec 17, 2008 at 7:49 PM, Jim  wrote:

> Two boxes FC8-i386 behind a Linksys WRT54GL  router, both boxes have a
>  static IP.
> How do I set the router to allow me to connect by port 22 ssh to both
> boxes.
>
> --
> fedora-list mailing list
> fedora-list@redhat.com
> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
> Guidelines:
> http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
>



-- 
---
Yours,
Waleed Harbi
If you want your goals to come true, don't sleep.
-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: Setting up Linksys WRT54GL for Remote Server

[Jim]

Jim wrote:

Ted Roche wrote:

Map port 8122 on the external IP to be routed to the first box's port 22
Map port 8222 on the external IP to be routed to the second box's 
port 22


When you want to log into the boxes remotely, specify the port as part
of the command:

ssh -p 8222 example.com
ssh -p 8122 Yo.ur.IP.Address

or

scp -P 8122 yourfile example.com:

Note that Secure Copy (scp) uses capital -P while Secure Shell (ssh)
uses lowercase. Trips me up all the time.

  

I'm using NX for my remote connections on both ends.
How would I do this using NX ?

So I think what your saying is, in the WRT54GL (Server) , "port 
forwarding",

map 8122 to 22 to 192.168.1.253
map 8222 to 22 to  192.168.1.254
That's on the Server side.

But on the client side in NX for each user on server, how do you treat 
that in NX ?


I tryed to map 8222 to 22 on Port Forwarding in  WRT54GL, but it 
switches the ports around after "saving settings", to 22 in first box 
'to' 8222 in second box.


What am I doing wrong ?

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: Setting up Linksys WRT54GL for Remote Server

[Les Mikesell]

Jim wrote:


Map port 8122 on the external IP to be routed to the first box's port 22
Map port 8222 on the external IP to be routed to the second box's 
port 22


When you want to log into the boxes remotely, specify the port as part
of the command:

ssh -p 8222 example.com
ssh -p 8122 Yo.ur.IP.Address

or

scp -P 8122 yourfile example.com:

Note that Secure Copy (scp) uses capital -P while Secure Shell (ssh)
uses lowercase. Trips me up all the time.

  

I'm using NX for my remote connections on both ends.
How would I do this using NX ?


Click the 'configure' button and type in the 'Port' value next to the 
Host where it current has 22.


So I think what your saying is, in the WRT54GL (Server) , "port 
forwarding",

map 8122 to 22 to 192.168.1.253
map 8222 to 22 to  192.168.1.254
That's on the Server side.

But on the client side in NX for each user on server, how do you treat 
that in NX ?


I tryed to map 8222 to 22 on Port Forwarding in  WRT54GL, but it 
switches the ports around after "saving settings", to 22 in first box 
'to' 8222 in second box.


What am I doing wrong ?


If you can't get it to map different port numbers, you can make sshd 
listen on a different port - see /etc/ssh/sshd_config.


--
 Les Mikesell
   lesmikes...@gmail.com

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: Setting up Linksys WRT54GL for Remote Server

[Jim]

Les Mikesell wrote:

Jim wrote:

Map port 8122 on the external IP to be routed to the first box's 
port 22
Map port 8222 on the external IP to be routed to the second box's 
port 22


When you want to log into the boxes remotely, specify the port as part
of the command:

ssh -p 8222 example.com
ssh -p 8122 Yo.ur.IP.Address

or

scp -P 8122 yourfile example.com:

Note that Secure Copy (scp) uses capital -P while Secure Shell (ssh)
uses lowercase. Trips me up all the time.

  

I'm using NX for my remote connections on both ends.
How would I do this using NX ?


Click the 'configure' button and type in the 'Port' value next to the 
Host where it current has 22.


So I think what your saying is, in the WRT54GL (Server) , "port 
forwarding",

map 8122 to 22 to 192.168.1.253
map 8222 to 22 to  192.168.1.254
That's on the Server side.

But on the client side in NX for each user on server, how do you 
treat that in NX ?


I tryed to map 8222 to 22 on Port Forwarding in  WRT54GL, but it 
switches the ports around after "saving settings", to 22 in first box 
'to' 8222 in second box.


What am I doing wrong ?


If you can't get it to map different port numbers, you can make sshd 
listen on a different port - see /etc/ssh/sshd_config.


This is the section for port assignment in /etc/sshd_config, what should 
be changed ?


#Port 22
#Protocol 2,1
Protocol 2
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: Setting up Linksys WRT54GL for Remote Server

[Frank Cox]

On Wed, 17 Dec 2008 19:06:02 -0500
Jim wrote:

> This is the section for port assignment in /etc/sshd_config, what should 
> be changed ?
> 
> #Port 22

Port whateveryouwant  (and remove the # sign)

-- 
MELVILLE THEATRE ~ Melville Sask ~ http://www.melvilletheatre.com
DRY CLEANER BUSINESS FOR SALE ~ http://www.canadadrycleanerforsale.com

-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: Setting up Linksys WRT54GL for Remote Server

[Paulo Cavalcanti]

On Wed, Dec 17, 2008 at 10:29 PM, Frank Cox  wrote:

> On Wed, 17 Dec 2008 19:06:02 -0500
> Jim wrote:
>
> > This is the section for port assignment in /etc/sshd_config, what should
> > be changed ?
> >
> > #Port 22
>
> Port whateveryouwant  (and remove the # sign)
>
>

and restart sshd



-- 
Paulo Roma Cavalcanti
LCG - UFRJ
-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: Setting up Linksys WRT54GL for Remote Server

[Ted Roche]

On Wed, Dec 17, 2008 at 3:43 PM, Jim  wrote:

> But on the client side in NX for each user on server, how do you treat that
> in NX ?

"Jim:"

You can't get the answer to a question you don't ask. The more
information you provide, the more likely you are to get the exact
information you need.

Since you're using NX and not just ssh, you may find it advantageous
to reconfigure the servers to listen on different ports (like the 8122
and 8222 I suggested before, ports above 1000 are recommended) and
then have the router pass the packets through directly on those ports.
Then, you will need to reconfigure both the NX server and the NX node
to use that port.

There are many varieties of NX, both free and commercial. I haven't
worked with it since 2006, so my advice is likely out of date. I'd
suggest you check the support forum on the NX site at nomachine.com,
for answers such as this one:
http://www.nomachine.com/ar/view.php?ar_id=AR06E00470. They have a
very good support forum and should have answers to this
frequently-asked-question for the specific version and platform you're
using.

--
Ted Roche
Ted Roche & Associates, LLC
http://www.tedroche.com

-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: Setting up Linksys WRT54GL for Remote Server

[Jim]

Ted Roche wrote:

On Wed, Dec 17, 2008 at 3:43 PM, Jim  wrote:

  

But on the client side in NX for each user on server, how do you treat that
in NX ?



"Jim:"

You can't get the answer to a question you don't ask. The more
information you provide, the more likely you are to get the exact
information you need.

Since you're using NX and not just ssh, you may find it advantageous
to reconfigure the servers to listen on different ports (like the 8122
and 8222 I suggested before, ports above 1000 are recommended) and
then have the router pass the packets through directly on those ports.
Then, you will need to reconfigure both the NX server and the NX node
to use that port.

There are many varieties of NX, both free and commercial. I haven't
worked with it since 2006, so my advice is likely out of date. I'd
suggest you check the support forum on the NX site at nomachine.com,
for answers such as this one:
http://www.nomachine.com/ar/view.php?ar_id=AR06E00470. They have a
very good support forum and should have answers to this
frequently-asked-question for the specific version and platform you're
using.

--
Ted Roche
Ted Roche & Associates, LLC
http://www.tedroche.com

  

Well I have got it to work.

In /etc/ssh/sshd_config  I set to, Port 2995

In /usr/NX/etc  Server box 2
node.cfgThere is ONE place that has got to be changed for SSHD port 
22 to 2995
server.cfgThere is TWO places that has got to be changed for SSHD 
port 22 to 2995


Lastly, the Firewall settings in /etc/sysconfig/iptables has got to be 
changed from dport 22 to 2995.


Finally,  I'm able to connect to  TWO servers through a WRT54GL,  The  
WRT54GL will not allow you to

connect TWO boxes as Servers using 22 to 22.

Box 1 22 to 22  192.168.1.253 (static IP).
Box 2 2995 to 2995 192.168.1.254 (static IP).

Yes, I'm aware of the ramification of using port 2995.

What led me in the right direction was feedback from you guys, THANKS.

This is a example of why I love Linux, could this as easily be done in 
$Windows ??




--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines