Port Forwarding

Rick Stevens rstevens at vitalstream.com
Mon Nov 1 22:09:28 UTC 2004 

brad.mugleston at comcast.net wrote:
> Gentlemen,
> 
> I read the page on SSH (http://rhil.net/docs/ssh_setup.html) and 
> want to clarify some things
> 
> I have three IP's I'm using/seeing
> 
> the IP of the Modem (24.X.X.X)
> the IP of the Linksys switch (196.X.X.X)
> the IP of the computer (196.X.X.X)

Uh, you mean the Linksys and computer are on 192.168.x.x.  Odds are
the Linksys is 192.168.1.1 and your computer is something like
192.168.1.10.  It's OK to publish the 192.168 addresses, Brad, as they
ain't routable.

> I'm thinking the command my son is to use for SSH is "ssh 
> 24.X.X.X"

Yup.

> I need to forward TCP Port 22 on the switch to the IP of the 
> computer.

Yup.  Let's say that the computer is 192.168.1.10 and the switch/router
is 192.168.1.1.  You want to get onto the router and tell it that
"WAN (public) access to port 22 is to be forwarded to port 22 on
192.168.1.10".  This is also why you want to set up your local machine
to have a fixed address and not get one via DHCP--if your machine gets
a different IP, the forwarding won't work.

> I'm guessing his signal will come to the Modem which will forward 
> everything to the Linksys switch.  The switch will see something 
> coming in on Port 22 and forward it to the computer also running 
> SSH (or PUTTY) which will handle the login and then do nothing.

Yes.  Actually, the router will NAT incoming port 22 traffic, changing
the destination IP to 192.168.1.10.  Conversely, the source IP of
outgoing traffic from 192.168.1.10 will be NATted to 24.x.x.x.

> Then he runs RealVNC to see the remote  screen on his local 
> computer and he can do as he wants from there.

You got it.

> I suspect some of the things he will want to do are:
> 
> check remote  email
> pull up old reports he written for other classes (this remote 
> machine was his school computer prior to his new notebook this 
> year)
> Print these reports  - will he be able to print locally or only 
> remote at my house?

Everything he does on the desktop will be actually performed at your
house--all he has is a remote display.

> Down load files from home to school.
> 
> Based on the VPN conncetion I have from home to work I don't 
> think he will be able to do the last two (at least I can't with 
> my work computer).

Well, he'll be able to download using sftp.  Remember, the RealVNC just
makes the desktop appear on his local machine.  Any file activitity
actually occurs on your machine at home.  If he wants to move files from
your place to his, he needs to run sftp.
----------------------------------------------------------------------
- Rick Stevens, Senior Systems Engineer     rstevens at vitalstream.com -
- VitalStream, Inc.                       http://www.vitalstream.com -
-                                                                    -
-   "I was remembering the immortal words of Socrates when he said,  -
-   'I drank what?'"                 -- Val Kilmer in "Real Genius"  -
----------------------------------------------------------------------

More information about the Redhat-install-list mailing list