multiple computer behind firewall

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

multiple computer behind firewall

Chris Lee-14

Am I able to setup multiple computers behind a single router for administration?  I have a Belkin N router and was not able to setup more than 1 IP address for admin.  If there is a link with the info already on there, I would really appreciate it.  Thank you!


-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://sourceforge.net/services/buy/index.php
___________________________________________________________
TightVNC mailing list, [hidden email]
To change your subscription or to UNSUBSCRIBE, please visit
https://lists.sourceforge.net/lists/listinfo/vnc-tight-list
Reply | Threaded
Open this post in threaded view
|

Re: multiple computer behind firewall

Frank Bax
Chris Lee wrote:
> Am I able to setup multiple computers behind a single router for
> administration?  I have a Belkin N router and was not able to setup more
> than 1 IP address for admin.  If there is a link with the info already
> on there, I would really appreciate it.  Thank you!


Absolutely!  Simply setup a tunnel (using ssh or something else) to a
single machine at remote site; then go through the tunnel to any ip
address on the remote network.

-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://sourceforge.net/services/buy/index.php
___________________________________________________________
TightVNC mailing list, [hidden email]
To change your subscription or to UNSUBSCRIBE, please visit
https://lists.sourceforge.net/lists/listinfo/vnc-tight-list
Reply | Threaded
Open this post in threaded view
|

Re: multiple computer behind firewall

Morgan Storey
In reply to this post by Chris Lee-14
The easiest and most secure way to do this is vpn/ssh in then tunnel through that to the computers in the lan.

On Mon, Jun 9, 2008 at 11:48 AM, Chris Lee <[hidden email]> wrote:

Am I able to setup multiple computers behind a single router for administration?  I have a Belkin N router and was not able to setup more than 1 IP address for admin.  If there is a link with the info already on there, I would really appreciate it.  Thank you!


-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://sourceforge.net/services/buy/index.php
___________________________________________________________
TightVNC mailing list, [hidden email]
To change your subscription or to UNSUBSCRIBE, please visit
https://lists.sourceforge.net/lists/listinfo/vnc-tight-list




--
Regards
Morgan Storey,A+, MCSE:Security.
Senior Network and Security Consultant.
-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://sourceforge.net/services/buy/index.php
___________________________________________________________
TightVNC mailing list, [hidden email]
To change your subscription or to UNSUBSCRIBE, please visit
https://lists.sourceforge.net/lists/listinfo/vnc-tight-list
Reply | Threaded
Open this post in threaded view
|

Re: multiple computer behind firewall

Michael D. Setzer II
In reply to this post by Chris Lee-14
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 8 Jun 2008 at 18:48, Chris Lee wrote:

>
> Am I able to setup multiple computers behind a single router for administration? I have a Belkin N
> router and was not able to setup more than 1 IP address for admin. If there is a link with the info
> already on there, I would really appreciate it. Thank you!
>
Don't know what the options are on the Belkin, but I use port mapping on the
linksys and netgear routers I have and also do it with a linux box that is in
front of my classroom with iptables.

First question, is does the router allow to specify both outside and inside
port.

If it does, you can then setup all the machines behind the router to use the
default (5900) port or whatever port you want. Then setup the portmapping.
Say you router has public ip name of xyz.dyndns.org or just an public IP.
On the router, you would then setup port 5900 on the public IP to go to port
5900 on say 192.168.1.100 at port 5900 for computer A.
On the router, then setup port 5901 on the public IP to go to port 5900 on
say 192.168.1.101 at ort 5900
and so on. You have to use a different port on the public IP for each
machine, but if the router allows for mapping to a difference internal number
that can be the same. If the router does not, you have to set the vnc server
on the inside to match with the router.
192.168.1.100 port 5900
192.168.1.101 port 5901
etc.




+----------------------------------------------------------+
  Michael D. Setzer II -  Computer Science Instructor      
  Guam Community College  Computer Center                  
  mailto:[hidden email]                            
  mailto:[hidden email]
  http://www.guam.net/home/mikes
  Guam - Where America's Day Begins                        
+----------------------------------------------------------+

http://setiathome.berkeley.edu (Original)
Number of Seti Units Returned:  19,471
Processing time:  32 years, 290 days, 12 hours, 58 minutes
(Total Hours: 287,489)

BOINC@HOME CREDITS
SETI 5,629,888.149690 | EINSTEIN 1,697,233.415700 | ROSETTA
529,338.410477


-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8 -- QDPGP 2.61c
Comment: http://community.wow.net/grt/qdpgp.html

iQA/AwUBSE28pSzGQcr/2AKZEQIbAQCgzAW7SHGoS+QRLi2KJ9xJcQiE+gEAoMlW
eF1X88fHpjPu9znAwWIjylV1
=Vbve
-----END PGP SIGNATURE-----

-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://sourceforge.net/services/buy/index.php
___________________________________________________________
TightVNC mailing list, [hidden email]
To change your subscription or to UNSUBSCRIBE, please visit
https://lists.sourceforge.net/lists/listinfo/vnc-tight-list
Ook
Reply | Threaded
Open this post in threaded view
|

Re: multiple computer behind firewall

Ook
>
> Except doing this exposes all of your computers on the internal LAN to
> the internet as a whole which is probably not the best idea in the
> world. A secure tunnel, as suggested by others, is much safer and is
> what I do. I have a FreeBSD machine at home acting as the gateway. I
> ssh to this and port forward through the ssh connection. Nice and safe.
>

So what is a good way to set this up on a simple home network? I have a
Linksys WRT54G, and  Windows server 2003 box that I run 24/7. Is it possible
to port forward from the router to an SSH server on the windows box, and
from there VNC into the rest of the computers?


-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://sourceforge.net/services/buy/index.php
___________________________________________________________
TightVNC mailing list, [hidden email]
To change your subscription or to UNSUBSCRIBE, please visit
https://lists.sourceforge.net/lists/listinfo/vnc-tight-list
Reply | Threaded
Open this post in threaded view
|

Re: multiple computer behind firewall

Frank Bax
Ook wrote:

>> Except doing this exposes all of your computers on the internal LAN to
>> the internet as a whole which is probably not the best idea in the
>> world. A secure tunnel, as suggested by others, is much safer and is
>> what I do. I have a FreeBSD machine at home acting as the gateway. I
>> ssh to this and port forward through the ssh connection. Nice and safe.
>>
>
> So what is a good way to set this up on a simple home network? I have a
> Linksys WRT54G, and  Windows server 2003 box that I run 24/7. Is it possible
> to port forward from the router to an SSH server on the windows box, and
> from there VNC into the rest of the computers?


One option is to FOSS your router.  The WRT54G can run OpenWRT which has
ssh server in it.

        http://openwrt.org/

Just download binary and then do a bios "upgrade" on your router.

This is not ideal for a business setup because you'll be using root
account on the router and because its slow; but should be ok for your
own home use.

The WRT54G does not have a fast processor (125Mhz); so remote access
will not be super fast (because ssh encryption will be run on router);
if you need more speed you'll want ssh server on another system behind
the router.

Coming from a Windows box; you can use PuTTY to setup the ssh tunnel.
I've always used OpenBSD for tunnel at remote end so I don't know what
software might exist for ssh server on windows.

-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://sourceforge.net/services/buy/index.php
___________________________________________________________
TightVNC mailing list, [hidden email]
To change your subscription or to UNSUBSCRIBE, please visit
https://lists.sourceforge.net/lists/listinfo/vnc-tight-list
Reply | Threaded
Open this post in threaded view
|

Re: multiple computer behind firewall

Michael D. Setzer II
In reply to this post by Michael D. Setzer II
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10 Jun 2008 at 11:36, R wrote:

Date sent:       Tue, 10 Jun 2008 11:36:58 +0100
From:           R <[hidden email]>
To:             "Michael D. Setzer II" <[hidden email]>
Subject:         Re: multiple computer behind firewall
Copies to:       R <[hidden email]>, vnc-tight-
[hidden email]

> On Tue, Jun 10, 2008 at 07:28:36PM +1000, Michael D. Setzer II wrote:
> [...]
> > If it does, you can then setup all the machines behind the router to use the
> > default (5900) port or whatever port you want. Then setup the portmapping.
> > Say you router has public ip name of xyz.dyndns.org or just an public IP.
> > On the router, you would then setup port 5900 on the public IP to go to port
> > 5900 on say 192.168.1.100 at port 5900 for computer A.
> > On the router, then setup port 5901 on the public IP to go to port 5900 on
> > say 192.168.1.101 at ort 5900
> > and so on. You have to use a different port on the public IP for each
> > machine, but if the router allows for mapping to a difference internal number
> > that can be the same. If the router does not, you have to set the vnc server
> > on the inside to match with the router.
> > 192.168.1.100 port 5900
> > 192.168.1.101 port 5901
> > etc.
>
> Except doing this exposes all of your computers on the internal LAN to
> the internet as a whole which is probably not the best idea in the
> world. A secure tunnel, as suggested by others, is much safer and is
> what I do. I have a FreeBSD machine at home acting as the gateway. I
> ssh to this and port forward through the ssh connection. Nice and safe.
>
It does expose that one port to the internet, so it does present some security
issues, but only if one can then break thru the vncserver. One could port
forward other ports to ssh or stunnel as I do with my server systems, and
with my mom's machine back in the states.

I know that my systems where getting a lot of hits on the standard ssh port,
so I restricted it to only local machines and the specific machines that need
access.



> R.
> --
> "I've seen things you people wouldn't believe. Attack ships on fire off
> the shoulder of Orion. I watched C-beams glitter in the dark near the
> Tanhauser gate. All those... moments will be lost... in time... like...
> tears... in rain. Time... to die." Roy Batty (Rutger Hauer) Blade Runner.
>
> -------------------------------------------------------------------------
> Check out the new SourceForge.net Marketplace.
> It's the best place to buy or sell services for
> just about anything Open Source.
> http://sourceforge.net/services/buy/index.php
> ___________________________________________________________
> TightVNC mailing list, [hidden email]
> To change your subscription or to UNSUBSCRIBE, please visit
> https://lists.sourceforge.net/lists/listinfo/vnc-tight-list


+----------------------------------------------------------+
  Michael D. Setzer II -  Computer Science Instructor      
  Guam Community College  Computer Center                  
  mailto:[hidden email]                            
  mailto:[hidden email]
  http://www.guam.net/home/mikes
  Guam - Where America's Day Begins                        
+----------------------------------------------------------+

http://setiathome.berkeley.edu (Original)
Number of Seti Units Returned:  19,471
Processing time:  32 years, 290 days, 12 hours, 58 minutes
(Total Hours: 287,489)

BOINC@HOME CREDITS
SETI 5,629,888.149690 | EINSTEIN 1,697,233.415700 | ROSETTA
529,338.410477


-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8 -- QDPGP 2.61c
Comment: http://community.wow.net/grt/qdpgp.html

iQA/AwUBSE5zwizGQcr/2AKZEQLiXACfRa+dTo9fZVWmg1apI2Zcnz0qdygAoIG1
Ju/+AbKjokKd0GSN7e/cE2zz
=qtDx
-----END PGP SIGNATURE-----

-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://sourceforge.net/services/buy/index.php
___________________________________________________________
TightVNC mailing list, [hidden email]
To change your subscription or to UNSUBSCRIBE, please visit
https://lists.sourceforge.net/lists/listinfo/vnc-tight-list
Reply | Threaded
Open this post in threaded view
|

RE: multiple computer behind firewall

Michael D. Setzer II
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 11 Jun 2008 at 1:21, Chris Lee wrote:

From:           "Chris Lee" <[hidden email]>
To:             "'Michael D. Setzer II'" <[hidden email]>
Subject:         RE: multiple computer behind firewall
Date sent:       Wed, 11 Jun 2008 01:21:39 -0700

> How do you restrict the port?  I'm running a belkin N router.  All winxp
> machines.
>
Restricting the port - at various levels.
Using the router to map a single port to a machine then only exposes that
one port to the internet versus putting the whole machine on the internet.

With Linux there is a host.deny and host.allow file  that can be used to
restrict some ports.
hosts.deny has ssh:ALL  which restricts all access to the standard port.
hosts.allow has ssh: (ip address to be allowed)
The allow overrides the deny. The access attempts still happen, but the
connections are immediately closes, no option to try passwords.
Don't know of a windows equivalent.


One can also use ssh or stunnel. Then one maps the router to another port
instead of the vnc port directly. Then the machine does a local loop from the
ssh port or stunnel port to the vnc port. You have to select the local loop
option in vnc to allow this, and can even force it to only work with local loop
connections.

http://www.stunnel.org/examples/vnc.html

Some others might have other options with ssh, but at the time I only had 98
machine and NT 2000, so the stunnel worked for my needs.

> Thank you very much for your assistance.
>
>
>
> -----Original Message-----
> From: [hidden email]
> [mailto:[hidden email]] On Behalf Of Michael
> D. Setzer II
> Sent: Tuesday, June 10, 2008 3:30 PM
> To: R; [hidden email]
> Subject: Re: multiple computer behind firewall
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 10 Jun 2008 at 11:36, R wrote:
>
> Date sent:       Tue, 10 Jun 2008 11:36:58 +0100
> From:           R <[hidden email]>
> To:             "Michael D. Setzer II" <[hidden email]>
> Subject:         Re: multiple computer behind firewall
> Copies to:       R <[hidden email]>, vnc-tight-
> [hidden email]
>
> > On Tue, Jun 10, 2008 at 07:28:36PM +1000, Michael D. Setzer II wrote:
> > [...]
> > > If it does, you can then setup all the machines behind the router to use
> the
> > > default (5900) port or whatever port you want. Then setup the
> portmapping.
> > > Say you router has public ip name of xyz.dyndns.org or just an public
> IP.
> > > On the router, you would then setup port 5900 on the public IP to go to
> port
> > > 5900 on say 192.168.1.100 at port 5900 for computer A.
> > > On the router, then setup port 5901 on the public IP to go to port 5900
> on
> > > say 192.168.1.101 at ort 5900
> > > and so on. You have to use a different port on the public IP for each
> > > machine, but if the router allows for mapping to a difference internal
> number
> > > that can be the same. If the router does not, you have to set the vnc
> server
> > > on the inside to match with the router.
> > > 192.168.1.100 port 5900
> > > 192.168.1.101 port 5901
> > > etc.
> >
> > Except doing this exposes all of your computers on the internal LAN to
> > the internet as a whole which is probably not the best idea in the
> > world. A secure tunnel, as suggested by others, is much safer and is
> > what I do. I have a FreeBSD machine at home acting as the gateway. I
> > ssh to this and port forward through the ssh connection. Nice and safe.
> >
> It does expose that one port to the internet, so it does present some
> security
> issues, but only if one can then break thru the vncserver. One could port
> forward other ports to ssh or stunnel as I do with my server systems, and
> with my mom's machine back in the states.
>
> I know that my systems where getting a lot of hits on the standard ssh port,
>
> so I restricted it to only local machines and the specific machines that
> need
> access.
>
>
>
> > R.
> > --
> > "I've seen things you people wouldn't believe. Attack ships on fire off
> > the shoulder of Orion. I watched C-beams glitter in the dark near the
> > Tanhauser gate. All those... moments will be lost... in time... like...
> > tears... in rain. Time... to die." Roy Batty (Rutger Hauer) Blade Runner.
> >
> > -------------------------------------------------------------------------
> > Check out the new SourceForge.net Marketplace.
> > It's the best place to buy or sell services for
> > just about anything Open Source.
> > http://sourceforge.net/services/buy/index.php
> > ___________________________________________________________
> > TightVNC mailing list, [hidden email]
> > To change your subscription or to UNSUBSCRIBE, please visit
> > https://lists.sourceforge.net/lists/listinfo/vnc-tight-list
>
>
> +----------------------------------------------------------+
>   Michael D. Setzer II -  Computer Science Instructor      
>   Guam Community College  Computer Center                  
>   mailto:[hidden email]                            
>   mailto:[hidden email]
>   http://www.guam.net/home/mikes
>   Guam - Where America's Day Begins                        
> +----------------------------------------------------------+
>
> http://setiathome.berkeley.edu (Original)
> Number of Seti Units Returned:  19,471
> Processing time:  32 years, 290 days, 12 hours, 58 minutes
> (Total Hours: 287,489)
>
> BOINC@HOME CREDITS
> SETI 5,629,888.149690 | EINSTEIN 1,697,233.415700 | ROSETTA
> 529,338.410477
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 6.5.8 -- QDPGP 2.61c
> Comment: http://community.wow.net/grt/qdpgp.html
>
> iQA/AwUBSE5zwizGQcr/2AKZEQLiXACfRa+dTo9fZVWmg1apI2Zcnz0qdygAoIG1
> Ju/+AbKjokKd0GSN7e/cE2zz
> =qtDx
> -----END PGP SIGNATURE-----
>
> -------------------------------------------------------------------------
> Check out the new SourceForge.net Marketplace.
> It's the best place to buy or sell services for
> just about anything Open Source.
> http://sourceforge.net/services/buy/index.php
> ___________________________________________________________
> TightVNC mailing list, [hidden email]
> To change your subscription or to UNSUBSCRIBE, please visit
> https://lists.sourceforge.net/lists/listinfo/vnc-tight-list
> No virus found in this incoming message.
> Checked by AVG.
> Version: 8.0.100 / Virus Database: 270.2.0/1495 - Release Date: 06/10/2008
> 5:11 PM
>


+----------------------------------------------------------+
  Michael D. Setzer II -  Computer Science Instructor      
  Guam Community College  Computer Center                  
  mailto:[hidden email]                            
  mailto:[hidden email]
  http://www.guam.net/home/mikes
  Guam - Where America's Day Begins                        
+----------------------------------------------------------+

http://setiathome.berkeley.edu (Original)
Number of Seti Units Returned:  19,471
Processing time:  32 years, 290 days, 12 hours, 58 minutes
(Total Hours: 287,489)

BOINC@HOME CREDITS
SETI 5,629,888.149690 | EINSTEIN 1,697,233.415700 | ROSETTA
529,338.410477


-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8 -- QDPGP 2.61c
Comment: http://community.wow.net/grt/qdpgp.html

iQA/AwUBSE8WiSzGQcr/2AKZEQKHLQCg4OV0basxNw8nXBRvWC9M/lkkSBAAnAtZ
29zX9SQS8Mc5NBixxKPksBmX
=m2S1
-----END PGP SIGNATURE-----

-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://sourceforge.net/services/buy/index.php
___________________________________________________________
TightVNC mailing list, [hidden email]
To change your subscription or to UNSUBSCRIBE, please visit
https://lists.sourceforge.net/lists/listinfo/vnc-tight-list