DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD General

OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 15th May 2008
jwhal jwhal is offline
Port Guard
 
Join Date: May 2008
Posts: 20
Default ssh/external access

Hi there. I have another question. I'm trying to set up access to my obsd 4.3 box from outside of my router. The ISP I'm with provided me with a Seimens something-or-other 6520 router. I have my obsd box set with an internal ip addy. The router supports dyndns. I have an active account with dyndns. I'm using another computer to ssh into my bsd box internally, and that works fine. But if I try to putty my dyndns url, it doesn't work. If I open a browser from my laptop and use that url it brings me to the router web-interface (config page). I have set the router to forward port 22 to my bsd box's ip, but it doesn't seem to work. Not sure if I set up everything correctly or if the router is just a piece of crap. Don't have the $$$ to buy a new router; not really worried about this, but wouldn't mind being able to ssh to my box from work (when I'm bored and assuming IS doesn't mind). Any thoughts? There aren't too many other options I can play with on the router...

jwhal
Reply With Quote
  #2   (View Single Post)  
Old 15th May 2008
PhotoJim PhotoJim is offline
Real Name: Jim M.
New User
 
Join Date: May 2008
Location: Regina, SK, CA
Posts: 7
Default

Pay for a fixed IP?
Reply With Quote
  #3   (View Single Post)  
Old 15th May 2008
18Googol2's Avatar
18Googol2 18Googol2 is offline
Real Name: whoami
Spam Deminer
 
Join Date: Apr 2008
Location: pwd
Posts: 283
Default

Are you allowed to ssh outside at that place:

Quote:
But if I try to putty my dyndns url, it doesn't work
Some place likes school or work, only web access is allowed.

At home, test if ssh port has been forwarded successfully:

http://canyouseeme.org

Does it yeild a "success" message?

If not, you need to do port forward again, to config your own router properly, check out this site:

http://www.portforward.com/english/r...outerindex.htm
__________________
The power of plain text? It can control an entire OS
Reply With Quote
  #4   (View Single Post)  
Old 15th May 2008
jwhal jwhal is offline
Port Guard
 
Join Date: May 2008
Posts: 20
Default

Quote:
Pay for a fixed IP?


@18Googol2

Haven't tried ssh from work yet; just from home (on a laptop). Can ssh fine internal to the network, but can't do anything using the external settings. I have tried the url from work (no success).

canyouseeme.org is a success.

Checked the portforwarding; all is configured correctly.

I can ping the external ip fine.
I can ping the dyndns url and it returns fine (with the external ip).

Crappy router?

jwhal
Reply With Quote
  #5   (View Single Post)  
Old 15th May 2008
18Googol2's Avatar
18Googol2 18Googol2 is offline
Real Name: whoami
Spam Deminer
 
Join Date: Apr 2008
Location: pwd
Posts: 283
Default

Everything sounds promising.

How did you connect at work, and what was the error message?
__________________
The power of plain text? It can control an entire OS
Reply With Quote
  #6   (View Single Post)  
Old 15th May 2008
s2scott's Avatar
s2scott s2scott is offline
Package Pilot
 
Join Date: May 2008
Location: Toronto, Ontario Canada
Posts: 198
Default

If you do a reverse IP lookup on your dynamic IP, you'll probably see that you have a DNS string. For most, but not all ISPs, this DNS string is invariant and, more importantly, will always resolve to your then assigned IP address.

In my case, my dns string is
Code:
CPE<pc's_mac_address>-CM<modem's_mac_address>.isp.domain.com.
(e.g. CPE00099a711234-CM00099b117c43. ... .com)
Therefore, I can always hit my box via ssh by using

Code:
# ssh s2scott@CPE00099a711234-CM00099b117c43.myisp.com:22
Try finding out your ISP's dns string

http://www.whatsmyip.org has some useful reverse lookups.

/S
__________________
Never argue with an idiot. They will bring you down to their level and beat you with experience.
Reply With Quote
  #7   (View Single Post)  
Old 15th May 2008
PhotoJim PhotoJim is offline
Real Name: Jim M.
New User
 
Join Date: May 2008
Location: Regina, SK, CA
Posts: 7
Default

The problem here is that you have a dynamic IP, really. Your dyndns.org name is not resolving properly for some reason. Dynamic IPs are designed to thwart this sort of thing. dyndns is a kludge to get around it.

If your ISP offers static IPs, it will make your life a lot easier. Then you will have a fixed IP that you can either SSH to by IP, or you can set up your own name server (I use bind9) and purchase a domain name so that you can attach names to your own machines.

My ISP provides two static IPs at no charge. Additional static IPs up to four total are $9.95 per month. One static IP will probably do the trick because you can ssh into one box on your lan, and then ssh to other machines from there, or do port forwarding tricks to use the same IP but different ports for each machine. (This only matters if you intend to have more than one machine accessible to the world.)
Reply With Quote
  #8   (View Single Post)  
Old 17th May 2008
jwhal jwhal is offline
Port Guard
 
Join Date: May 2008
Posts: 20
Default

Work has that port blocked. ISP does not offer static IP's (not for residential use at least). Not that *important*, just that if the ability was there I'd take advantage. It's not, so case closed. Thanks for all the help though!

jwhal
Reply With Quote
  #9   (View Single Post)  
Old 17th May 2008
18Googol2's Avatar
18Googol2 18Googol2 is offline
Real Name: whoami
Spam Deminer
 
Join Date: Apr 2008
Location: pwd
Posts: 283
Default

Well, its not impossible if you really wanna access your box at home.

At my school, all external access is blocked (they block protocol, not port) except web traffic, but Im still able to ssh home comfortably.

Check out Ajaxterm, phpterm and http tunnel if you are still interested.
__________________
The power of plain text? It can control an entire OS
Reply With Quote
Old 21st May 2008
ai-danno's Avatar
ai-danno ai-danno is offline
Spam Deminer
 
Join Date: May 2008
Location: Boca Raton, Florida
Posts: 284
Default

Quote:
Originally Posted by jwhal View Post
Work has that port blocked. ISP does not offer static IP's (not for residential use at least). Not that *important*, just that if the ability was there I'd take advantage. It's not, so case closed. Thanks for all the help though!

jwhal
Well, actually, not "case closed" necessarily. SSH runs on port 22 as a matter of standard, but your implementation doesn't have to. You can set ssh to respond on any port you like. Of course, in your case you'd have to confine it to those ports your workplace allows outbound traffic on... and that their sensors and admins wouldn't see as suspicious. Then don't forget to configure your router to do a redirect on the new port you are choosing for SSH traffic.

The other thing is that you mentioned that you don't get a proper redirect from your laptop on your LAN to the port 22 of your OBSD box... being that you are on the LAN side of your router, this may not be surprising. It may just be the case that your router does those redirects for inbound packets hitting it's WAN interface, and not redirecting for packets incoming on the LAN interface (because philosophically speaking, why would it need to? It seems useless to do a redirect on the router from one LAN host to another LAN host.)

A way to try this is to redirect port 80 in your router to your OBSD box. Then fire up httpd (you don't need a config, it should just come up with the default page.) Then go to a proxy service (a reputable one) like Megaproxy.com (and "try their service for free".) Put in the dyndns url address... and you should see the standard welcome page for Apache on OBSD. If not, then yes, you have something screwed up in your router config, but I doubt it's the case that your router is crappy (well, it's crappy but not that crappy lol.)

Good luck.
__________________
Network Firefighter

Last edited by ai-danno; 21st May 2008 at 01:04 AM. Reason: when I get excited about an answer my grammar goes to crap lol
Reply With Quote
Old 21st May 2008
windependence's Avatar
windependence windependence is offline
Real Name: Tim
Shell Scout
 
Join Date: May 2008
Location: Phoenix, Arizona
Posts: 116
Default

The problem is he will never be able to test this from inside his LAN. If you notice he says he hasn't tested it from the outside and I think it will work just fine. the reason he gets his router page from the inside is because the router won't route traffic out and then back in by default. from inside the LAN, he would have to put entries in the hosts file of his client machine to get to the server through DNS. Even then, he would need to get outside his network to really test this. If his URL is pointing to his router, and port 22 is forwarded back to his server, and port 22 is reachable from the outside (as confirmed by canyouseeme, then he should be able to reach the box from the OUTSIDE of his network using the DNS name but NOT from the inside unless he puts an entry into his hosts file for the server's IP address. He would still be able to acces it from the inside with the internal IP though.

-Tim
__________________
www.windependence.org
Get your Windependence today!
Reply With Quote
Old 21st May 2008
ai-danno's Avatar
ai-danno ai-danno is offline
Spam Deminer
 
Join Date: May 2008
Location: Boca Raton, Florida
Posts: 284
Default

You and I have now said the same thing lol but at least that confirms someone else is thinking along the same lines
__________________
Network Firefighter
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
mounting external XFS HDD rativid OpenBSD General 5 3rd September 2010 02:31 PM
PF NAT and 2 external nic´s Calderon FreeBSD Security 20 9th September 2009 12:46 PM
External Ips zomo OpenBSD General 12 20th November 2008 09:47 AM
Router for external IP's bichumo General software and network 11 22nd July 2008 03:07 AM
2 external NIC + 1 internal NIC AlexV FreeBSD General 7 4th June 2008 08:18 AM


All times are GMT. The time now is 05:44 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick