| View previous topic :: View next topic |
| Author |
Message |
rubidium
n00b
Joined: 01 Dec 2003
Posts: 4
|
 Posted: Mon Dec 01, 2003 5:32 pm Post subject: sshd + ddclient + home network |
 |
|
I'm really confused about ddclient.conf and networking in general. What I would like is an overview explanation rather than conf file details. I did spend a lot of time reading documentation and forums, and perhaps if I permute through all the little different conf file suggestions on the forums I will find something that works but I really want to get a basic understanding what I am supposed to do rather than just randomly tweak stuff until it works. Also, if this post gets an answer that works, it will help other people that have a similar set-up (a very common one I think).
So here goes...
I have a home network. My internet connection is via a linksys wireless access point (BEFW11S4). The access point is connected to a dsl modem and is configured to be a firewall and to give out DHCP addresses to the machines in my home network. I guess most things are working: I can surf the web from all my computers, ping other machines, etc. The access point itself receives its dhcp address from verizon which may vary on a daily basis.
The problem is that I want to be able to SSH into my gentoo machine from a remote location.
Here is what I did....
1) I set up openssh. I can ssh to my gentoo machine from the other local machines using the ip provided by the access point. I assume this means that sshd is working and properly configured.
2) I got an ip at dyndns.org: whatever.homeip.net (not actual address)
3) I set up ddclient (carefully piecing together scraps of info from forums and websites) :
emerge ddclient
edited /etc/ddclient/ddclient.conf with my info (*)
edited /etc/init.d/ddclient (**)
rc-update add ddclient default
4) When I ping "whatever.homeip.net" from my local network, I get a response. When I ping it from a remote location I get a timeout. It looks like dyndns.org is supplying the local ip address for whatever.homeip.net. I can also use whatever.homeip.net when I ssh locally and get to my gentoo machine.
So here is where I am confused... what ip address should ddclient get? It looks (from ddclient.conf) that there are several ways to "get" the ip address. And, there are three addresses involved here....
1) whatever.homeip.net --- I want my gentoo machine to appear as though it is at this address on the internet.
2) 220.112.22.23 -- the dhcp address that was given to my linksys access point by verizon.
3) 192.168.1.101 -- the dhcp address that was given to my gentoo machine by the linksys access point. I get this address if I do a "ifconfig"
It looks like a lot of the postings on the forum are assuming that the ipaddress that you get when you do ifconfig is the ipaddress that your computer appears at on the internet.
So, if I set up ddclient such that it gets the ipaddress this way, then ssh works as long as I do it from my local network. If I try ssh remotely, then it fails to connect because 192.168.1.101 means nothing on the internet, right?
If I set up ddclient such that it gets the ip address of the linksys, then I get a real internet ip address (which I can ping). But then ssh does not work. I guess this is because _all_ my machines appear at that ip address on the internet so there is no way to know which one ssh is supposed to connect to, right?
Is there something else on the access point that I am supposed to configure?
Below are my /etc/ddclient/ddclient.conf and /etc/init.d/ddclient files (annotated with my comments):
(*) /etc/ddclient/ddclient.conf
*************************************************
| Quote: |
daemon=600
syslog=yes
mail="myemail@company.com"
pid=/var/run/ddclient.pid
# I have a linksys fw, is this for me? I uncommented it.
use=linksys, fw=192.168.1.1:80 # via Linksys's internet FW
fw-login=my_linksys_userid, fw-password=my_linksys_passwd # FW login and password
# here is a confusing bit....
# There are two different things called "IP address" on the status page,
# don't know which to use. Leaving this commented.
#
## To obtain an IP address from FW status page (using fw-login, fw-password)
#use=fw, fw=192.168.1.1/Status.htm, fw-skip='IP Address' # found after IP Address
# I guess this is another way to do it, but it returns the ip address that verzion gives to my linksys.
# I am leaving this commented.
## To obtain an IP address from Web status page (using the proxy if defined)
#use=web, web=checkip.dyndns.org/, web-skip='IP Address' # found after IP Address
#
# not sure what this stuff is. Is it related to the above?
# I uncommented the second line-- it seems to return the ipaddress
# from ifconfig.
#use=ip, ip=127.0.0.1 # via static IP's
use=if, if=eth0 # via interfaces
#use=web # via web
#
# I guessed thw following for the rest....
protocol=dyndns2 # default protocol
login=my_dyndns_id # default login
password=my_dyndns_passwd # default password
wildcard=yes # add wildcard CNAME?
## dyndns.org dynamic addresses
##
server=members.dyndns.org, \
protocol=dyndns2 \
whatever.homeip.net
|
*************************************************
(*) /etc/init.d/ddclient
*************************************************
| Quote: |
depend() {
need net
# forums said the following was needed (don't know why)
# everything else is the default.
need net.eth0
}
checkconfig() {
if [ ! -e /etc/ddclient/ddclient.conf ] ; then
eerror "You need a /etc/ddclient/ddclient.conf file to run ddclient"
eerror "There is a sample file in /etc/ddclient/"
return 1
fi
}
start() {
checkconfig || return 1
ebegin "Starting DDClient"
start-stop-daemon --start --quiet --exec /usr/sbin/ddclient
eend $?
}
stop() {
ebegin "Stopping DDClient"
start-stop-daemon --stop --quiet --pidfile /var/run/ddclient.pid
eend $?
}
|
************************************************* |
|
| Back to top |
|
 |
bmichaelsen
Veteran
Joined: 17 Nov 2002
Posts: 1277
Location: Hamburg, Germany
|
| Posted: Mon Dec 01, 2003 11:38 pm Post subject: |
|
|
| Quote: | If I set up ddclient such that it gets the ip address of the linksys, then I get a real internet ip address (which I can ping). But then ssh does not work. I guess this is because _all_ my machines appear at that ip address on the internet so there is no way to know which one ssh is supposed to connect to, right?
Is there something else on the access point that I am supposed to configure? |
You are basically right up to here, but you need to configure your router to forward port 22 (this may be easier with a fixed IP for your machine).
So ddclient should provide 220.112.22.23 as IP.
Basically the following should happen when you type "ssh whatever.dyndns.org"
- DNS resolves to the IP of your router (on the verizon line)
- your router forwards the request on the ssh port to your computer.
- Your computer sends back an answer to the originating IP (it doesnt *see* the router)
- Ther router rewrites the package to let it look like one of its own
The thing the router needs to do is called NAT in IP-Tables terms but is often called "Virtual host" in router frontends.
If your router is linux/iptables-baed this might help. |
|
| Back to top |
|
|
rubidium
n00b
Joined: 01 Dec 2003
Posts: 4
|
| Posted: Thu Dec 04, 2003 8:49 pm Post subject: |
|
|
| Quote: | ...
The thing the router needs to do is called NAT in IP-Tables terms but is often called "Virtual host" in router frontends.
If your router is linux/iptables-baed this might help. |
Thank you!
The problem was that I did not know that I had to configure the router (linksys access point) to divert traffic from port 22 to the IP address of my gentoo machine.
I can now ssh into it from outside the network. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
