[ILUG] external SSH to a system behind a NAT router

Darragh Bailey felix at compsoc.nuigalway.ie
Fri Mar 6 14:33:38 GMT 2009 

I recently (last night) finally got my wireless setup at home laid out
exactly as I wanted. I won't say configured since it turned out that I
missed a setting somewhere and as a result the computer came up this
morning without being able to find a DNS server.

Not a problem, you say, well unfortunately I was in work when this
happened and it was my g'f that encountered the problem. Also
unfortunately that while she's quite happy using Gentoo Linux on my
desktop, she's not interested in knowing how this stuff works, so it's
pretty much impossible to talk her through fixing such a problem via
phone. :/

Anyway, it's reminded me of something that I think I should really setup
at home, that is remote external SSH access through the wireless network
to my desktop. So that I can quickly ssh in and fix up any problems that
she encounters in the future when I'm not at home.


Current Layout

cable   /----\  Wireless   /----\ ethernet /----------\
--------| A  |- - - - - - -| B  |----------| Desktop  |
        \----/             \----/          \----------/

A = Netgear wireless router setup as AP (using default firmware)
B = LinkSys wireless router setup as client (using dd-wrt)

Previously Setup
A IP = 192.168.1.1
B IP = 192.168.1.2
Desktop IP = 192.168.1.3 (reserved via dhcp)

DHCP address were only handed out by box A.

New config
A IP = 192.168.1.1
B IP = 192.168.2.1
Desktop IP = 192.168.2.44
Where anything connected to Box B gets an ip address assigned by B and
anything connected directly to Box A gets an ip address assigned by A.

I didn't confirm, but given the setup I used the wireless port on Box B
should get an ip address from Box A in the range of 192.168.1.[10-50]


So the only solution I can think of working in this case, is to reserve
ip's based on mac address and setup port forwarding based on those ip's.
Any alternative ideas? or is this pretty much the only way it can work?

Aside from making sure that sshd on the desktop is securely setup I
should then be done, correct?

-- 
Darragh

"Nothing is foolproof to a sufficiently talented fool."

More information about the ILUG mailing list