mike8706
12-15-2002, 11:10 PM
How would I access more than one machine on my network through the internet (one IP address). Is it possible with IP Masquerading?
Click to See Complete Forum and Search --> : Multiple Machines on one IP?
Fryguy8
12-15-2002, 11:23 PM
Yes Masquerading works, or just buying a router works too (and is much easier :)
yinrunning
12-15-2002, 11:47 PM
Actually, you probably have to be more specific. If you want to have, say, a webserver running from your bedroom that I or any other joe could access from anywhere, then the first two questions are:
1) How many machines do you have and are they already on an internal LAN? If so, what kind of hardware/OS's are you running?
2) What kind of IP address did your ISP give you? Dynamic or Static? With Static, yes, it's generally a piece of cake. With Dynamic, as far as I know you generally need some kind of a "heartbeat" program running from an external set of name-servers (this service is provided free by at least one site still, I can't remember the name right now. deerfield.com offers it for a fee.) so that your network is addressable from any external networks. Then you need some form of DNS (usually BIND and named under Linux/Unix) and a really good firewall/security setup (there's lots of books/docs out there on this)... and probably a couple other things that I'm not thinking of right now off the top of my head. If all this sounds like Greek to you, plan to do a WHOLE lot of reading before you're up and running.
So, with all that in mind, what's your question again? :)
1) How many machines do you have and are they already on an internal LAN? If so, what kind of hardware/OS's are you running?
2) What kind of IP address did your ISP give you? Dynamic or Static? With Static, yes, it's generally a piece of cake. With Dynamic, as far as I know you generally need some kind of a "heartbeat" program running from an external set of name-servers (this service is provided free by at least one site still, I can't remember the name right now. deerfield.com offers it for a fee.) so that your network is addressable from any external networks. Then you need some form of DNS (usually BIND and named under Linux/Unix) and a really good firewall/security setup (there's lots of books/docs out there on this)... and probably a couple other things that I'm not thinking of right now off the top of my head. If all this sounds like Greek to you, plan to do a WHOLE lot of reading before you're up and running.
So, with all that in mind, what's your question again? :)
yinrunning
12-15-2002, 11:49 PM
P.S. -
"With Static, yes, it's generally a piece of cake."
Thnking about that:
Take out the parts in the Dynamic IP stuff about a heartbeat program. You still have to do everything else. But Static is easier than Dynamic.
"With Static, yes, it's generally a piece of cake."
Thnking about that:
Take out the parts in the Dynamic IP stuff about a heartbeat program. You still have to do everything else. But Static is easier than Dynamic.
mike8706
12-15-2002, 11:51 PM
I want to access multiple machines on one home network through a gateway with one IP given by the ISP.
mike8706
12-15-2002, 11:52 PM
Its static.....linux.chipshot.net...lol
yinrunning
12-16-2002, 04:57 PM
"I want to access multiple machines on one home network through a gateway with one IP given by the ISP."
That like saying like "I want to drive cars." Do you have a car? Do you know how to drive? etc.
Do you just want to set up an internal network, or do you want to be able to access one or more computers from outside your site? Please be specific.
That like saying like "I want to drive cars." Do you have a car? Do you know how to drive? etc.
Do you just want to set up an internal network, or do you want to be able to access one or more computers from outside your site? Please be specific.
groundzero
12-16-2002, 05:20 PM
Yea I couldnt reply either, conused as to the goal. Helps us help you brotha.
mike8706
12-16-2002, 11:23 PM
I want to be able to access one or more computers from outside my site.
sharth
12-16-2002, 11:33 PM
Easiest Solution. Buy a router.
saithan
12-16-2002, 11:46 PM
sharth has the most practicle solution
"buy a router".
it is easy, takes less that 15 min to be up and running.
next forward the ports using the routers config
to the machine that you desire to run a particular sevice on that port.
for arguments sake:
pretend setup::
wan address: 111.111.111.111 (given by isp)
inside lan:
192.168.0.1 (gateway/router)
192.168.0.2 (webserver)
192.168.0.3 (audio streamer)
192.168.0.4 (anon FTP server)
you will then forward ports as such:
port 80 to 192.168.0.2 (or whatever port you are using)
port 8000 to 192.168.0.3 ( "" )
port 21 to 192.168.1.4 ( "" )
now if someone outside the lan opens their browser and types:
http://111.111.111.111
they will reach your webserver.
ect you get the picture.
if you like to tinker with linux :)
then use masq and routing tables ect. but not wise for noobs (for security reasons).
"buy a router".
it is easy, takes less that 15 min to be up and running.
next forward the ports using the routers config
to the machine that you desire to run a particular sevice on that port.
for arguments sake:
pretend setup::
wan address: 111.111.111.111 (given by isp)
inside lan:
192.168.0.1 (gateway/router)
192.168.0.2 (webserver)
192.168.0.3 (audio streamer)
192.168.0.4 (anon FTP server)
you will then forward ports as such:
port 80 to 192.168.0.2 (or whatever port you are using)
port 8000 to 192.168.0.3 ( "" )
port 21 to 192.168.1.4 ( "" )
now if someone outside the lan opens their browser and types:
http://111.111.111.111
they will reach your webserver.
ect you get the picture.
if you like to tinker with linux :)
then use masq and routing tables ect. but not wise for noobs (for security reasons).
mike8706
12-17-2002, 12:08 AM
I have a modem connection, Would a router handle that?
yinrunning
12-17-2002, 12:18 AM
Not any router that I've seen. Not if you have a phone line plugged from the wall to your box. Routers are generally for Ethernet situations. you can set up a linux box to be a router, but that doesn't sound like what you want.
How many systems do you have? (physical boxes.) If you only have one, then you need something software-driven. btw - what services do you want to access from outside your local system? http? ssh? ftp?
btw - could you please type more information that one sentence, so we all have a little more to go on to try to help you? Feels like everyone's just kind of taking pot-shots. Myself included.
For instance:
-we don't know what your hardware setup is other than that you have a modem and a static IP
-we don't know what distro & version you're running.
-and, like I said, we don't know what specific services you're wanting to access.
How many systems do you have? (physical boxes.) If you only have one, then you need something software-driven. btw - what services do you want to access from outside your local system? http? ssh? ftp?
btw - could you please type more information that one sentence, so we all have a little more to go on to try to help you? Feels like everyone's just kind of taking pot-shots. Myself included.
For instance:
-we don't know what your hardware setup is other than that you have a modem and a static IP
-we don't know what distro & version you're running.
-and, like I said, we don't know what specific services you're wanting to access.
mike8706
12-17-2002, 11:33 AM
Gateway - Linux box (1)
Client boxes - Linux(1), Windows(4), FreeBSD(1) boxes
Look at the diagram.
Client boxes - Linux(1), Windows(4), FreeBSD(1) boxes
Look at the diagram.
yinrunning
12-18-2002, 09:11 PM
Well, that makes things easier.
Yes, IP Masquerading on the gateway will work. What does your /etc/host.conf file look like?
Yes, IP Masquerading on the gateway will work. What does your /etc/host.conf file look like?
mike8706
12-18-2002, 11:27 PM
Here is the host.conf file:
order hosts,bind
multi on
I want to access the services on the machines on the internal network from the internet.
order hosts,bind
multi on
I want to access the services on the machines on the internal network from the internet.
yinrunning
12-18-2002, 11:36 PM
Do you have DNS running? (I'm in a hurry, sorry. taking it one question at a time.)
mike8706
12-19-2002, 09:21 AM
No, I thought about that.
yinrunning
12-20-2002, 04:02 PM
run
$ service named status
I think, if I remember correctly, that you should get some error about connetion refused, which means it's not running. In that case, the "bind" part of "order hosts, bind" doesn't do you much good, since there's no bind (e.g. DNS) running. I'd do some reading about DNS, and see how the name servers of your ISP are addressed from your gateway. They might not be at all, I don't really know how it works with your setup. My connection pulls a Dynamic IP and uses dhcp, so my router doesn't really care what the nameservers are.
If you want to address from outside your site, though, you probably need to grab a domain and set up Authoritative Nameservers within your site. Couple of Linux/Unix boxes running Bind in the background should do it. Unfortunately, I can't help you much on this. I haven't done any of this myself, I'm just trying to point you in what I hope is the right direction. You probably need Bind, IP Masquerading, and maybe something else. All the programs are pretty easy to run, it's figuring out what needs to happen in general that's probably the tough part.
Sorry I'm not much help!!! :(
$ service named status
I think, if I remember correctly, that you should get some error about connetion refused, which means it's not running. In that case, the "bind" part of "order hosts, bind" doesn't do you much good, since there's no bind (e.g. DNS) running. I'd do some reading about DNS, and see how the name servers of your ISP are addressed from your gateway. They might not be at all, I don't really know how it works with your setup. My connection pulls a Dynamic IP and uses dhcp, so my router doesn't really care what the nameservers are.
If you want to address from outside your site, though, you probably need to grab a domain and set up Authoritative Nameservers within your site. Couple of Linux/Unix boxes running Bind in the background should do it. Unfortunately, I can't help you much on this. I haven't done any of this myself, I'm just trying to point you in what I hope is the right direction. You probably need Bind, IP Masquerading, and maybe something else. All the programs are pretty easy to run, it's figuring out what needs to happen in general that's probably the tough part.
Sorry I'm not much help!!! :(
yinrunning
12-20-2002, 04:04 PM
P.S. - the important thing is to have a reliable way to resolve your main IP address from anywhere on the Internet. Whatever it takes to do that in your given configuration is what you want.
yinrunning
12-20-2002, 04:04 PM
After that, port mapping/masquerading is easy.
Ddruid
12-21-2002, 07:02 PM
There is no reason for you to run a DNS server, use the ISP's DNS servers they will have a much larger cache and will result in quicker responses. As others have said read up on IP Masq.
yinrunning: The file you are refering to 'host.conf' is part of the resolver library, the 'bind' directive causes it to look at the servers listed in resolve.conf and refer to the DNS servers listed there, you do not have to run a dns server for it to work, just have a valid server listed.
yinrunning: The file you are refering to 'host.conf' is part of the resolver library, the 'bind' directive causes it to look at the servers listed in resolve.conf and refer to the DNS servers listed there, you do not have to run a dns server for it to work, just have a valid server listed.
mike8706
12-21-2002, 08:35 PM
How would they access the computers on my internal network?
Ddruid
12-22-2002, 01:05 AM
First, check with your service provider, they may not allow any form of server on their network. I do not allow servers to be ran by any of my customers without prior approval, and I randomly check for server activity along with firewalling most common server ports.
In order for someone to access a server that is ran on your internal lan you will need to setup port forwarding in your firewall script to pass the packets to the appropriate IP and port.
In order for someone to access a server that is ran on your internal lan you will need to setup port forwarding in your firewall script to pass the packets to the appropriate IP and port.
justlinux.com
Copyright Internet.com Inc. All Rights Reserved.
Copyright Internet.com Inc. All Rights Reserved.