[CentOS] Multiple FreeNX servers and SSH ports
lesmikesell at gmail.com
Sun Mar 21 18:07:13 UTC 2010
Niki Kovacs wrote:
> Les Mikesell a écrit :
>> You don't really need to change the ports on the hosts. Just configure the
>> router to accept different ports on the internet side and redirect to port 22 at
>> the different IP addresses on the inside. Then you only have to change the
>> client settings for access from outside. I'd move both of them away from port
>> 22 on the outside, though - you'll avoid a lot of password guessing attempts
>> that will happen otherwise.
> Sorry, but I don't quite follow you. (One of these cases where I feel my
> IQ is just a bit insufficient :oD)
> How can I possibly access two distinct machines behind one single IP
> address when they run SSH on the same port ?
The router configuration for port forwarding should let you specify the port to
accept on (where each does have to be different because of the single IP) and
then the IP and port for redirection. Since the inside targets have different
IPs, it doesn't matter that they have the same port. At least most routers work
this way - you can redirect to a different port on the inside but they may have
a different config section for 'custom' forwarding and a simplified one that
just sends a service port to the same port on one inside target.
> Or, I'll reformulate my question more simply.
> I have a router with *one* public IP address (220.127.116.11). And
> behind that router, on the local network, I have two different machines:
> 192.168.1.2 and 192.168.1.3.
> Is there a (normal, orthodox) way to SSH into these machines directly
> from the outside? That is, without logging into the main box and then
> hopping around internally? Something where in one case, ssh
> 18.104.22.168 -option gets me into machine A, and then ssh
> 22.214.171.124 -otheroption gets me into machine B.
Yes, just pick different port numbers for the router to redirect to port 22 at
each internal IP. Then everything works normally internally and externally you
use 'ssh -p nnn public_address' where your port number will be the one
redirected to the internal machine you want (and the NX client also has a place
in the config screen to set the port number).
Another option if most of your outside access is from a single location or from
a laptop would be to set up openvpn to one of the inside machines, configuring
the router to pass a single udp port for it. Then you can treat it like a
routed subnet with normal access to all services. But, if you use freenx it
doesn't make much difference because the session runs over ssh and the desktop
will have 'inside' access anyway.
lesmikesell at gmail.com
More information about the CentOS