l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
November 4: Social gathering
Next Installfest:
TBD
Latest News:
Oct. 24: LUGOD election season has begun!
Page last updated:
2001 Dec 30 17:04

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] Trying to understand my own WAN
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] Trying to understand my own WAN


  • Subject: Re: [vox-tech] Trying to understand my own WAN
  • From: Erik Mullinix <hesp@rainworkMAPSs.org>
  • Date: Mon, 07 May 2001 12:02:39 -0700
  • References: 001301c0d66d$f7728230$0201a8c0@roscoe

Nice and simple setup. Simple is good.
For closing the ports. the linksys should be able to help with that. but if
you have the extra equipment. you can delegate it to a Linux based firewall
solution and use that box as your routing as as well.  Now from here you
might consider using Webmin on that box and only allowing a secure tunnel
between connections. So only your home and only your office can talk to each
other https wise using webmin (remote configuration and administration tool
for Many os's) www.webmin.org  Please keep an eye out for exploits for this
free product.  The designers are very good at keeping updates flowing.

A friend has recently turned me onto the firewall (for linux)
http://www.astaro.com  I have not had the chance to realy test this product,
However I know of one company that installs the type of network your looking
for on a regular basis and they recomend this firewall solution.

Erik Mullinix

----- Original Message -----
From: "Jay Strauss" <jjstrauss@yahoo.com>
To: "vox-tech" <vox-tech@lugod.org>
Sent: Sunday, May 06, 2001 4:48 PM
Subject: [vox-tech] Trying to understand my own WAN


> I apologize right off the bat that this is long.
>
> I'm trying to figure out how to manage servers at the office from both my
> home and work.
>
> Firstly, let me describe some of the setup.  I have static IPs at both my
> office and home. Both setups are identical from a hardware perspective:
>
> LRP - Linux Router, performs firewalling, DHCP
>
> linksys routers, are SOHO (Small Office/Home Office) firewalls that also
> have a builtin hub/switch on the internal side (i.e. so you can hook it up
> to your DSL then hang 5 PCs off the back), It performs
> NAT/DHCP/Portforwarding.
>
> My network looks like so:
>
>         ------------------Internet---------------
>         |                                        |
> DSL Modem                                DSL Modem
>         |                                        |
>         |                                        |
>         64.92.x.x                                216.233.x.x
> Linksys Router/Firewall                  Linksys Router/Firewall
>         192.168.5.254                            192.168.5.254
>         |                                        |
>         |                                        |
>         192.168.5.253                            192.168.5.253
> LRP (Eigerstein)                         LRP (Eigerstein)
>         192.168.1.254                            192.168.1.254
>         |                                        |
>         |                                        |
> Internal LAN                                Internal LAN
>
>       (HOME)                                  (OFFICE)
>
>
> My DMZ or at least what I think is my DMZ, is the area behind my linksys,
> and in front of my LRP.  At the office I run a 2 RH6.2 machines, one with
> Apache the other with Oracle in my DMZ.
>
> I'd like to be able to manage the servers in my DMZ from both Home and the
> internal LAN at my office (i.e. like to be able to start an Xterm session
on
> my RH(1) and tell it to send the display to my machine at home or the
> Internal LAN at work).
>
> I don't really get how I do this securely (I don't want to run telnet,
FTP).
> I'll start with the easy side
>
> Trying to do Xterm from the internal LAN:
>     I figure I have to run an SSH (openSSH) server somewhere inside my
DMZ.
>     My LRP box will let me SSH to the DMZ - i.e. it will let all outbound
> packets thru
>     I don't get how I allow X to send its display from the DMZ to the
> Internal LAN
>         thru the LRP?  I don't think I portforward, I think I have to open
a
> hole in the LRP
>         for SSH connections - Is this right?
>
> Now for the hard part, I want to manage my oracle server from home
>     I SSH to my ssh server in the DMZ
>     Then I have to SSH from the SSH server to the oracle server?
>     Then I start my start xterm and tell it to send the display home?
>     Once the packet get home, How do my commands make it back to the
oracle
> server?  The Linksys will portforward SSH to
>         the SSH server not the oracle Server.
>     How are my packets even going to make it home - won't my firewall and
> LRP box at home going to block them?
>
> Feel free to rearrange any and all components/hardware, if I've got this
> totally setup wrong
>
> Thanks
> Jay
>
>
>
>
> _________________________________________________________
> Do You Yahoo!?
> Get your free @yahoo.com address at http://mail.yahoo.com
>
>


LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Sunset Systems
Who graciously hosts our website & mailing lists!