Ubuntu

ssh, port-forwarding problems

Asked by Jim Hutchinson

I've been messing with this for a couple days without success. I'm hopeful someone will be able to suggest something I've overlooked.

I had my desktop set up with openssh-server and was able to remotely log in and proxy connections over my home network. For example, when at an unsecured hot-spot I could ssh in to my home computer and then proxy firefox over that tunnel. However, I recently rewired my network and it has made things more confusing and so far the new setup is not working.

ORIGINAL SETUP

One DSL modem connected into the the LAN ports of one wireless router with another wireless router and the desktop also connected into LAN ports on the router. Both routers had DHCP turned off. The DSL modem gave out DHCP addresses. However, this did not allow me to run a "less secure" wireless router as it left the network open to the "weakest link".

NEW SETUP (hard to describe maybe I'll draw a picture and upload it somewhere)

DSL modem (ip 192.168.0.1) with dhcp on connected to

One wireless router (WAN port) with ip 192.168.0.2 (local ip is 192.168.1.1) and dhcp is on

This wireless is connected to a second wireless into the WAN port with ip of 192.168.1.100 and local ip of 192.168.2.1.

The desktop has ip 192.168.2.100

So, I have the modem port forward port 22 to wireless1 at ip 192.168.0.2

Wireless1 forwards to wireless2 at 192.168.1.100.

Wireless2 forwards to desktop at 192.168.2.100

As far as I understand this all this should work but it doesn't. When I try to ssh I get a timeout on the connection. Nothing happens.

If you are wondering why such a complex setup it's because wireless1 uses basic WEP (gaming AP) and I didn't want that to be a weak spot with access to my full network. With this setup, anyone connecting to wireless1 cannot see or access anything connected to wireless2.

Thanks.

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu Edit question
Assignee:
No assignee Edit question
Solved by:
Jim Hutchinson
Solved:
Last query:
Last reply:
Revision history for this message
Bhavani Shankar (bhavi) said : 		#1

sir, refer this article by Daniel J. Barrett:
http://www.onlamp.com/pub/a/onlamp/excerpt/ssh_11/index3.html
hope it helps,

Revision history for this message
Jim Hutchinson (jphutch) said : 		#2

Hmmm, interesting but if I understand I would need to be using something more robust than simple wireless routers. I don't believe I have any ability to run scripts on the router (if I do, I'd like to learn how).

Anyway, thanks for the link but I think I will need a different solution.

Revision history for this message
Bhavani Shankar (bhavi) said : 		#3

yes, you can run scripts on a router for ex following perl script on a cisco router will perform,
-- > sh ip bgp summ
-- > sh ip bgp neigh

#!/usr/bin/perl -w
use Net::Telnet::Cisco;
$format = "\n ---------------------------------------------------------------------------\n";
#### Source Router from ping OR trace will be done ########
print " router ip is $ARGV[0]\n\n\n";
$ARG_1 = $ARGV[0];

######### Argument value ping or trace ?? #########
#print " router 2nd ip is $ARGV[1]\n";
$PING_TR = $ARGV[1];

if ( $PING_TR eq "1" )
{
$cmdd = "sh ip bgp summ";
print "Command run on Router $ARG_1 # $cmdd \n";
}
elsif ( $PING_TR eq "2" )
{
$cmdd = "sh ip bgp neigh";
print "Command run on Router $ARG_1 # $cmdd \n ";
}
else
{
print "Wrong Argument";
}

my $session = Net::Telnet::Cisco->new(Host => $ARG_1,Timeout => 20);

if ($session)

{
$session->login('USERNAME','PASSWORD');
@conf = $session->cmd($cmdd);
print $format;
print @conf;
print $format;
close LOG;
$session->close;
} else {
print 'Router is not Reachable';
}

RUN Command:
run sh ip bgp nei command -
# perl bgp.pl Router_IP
Hope it helps,
Bhavani Shankar.

Revision history for this message
Jim Hutchinson (jphutch) said : 		#4

Whoa, that just shot way over my head. I will have to spend some time investigating this. However, let me see if understand the basic idea...

In a terminal (or I can write the script and run it) I run this script and "point" it at the router rather than writing and running the script from "within" the router, correct? In other words, there is not a user environment within the router itself that allows for scripting. It has to be done on the PC connected to the router. Do I understand correctly? I know my Linksys router has no tool for writing and running scripts. It just has the web interface for configuring settings.

Will this work with non-cisco routers? I have a cheap Linksys router that you find in homes, not a commercial grade router.

Revision history for this message
Bhavani Shankar (bhavi) said : 		#5

absolutely correct...,we can do scripting on linksys router also..... Pls take a look at:
http://mail.python.org/pipermail/python-list/2004-November/290356.html
Hope it helps,

Revision history for this message
Jim Hutchinson (jphutch) said : 		#6

Thanks for the info. I'm very much a beginner when it comes to scripting so I'm going to have to spend some time with this. It looks like a promising solution but until I know a bit more I have no idea how to proceed.

I did manage to get things working - just not my ideal solution. What I really want is a stand alone router than can run ssh and allow me to set up an ssh tunnel without having to have a computer running all the time.

Thanks again.