Re: [TCLUG:8252] Port forwarding: ssh/ipchains

To: tclug-list@mn-linux.org
Subject: Re: [TCLUG:8252] Port forwarding: ssh/ipchains
From: Amy Tebbe <atebbe@real-time.com>
Date: Mon, 13 Sep 1999 15:09:36 -0500
In-Reply-To: <001201befe1c$0a6fefc0$0202a8c0@dsl.visi.com>; from Allie Micka on Mon, Sep 13, 1999 at 02:13:19PM -0500
References: <001201befe1c$0a6fefc0$0202a8c0@dsl.visi.com>
Reply-To: amy@real-time.com

On Mon, Sep 13, 1999 at 02:13:19PM -0500, Allie Micka (allie@visi.com) wrote:
> Ok, so I learned all about ipchains port forwarding at the tclug meeting
> last weekend  (good job by the way, Amy) and I am also aware of a similar
> functionality with secure shell.  What would be the advantages of using one
> over the other?

ssh and portforwarding are two different things and are not similar
in functionality.

ssh (secure shell) is basically like telnet but all traffic is
encrypted.  With telnet, all passwords are sent clear-text, so
they are susceptible to snooping.  That is why we recommended ssh in
the tclug meeting.

portforwarding allows you to forward traffic of a particular type 
to another machine.  It is particularly useful in forwarding traffic
from the Internet to a non-routeable machine.

ssh does not require portforwarding.  If there is a route to the machine
you're trying to ssh to, then you can just ssh there.  If you're trying
to ssh to a machine w/ a non-routable address, you'll need something
like portforwarding to get the traffic to that machine.

> I have a small internal lan connecting to the internet w/ dsl over a static
> ip address, and i want to be able to access services on my internal systems
> by accessing the outside one with a given port number.  My guess is that
> ipchains port forwarding would be fine to access the internal systems and
> ssh would be better if i wanted to forward ports to/from machines located
> somewhere else entirely.  I  was hoping that someone could confirm or deny
> my educated guess with a guess having the benefit of better education.

I'm not entirely sure of your network design based on the above.
Do you have a private (non-routable) internal network?  If so, you
could use a combination of portforwarding and ssh.  Setup portforwarding
to forward ssh traffic to a box on your internal network.

Example:
internal box: 192.168.100.1
firewall public ip: 206.55.55.254

To ssh to the 192.168.100.1 machine from outside the 192.168.100.0 network,
you would setup portforwarding on your firewall to forward incoming
ssh traffic to 192.168.100.1.  You would point your ssh client to
206.55.55.254

Send me more info on your network design (IPs, etc) and I can help
more.
-- 
Amy Tanner                                      Voice: 612.943.8700
Real Time Enterprises, Inc.	                  Fax: 612.943.8500
amy@real-time.com		    	   http://www.real-time.com
PGP fingerprint =  67 6C 8F DB B1 7A 8D 41  DC 7B CA 0B 28 1E 67 AD

Follow-Ups:
- Re: [TCLUG:8252] Port forwarding: ssh/ipchains
  - From: "Clayton T. Fandre" <cfandre@maddog.mn-linux.org>
- Re: [TCLUG:8252] Port forwarding: ssh/ipchains
  - From: "Allie Micka" <allie@visi.com>

References:
- Port forwarding: ssh/ipchains
  - From: "Allie Micka" <allie@visi.com>

Prev by Date: Installfest Publicity
Next by Date: nfssvc failure fixed
Prev by thread: Port forwarding: ssh/ipchains
Next by thread: Re: [TCLUG:8252] Port forwarding: ssh/ipchains
Index(es):
- Date
- Thread