Re: [vox-tech] Trying to understand my own WAN

[Ted Deppner <ted@MAPSpsyber.com>]

On Sun, May 06, 2001 at 03:48:52PM -0500, Jay Strauss wrote:
> Trying to do Xterm from the internal LAN:
>     I figure I have to run an SSH (openSSH) server somewhere inside my DMZ.
>     My LRP box will let me SSH to the DMZ - i.e. it will let all outbound
> packets thru
>     I don't get how I allow X to send its display from the DMZ to the
> Internal LAN
>         thru the LRP?  I don't think I portforward, I think I have to open a
> hole in the LRP
>         for SSH connections - Is this right?

use "ssh -X" and make sure you've got X forwarding turned on in your
sshd.conf (assuming openssh -- ssh2 may be different).  ssh -X into your
inside box on the other side, it'll tunnel all the way back.

> Now for the hard part, I want to manage my oracle server from home
>     I SSH to my ssh server in the DMZ
>     Then I have to SSH from the SSH server to the oracle server?
>     Then I start my start xterm and tell it to send the display home?
>     Once the packet get home, How do my commands make it back to the oracle
> server?  The Linksys will portforward SSH to
>         the SSH server not the oracle Server.
>     How are my packets even going to make it home - won't my firewall and
> LRP box at home going to block them?

You can use ssh for this, and it's quite easy provided you map all the
ports you need, if you have to map twice it starts to get messy though.

alternatively, look at vtun.  http://vtun.sourceforge.net/

You can add a little private virtual network with ease using vtun.  you
may want to vtun to your inside box when the ip comes from your outside
firewall... this'll make your life easier.


I've found ssh to be nice and useful for "point to point" type
applications, xterms, etc... but vtun is very nice to connect private lan
to private lan in a nice transparent way.

vtun is a package under debian, which makes it very easy to use.

-- 
Ted Deppner
http://www.psyber.com/~ted/