Re: [vox-tech] Trying to understand my own WAN
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [vox-tech] Trying to understand my own WAN
- Subject: Re: [vox-tech] Trying to understand my own WAN
- From: "Jay Strauss" <jjMAPSstrauss@yahoo.com>
- Date: Mon, 07 May 2001 08:23:17 -0700
- References: 001301c0d66d$f7728230$0201a8c0@roscoe
Maybe I'd be better off saying what I want to do (rather than what I have),
and you guys can direct me in the approach.
I want to have a secure network, where I'll have a DMZ and an Internal LAN.
I want to be able to run X apps from:
Internal LAN --> DMZ
Home --> DMZ server
Home --> Internal LAN servers
What pieces of hardware do I need? What software? How are they arranged?
Jay
----- Original Message -----
From: "Jay Strauss" <jjstrauss@yahoo.com>
To: "vox-tech" <vox-tech@lugod.org>
Sent: Sunday, May 06, 2001 3:48 PM
Subject: [vox-tech] Trying to understand my own WAN
> I apologize right off the bat that this is long.
>
> I'm trying to figure out how to manage servers at the office from both my
> home and work.
>
> Firstly, let me describe some of the setup. I have static IPs at both my
> office and home. Both setups are identical from a hardware perspective:
>
> LRP - Linux Router, performs firewalling, DHCP
>
> linksys routers, are SOHO (Small Office/Home Office) firewalls that also
> have a builtin hub/switch on the internal side (i.e. so you can hook it up
> to your DSL then hang 5 PCs off the back), It performs
> NAT/DHCP/Portforwarding.
>
> My network looks like so:
>
> ------------------Internet---------------
> | |
> DSL Modem DSL Modem
> | |
> | |
> 64.92.x.x 216.233.x.x
> Linksys Router/Firewall Linksys Router/Firewall
> 192.168.5.254 192.168.5.254
> | |
> | |
> 192.168.5.253 192.168.5.253
> LRP (Eigerstein) LRP (Eigerstein)
> 192.168.1.254 192.168.1.254
> | |
> | |
> Internal LAN Internal LAN
>
> (HOME) (OFFICE)
>
>
> My DMZ or at least what I think is my DMZ, is the area behind my linksys,
> and in front of my LRP. At the office I run a 2 RH6.2 machines, one with
> Apache the other with Oracle in my DMZ.
>
> I'd like to be able to manage the servers in my DMZ from both Home and the
> internal LAN at my office (i.e. like to be able to start an Xterm session
on
> my RH(1) and tell it to send the display to my machine at home or the
> Internal LAN at work).
>
> I don't really get how I do this securely (I don't want to run telnet,
FTP).
> I'll start with the easy side
>
> Trying to do Xterm from the internal LAN:
> I figure I have to run an SSH (openSSH) server somewhere inside my
DMZ.
> My LRP box will let me SSH to the DMZ - i.e. it will let all outbound
> packets thru
> I don't get how I allow X to send its display from the DMZ to the
> Internal LAN
> thru the LRP? I don't think I portforward, I think I have to open
a
> hole in the LRP
> for SSH connections - Is this right?
>
> Now for the hard part, I want to manage my oracle server from home
> I SSH to my ssh server in the DMZ
> Then I have to SSH from the SSH server to the oracle server?
> Then I start my start xterm and tell it to send the display home?
> Once the packet get home, How do my commands make it back to the
oracle
> server? The Linksys will portforward SSH to
> the SSH server not the oracle Server.
> How are my packets even going to make it home - won't my firewall and
> LRP box at home going to block them?
>
> Feel free to rearrange any and all components/hardware, if I've got this
> totally setup wrong
>
> Thanks
> Jay
>
>
>
>
> _________________________________________________________
> Do You Yahoo!?
> Get your free @yahoo.com address at http://mail.yahoo.com
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
|
