accessing an intranet machines from a single machine service.

The networks are jealous of customers and usually we can only access the machines on your network from within the network itself. What comes to be known as an intranet.

But many of my maintenance tasks require access to multiple machines from a move to the intranet and client do not see a feasible option, nor in line with our times.

One solution I liked most is to ask a customer to access only a single machine with public IP address.

To provide security can be configured so that only they can be accessed from the IP address of your office, and to provide flexibility, which also can be accessed from the IP address of your server in a datacenter. Anyway this whole paragraph you can skip if there is not much problem with safety.

The machine with public IP mole that is linux, more than anything because if it is not because we do not need to keep reading because the rest of the article implied that premise.

What we are going to do is what you see in the picture.



Here I see myself with more hair and beard without wishing to access all services of the machines on the intranet 10.10.10 .* and yet only being able to access the machine with public IP 205,205 .205.205 .

What I need is a name and this is Port Forwarding, and the implementation of this simpler than I’ve seen is made by IP Tables.

It’s going to be faster write commands to be run in order to make this work that all the talk after you have counted.

My machine with public access is the distribution of Gentoo Linux and that the examples are for this distro but should not vary much for other distros.

Install iptables (if not already )

# Emerge iptables 

We tell the kernel that allows ip-forwarding

# Echo 1> / proc/sys/net/ipv4/ip_forward 

Flash whole configuration of iptables that has default

# Iptables-F    # Iptables-t nat-F 

Allow the forward from iptables (eth0 is the public interface )

# Iptables-A FORWARD-i eth0-j ACCEPT    # Iptables-A FORWARD-o eth0-j ACCEPT 

This makes the ips are not rolling to mask the possible bypass roads and security filters for IP

# Iptables-t nat-A POSTROUTING-o eth0-j MASQUERADE 

And here at last the rules of the Port Forwarding

# Iptables-t nat-A PREROUTING-p tcp-i eth0 - dport 213,306-j DNAT - to-destination 10.10.10.21:3306    # Iptables-t nat-A PREROUTING-p tcp-i eth0 - dport 2180-j DNAT - to-destination 10.10.10.21:80    # Iptables-t nat-A PREROUTING-p tcp-i eth0 - dport 2280-j DNAT - to-destination 10.10.10.22:80    # Iptables-t nat-A PREROUTING-p tcp-i eth0 - dport 2221-j DNAT - to-destination 10.10.10.22:21    # Iptables-t nat-A PREROUTING-p tcp-i eth0 - dport 2322-j DNAT - to-destination 10.10.10.23:22 

Keep the current iptables configuration so that the rewritten failure to restart

# / Etc / init.d / iptables save 

We service iptables to boot at the start

# Rc-update add default iptables 

I think that also you have to do it

# Vim / etc / sysctl.conf 

Add / uncomment the following lines:

net.ipv4.ip_forward =  1   net.ipv4.conf.default.rp_filter =  1 

And it should work. If I leave my machine in my office and I go to:

$ Mysql-h205  205 . 205 . 205  P- 213,306 

I find the mysql of the machine 10.10.10.21 .

If I go with a browser to:

http :// 205,205 . 205 . 205 : 2280 

I encounter with the Apache of the machine 10.10.10.22 .

Port Forwarding

D-Link Port Forwarding - DIR 615 - DIR-825 - DIR-655 - DIR-628 - DIR-628

D-Link port forwarding, also known as virtual server, allows you to configure inbound Internet connections to your router to be routed to specific devices on the network.  In order for surveillance system cameras to be accessible over the Internet, your router is configured to forward requests to your surveillance DVR (standalone or Geovision) or directly to IP cameras.  The IP address that your router assigns to your DVR or to IP security cameras is a LAN (internal IP address) that can not be accessed from outside of your local network.  Port forwarding is setup to open a hole in your firewass and allow access.

These instructions are for more recent D-Link routers such as the following: DIR-615, DIR-825, DIR-655, DIR-628.  If you are looking for older model D-Link instruictions, please click here: D-Link Port Forwarding Setup.
bookmark this page for future reference

1. Open your D-Link router's control panel by going to the IP address http://192.168.0.1/ in a web browser. You will be prompt for a password.  If you did not setup a password on your router, the dlink default password is usually blank.  Enter admin for the username and leave the password blank or enter your password.
2. After you are logged into your router
1. click on the "Advanced" tab (#1 below).  The virtual server screen will open.
   
   
2. Click the check box next to the first open virtual server entry and fill in the Name for this service.  This can be anything that you choose.  Also fill in the IP address of the device that you are setting up port forwarding for.
3. Enter the port # for both the Pivate Port and Public Port.  Ports 80, 4550, and 5550 are the ports that need to be forwarded for Geovision webcamserver to work.  You need to make an entry for each port.  Most of our stand alone DVRs only use one port which should be supplied on the instructions for the particular DVR you are installing.
4. Select "TCP" for Protocol.
5. Seelct "Always" for Schedule, and "Allow All" for Inbound Filter.
6. Click Save Settings.
3. On success, the screen will display a settings saved screen

The port forwarding entry is now added.  If you need to add additional port forwrding rules, repeat the above steps.

---

What is my Geovision computer's IP

1. If you do not know what the IP address is of your computer, in Windows press the start button then select Run.
2. In the Open field of the Run window type cmd, then press OK.  A command screen will open.
3. On the command line type ipconfig
4. The results should look similar to below.
   
   

bookmark this page for future reference

Tutorial: Setting Up Port Forwarding

Background Story

Bob runs a small custom office furniture company which builds awesome desks, workstations, filing cabinets and shelving. The company designs to suit, and this involves sending representatives to the offices of customers and potential customers for on-site visits.

In the early days, Bob did a lot of that running around himself, but as his business grew more successful, he was able to delegate most of that work and spend his time doing what he loves—designing unusual furniture solutions.
Bob and his three assistants are constantly churning out potential designs, and his field representatives need to be able to get his latest illustrations, floorplans, and 3D models, as well as marketing and and other documents. They need access to this stuff whenever the need arises, often when they're out of the office.
With iGet, that's easy. Bob doesn't have to train his staff how to use it, because the interface is intuitive and obvious. He doesn't have to worry about miscreants snooping on his data, because iGet uses always-on industrial-strength encryption. The only slightly tricky bit was setting up his Internet connection.

Port forwarding

Port forwarding is when you configure a network device (such as a router, firewall, or Aiport base station) to forward connections to certain computers, based on the port number used to make the connection.
One common use of port forwarding is to enable access to multiple computers from outside the network when only one Internet connection (and one IP address) is available.
In this tutorial we will walk though a hypothetical scenario where a small business needs to make its Macs in the office accessible to company staff when they are traveling.

The Network Setup

Bob has a static IP address for his business DSL account, so at first it was quite simple.

(See sidebar for an additional tip for when you don't have a static IP address.)
His office "network", such as it was, was just his Mac and his DSL modem:

Bob's simple one-Mac network, in the early days.

Accessing his Mac from outside the office was easy. Static IP addresses don't change, so he just typed his static IP address into iGet, entered his usernmame and password, and—boom!—he was connected and could browse his Mac, search for the files he needed, and quickly download them.

iGet connecting to Bob's Mac via its static IP address.

As Bob's company grew and he added staff, he wanted to let them access his design files remotely as well. So, he created a user account on his Mac for each of them, and they could connect the same way he did, via the static IP.
Pretty soon, though, his staff wanted to access their own Macs remotely, too. But with only one static IP address, he had to set up a way that they could all share that Internet connection, and yet still be individually accessible. That required setting up port forwarding.

What if Bob's Internet connection didn't come with a static IP address?

In this example, Bob uses a business Internet account from his ISP. But what if he was using a different account type, such as a residential DSL or cable that didn't come with a static IP address?
In that case, Bob would still set up port forwarding, just as he does in this tutorial. But he would also want to set up dynamic DNS, so that he could have an Internet address that didn't change and was easy for his staff to remember when they wanted to iGet into the Macs back at the office.
The DNS & Dynamic DNS tutorial explains how to set that up.

Setting Up Port Forwarding

To share his Internet connection with all the Macs in his office, Bob ordered a router from his ISP. He could have instead bought a router at his local computer store, or ordered an Airport base station from Apple.

The precise details of configuring port forwarding differ for each router, but the basic concepts do not.

Please note: We are currently in the process of updating these tutorials to cover the new iGet Mobile, as well as iGet. Most of the concepts are the same, so this tutorial may be useful in its current form. However, iGet always uses port 22, whereas iGet Mobile uses the port you specify (the default is 55555). So, when using these tutorials, iGet Mobile users should replace port 22 with whatever port iGet Mobile is configured to use.

Bob's IP address is now assigned to his router. When somebody tries to connect from the to his IP address, the router looks at the connection and decides what computer to forward the connection to. To the user, this process makes it seem that they are connecting directly to that computer.
Bob has four Macs in the office. He wants his router to be able to forward his connection to the Mac of his choice, so that he can access whichever Mac he wants. But he has only the single IP address, so every incoming connection is connecting to the same address. How can the router tell which Mac he wants to connect to?
The router figures out which Mac he wants by looking at the port number. Every Internet connection involves an IP address, and also a port number. The port number indicates the type of service being requested. For example, standard HTTP connections made by Safari use port 80, the standard port number for web servers. iGet uses port 22, the standard port for SSH connections.
Normally, most software doesn't make you deal with the port number. For example, you don't have to specify port 80 when using your web browser, because it uses that port by default. But you can specify the port in your web browser. To do so, you append a colon and the port number after the hostname or IP address.
iGet works the same way. To tell iGet to connect using a different port number than it normally would, you append a colon and the port number.
Bob is going to set up port forwarding for iGet, and while he is at it, he's going to set up port forwarding so that he can view the test web site one of his employees is creating on one of the Macs. To set this all up, he does the following:

1. Decide which port numbers will point to each Mac.

This is an arbitrary decision, and the numbers can pretty much be any valid port numbers. However, Bob has read up a little bit on the web, and he's learned that is better to use port numbers above 1024 (to avoid conflicting with other services that might be in use now or someday in the future). So he chooses 10000 as his starting number. He jots his choices down on a post-it note:

• port 10001 goes to iGet on Mac #1
• port 10002 goes to iGet on Mac #2
• port 10003 goes to iGet on Mac #3
• port 10004 goes to iGet on Mac #4
• port 8080 goes to the test web server on Mac # 3

2. Figure out what port numbers to translate these to.

Bob will configure the router to accept connections on these non-standard port numbers that he just made up. But his Macs will expect the connections to come on the standard port. Bob doesn't want to (and doesn't know how to) tweak his Macs to listen for connections on these non-default port numbers.
Fortunately, his router will take care of that for him. When it accepts a connection on one of these weird port numbers, it will not only figure out which Mac to forward the connection to, but it will also change the port number. This way, the Mac will see the incoming connection as if it was coming on the default port. Bob has to configure his router so that it knows how to do this. He knows that the web server listens for connections on port 80, and the Mac's SSH subsystem that iGet uses listens for connections on port 22. So he fleshes out his note:

• 64.130.31.59:10001 -> port 22 (iGet) on Mac #1
• 164.130.31.59:10002 -> port 22 (iGet) on Mac #2
• 64.130.31.59:10003 -> port 22 (iGet) on Mac #3
• 64.130.31.59:10004 -> port 22 (iGet) on Mac #4
• 64.130.31.59:8080 -> port 80 (web server) on Mac # 3

3. Give all the Macs static (unchanging) private IP addresses on the LAN.

By default, Bob's router automatically assigns private IP addresses to all his Macs. It gives the first Mac 192.168.1.10, the next one 192.168.1.11, and so on. That's convenient, but it means that each Mac's address on the local network may change from time to time.
Bob wants to make sure nothing ever changes, so he decides to give each Mac its own, unchanging private IP address. He uses the Network pane in each Mac's System Preferences application to hardcode the IP address.
First, he goes to the Network preferences pane, then selects "Built-in Ethernet" from the "Show" popup menu. This shows the detailed settings for his Ethernet network connection. (He would change his AirPort settings instead if his Mac were connected wirelessly, but it isn't.)

Bob's original (default) Network preferences.

The only change he wants to make is to specify an address manually. To do that, he makes only one change: instead of "Using DHCP" in the first popup menu, he selects "Using DHCP with manual address"
Once he does this, the "IP Address" becomes editable. But the address is now "0.0.0.0", which won't work. What address should he put? Unsure, he calls his son, Jason.
"Copy the address that it shows for your router, but change the last part of the IP address," says Jason. "Start at 100, and then make the next Mac's 101, and so on. That almost always works. "

Bob's modified Network preferences on the first Mac.

Now that Bob has given each Mac in his office its own static local IP address, he can finish his port forwarding note:

• Public IP Address:Port -> Local IP Address:Port
• 64.130.31.59:10001 -> 192.168.1.100:22
• 64.130.31.59:10002 -> 192.168.1.101:22
• 64.130.31.59:10003 -> 192.168.1.103:22
• 64.130.31.59:10004 -> 192.168.1.104:22
• 64.130.31.59:8080 -> 192.168.1.103:80

Or, spelled out more precisely:

Public IP Address	Port Number		Private LAN IP Address	Port Number
64.130.31.59	10001	forwarded to	192.168.1.100	22
64.130.31.59	10002	forwarded to	192.168.1.101	22
64.130.31.59	10003	forwarded to	192.168.1.102	22
64.130.31.59	10004	forwarded to	192.168.1.104	22
64.130.31.59	8080	forwarded to	192.168.1.102	80

Finally, just to make sure he has everything straight in his mind, Bob fires up OmniGraffle and whips up little diagram to visualize how the port forwarding should work:

4. Reboot everything

While not strictly necessary, Bob wants to make sure everything is configured right and will survive a reboot. If he reboots his DSL modem, router, and Mac, and can still connect, then he can be confident he didn't make any errors while configuring all the parts.
So, he reboots his gear, grabs his MacBook and walks to a nearby cafe. Using the cafe's wireless Internet connection, he opens safari and enters his static IP address, a colon, and the custom port number he uses for his test web server:

Sure, enough, he sees that his test web site loads up. The web server is running on Mac #3 back in his office; by appending the port number 8080 to the address in Safari, he has told his router "Forward this connection to Mac #3 on port 80"
Next he fires up iGet, and tries the same trick:

Success! iGet connects and browses the files on his first Mac. Using address "64.130.31.59:10002", he connects to the next Mac, and so on. His employees can access their files, and Bob can get back to working on his latest ergonomic switchable sit/stand computer workstation.

How is Port Forwarding Configured?

---

Instructions for RP614, MR814, WGR101, WGR614, WGT624, WGT634U, WGU624, WGM124, or WPN824 These routers do port forwarding by assigning port numbers to a "service" that is associated with the application you want to run. To Let an Application Use Port Forwarding Type the router's address in an Internet browser's address bar. (By default the router's address is 192.168.0.1). The Setup Wizard appears. Enter the router's username and password. Under Advanced, click Port Forwarding on the left menu bar. A Port Forwarding Screen (Varies Slightly by Router) From the Service & Game (or Service Name) pull down, select the service that you will host. The services the router knows about are listed here. If the service does not appear in the drop down, add a service as described in the next section, then return to this step. Enter the IP address of your local server in the Server IP Address box. Click Add. Click Logout to exit from router settings. To Add a Service for These Routers To define a service not in the Service Name list, determine what port numbers are used by the service. Click Add Custom Service. Enter the first port number in an unused Start Port box. If only one port number is to be forwarded, enter the same number in End Port. To specify a range of ports, enter the last port to be forwarded in the End Port box. Enter any name you choose for the service. Click Apply.

---

Instructions for DG834, DG834G, DG824M, FR114W, FM114P, FR114P, FR328S, FVL328, FVS328, FVS338, FVX538,
FWAG114, FWG114P, or FVS318v3
These routers do port forwarding by assigning port numbers to a "service" associated with the application you want to run. "Rules" are set for particular services. Rules block or allow access, based on various conditions such as the time of day and the name of the service.

To Create a New Inbound or Outbound Rule

1. Submit the router's address in an Internet browser. (The default is 192.168.0.1).
2. Enter the router's username and password.
3. From the main menu, click Security > Rules.
4. Click Add for inbound or outbound traffic, as appropriate to the application you are planning to run.
5. Select the Service. The services the router knows about are listed in the drop down. If the service you want is not listed, add it as described in the next section.
6. Select the Action, for example ALLOW always.
7. For Send to LAN Server, enter the IP address of the local server. Note that this is also the IP address the computers on your LAN will access.
8. For WAN User choose Any, or limit access to particular IP addresses.
9. For Log selection it is reasonable to turn logs on, especially at the beginning when you are unsure of the result of the changes you are making. Later, you may want to set logs to "Never" for performance reasons.
10. Click Apply.

As noted in user manual for some models:

• Consider using the Dynamic DNS feature on the Advanced menu, so that external users can find your network when the DHCP lease is renewed by your ISP.
• If your own LAN server uses DHCP, and your IPs change on rebooting, consider using the Reserved IP Address feature in the LAN IP menu.

To Add a Service for These Routers

1. Click Security > Services > Add Custom Service.
2. Enter any name you choose for the service.
3. Select whether the service is to use TCP or UDP. If you are unsure, select both.
4. Enter the lowest port number used by the service.
5. Enter the highest port number used. If the service uses only one port number, enter the same number.
6. Click Apply.

---

To Enable Port Forwarding for RM356, RH340, RH348, RT388, RT311, or RT314 Click Start > Run. Type telnet 192.168.0.1. Type the password at the prompt. The default is 1234. The router menu appears. Type 15, and press Enter to select SUA Server Setup. The Port Forwarding screen appears. Enter the port number and your server's IP address. Press Enter repeatedly until the cursor comes to the last line and saves the changes. Type 99 to exit from the router settings.

---

To Enable Port Forwarding for FVM318 or FVS318v1 and v2
These routers do port forwarding by assigning port numbers to a "service" associated with the application you want to run.
To Let an Application Use Port Forwarding

1. Type the router's address in an Internet browser's address bar. (By default the router's address is 192.168.0.1). The Setup Wizard appears.
2. Enter the router's username and password.
3. Click Advanced > Ports on the left menu bar.
4. Click Add. The Add Service screen appears.
5. If you click the Service Name drop down, a list of services that have been defined appears. (Some are always added by NETGEAR for your convenience by default.) If the service does not appear in the drop down, add a service as described in the next section, then return to this step.
6. Set Action to ALLOW always.
7. Enter the IP address of your local server in the Server IP Address box.
8. Set WAN Users Address to Any.
9. For the Log selection it is reasonable to turn logs on, especially at the beginning when you are unsure of the result of the changes you are making. Later, you may want to set logs to "Never" for performance reasons.
10. Click Apply.
11. Click Logout to exit from router settings.

To Add a Service for These Routers

1. Determine what port numbers are used by the service.
2. Click Security > Add Service. The Add Custom Services window appears.
3. Enter the first port number in an unused Start Port box.
4. If only one port number is to be forwarded, enter the same number in End Port. To specify a range of ports, enter the last port to be forwarded in the End Port box.
5. Enter any name you choose for the service.
6. Click Apply.

---

To Enable Port Forwarding for MR314 or RP114

1. Type the router's address in an Internet browser's address bar. (By default the router's address is 192.168.0.1).
2. Enter the router's username and password.
3. Click Advanced > Ports on the left menu bar.
4. Enter the first port number in an unused Start Port box.
5. If only one port number is to be forwarded, enter the same number in End Port. To specify a range of ports, enter the last port to be forwarded in the End Port box.
6. Enter the IP address of your local server in the Server IP Address box.
7. Click Apply.