[ previous ] [ next ] [ threads ]
 
 From:  Nicolai Scheer <scope at planetavent dot de>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] opening ports for entire network
 Date:  Sun, 26 Feb 2006 00:35:36 +0100
Hi!

Nick Smith wrote:
> is there a way to open say port 21 for my entire network, not just
> machine? then if i do ssh computer1.domain.com or computer2.domain.com
> it will actually go to each machine? as it stands now it seems i can
> only open the port per ip, so unless i run ssh on different ports on
> all the different machines which would be a real pain, now i have to
> ssh into computer1.domain.com and then from computer1 ssh into
> computer2.  is it possible to open it up for the entire network and
> use host name resolution via the dns forwarder in the m0n0wall?

Sounds like you don't want to change the sshd ports on each machine...
What you could do:

Each machine gets its own outbound port mapped to port 21... so, for
each machine you could add an inbound NAT rule:

e.g:
(If, Proto, Ext. Port, NAT IP, Int. port)
WAN TCP 8000 192.168.1.1 22
WAN TCP 8001 192.168.1.2 22
WAN TCP 8002 192.168.1.3 22
...

This way you can reach each machine with its own port directly, and you
don't need to change the internal sshd ports...
You need a NAT rule for each machine, though... Depends on how many
machines you want to use, if only a few, this could be a good solution
to my mind.

HTH,

Nico
signature.asc (0.8 KB, application/pgp-signature)