How to assign multiple internal ip address to single static nat ip address for SSH
anddy127
Enthusiast - Level 2

Hi,

So i've been browsing around these forums and the internet and I am unable to find the correct answer and get this to work.   I have a static ip address with about 10 internal development servers with different internal ip addresses.   Each of these are running linux.   What i'm trying to achieve is to allow my developers who are external to my network to access the development servers via ssh.  Each developer will be accessing the different servers through putty.  I don't want them all to connect to 1 and then jump to another server due to some x11 forwarding etc..

When i enable port forwarding for port 22, it only works for 1 server going to the first internal ip address i assign.  When i setup static nat , i can assign the first internal ip to the external ip address for port 22,  when i do the same for the second internal ip to the same external ip, i keep getting message saying the rule for 22 is already existing and conflicting.   I tried to change the port for my second server to listen to 2222 and that didn't work either.  Still times out.  I don't have any other firewall inbetween.

How can i get the other developers to access the server via ssh using clients like putty to access the other servers?

I read alot about port forwarding etc....  but none of it seems to achieve what i'm trying to do.

My configuration:

1  Static IP (Public)    (71.x.x.36)

10 Internal IP addresses ( 192.168.1.10, 192.168.1.11, 192.168.1.12, etc..)

My router model :  MI424WR-GEN3I

Firmware:  40.20.7

Please help.

Andy.

0 Likes
1 Solution

Correct answers
Re: How to assign multiple internal ip address to single static nat ip address for SSH
Anti-Phish1
Master - Level 1

Your port forwarding rule is wrong.

In my previous instructions I specifically stated that SOURCE port should be ANY,

If source port if not ANY, then the originator's outgoing port must be the port number specified (e,g, 2222).

Not what you want.

View solution in original post

0 Likes
Re: How to assign multiple internal ip address to single static nat ip address for SSH
anddy127
Enthusiast - Level 2

i Have already reviewed these links:

Static IP good info.

How to get the same IP assignment per device

Port forwarding good info.

Port Forwarding Instructions for the FiOS MI424 Router

None of them really give clear instructions for what i want to achieve.    

0 Likes
Re: How to assign multiple internal ip address to single static nat ip address for SSH
dslr595148
Community Leader
Community Leader

Once you forward a port you can not forward it again.

So, you might do this...

#1 Computer one port 2222

b) Computer two port 2223

c) Computer three port 2224

#2 In the router forward port 2222 to computer one

b) In the router forward port 2223 to computer two

c) In the router forward port 2224 to computer three

#3 As need be...

a) You forward port 22 to computer one.

b) Once you know it works/the port is open from the net, then you re-edit the rule and forward port 22 to computer two.

c) Sort of Again. Once you know it works/the port is open from the net, then you re-edit the rule and forward port 22 to computer three.

Re: How to assign multiple internal ip address to single static nat ip address for SSH
Anti-Phish1
Master - Level 1

As dslr595148 stated, you can't forward the same port to multiple machines.  What would happen if the router received a packet on that port?  Which machine would it forward to?

You're on the right track assigning each user a different external port, i.e. 1111, 2222 etc.

The trick is to change the "port to forward to" so it's not the default "same as incoming".

You want your for forwarding rules to look like this:

User #1.  Source port ANY.  Destination port 1111.  Target machine: server #1, Port to forward to 22.

User #2.  Source port ANY.  Destination port 2222.  Target machine: server #2, Port to forward to 22..

etc.

Be sure you have a daemon listening on port 22 on each server machine (should already be there).

0 Likes
Re: How to assign multiple internal ip address to single static nat ip address for SSH
anddy127
Enthusiast - Level 2

Thank you so much for answering.  I am trying to do exactly that try different ports for different internal ip address .  I want to get one of them working before i do the same for the others.    I did it for 10.20.30.101.

Here is screen shot of my port forwarding page.   I did it for 10.20.30.101:2223    

But still unable to ssh into this server from outside.

image

0 Likes
Re: How to assign multiple internal ip address to single static nat ip address for SSH
anddy127
Enthusiast - Level 2

This is my static nat page.  I ended up getting 4 more ip addresses for the time being so  that my developers are not sitting idle.  Once i get this ironed out, i will get rid of the extra 4 ips. so that all 10 developers can can access and i only pay for 1 public ip address.

image

0 Likes
Re: How to assign multiple internal ip address to single static nat ip address for SSH
anddy127
Enthusiast - Level 2

When i try to add 10.20.30.101 to the public ip address to forward 2223 i get this message about conflict.

image

0 Likes
Re: How to assign multiple internal ip address to single static nat ip address for SSH
anddy127
Enthusiast - Level 2

On My STATIC NAT page, i can't seem to add more then 1 internal ip address to the same external ip address.  Keeps giving me that ip conflicts between this rule and previous NAT/NAPT rules message.

0 Likes
Re: How to assign multiple internal ip address to single static nat ip address for SSH
Anti-Phish1
Master - Level 1

Your port forwarding rule is wrong.

In my previous instructions I specifically stated that SOURCE port should be ANY,

If source port if not ANY, then the originator's outgoing port must be the port number specified (e,g, 2222).

Not what you want.

0 Likes
Re: How to assign multiple internal ip address to single static nat ip address for SSH
viafax999
Community Leader
Community Leader

@andyd127 wrote:

This is my static nat page.  I ended up getting 4 more ip addresses for the time being so  that my developers are not sitting idle.  Once i get this ironed out, i will get rid of the extra 4 ips. so that all 10 developers can can access and i only pay for 1 public ip address.

Sorry wrong quote not sure why you are using static nat but maybe it's important to you.

I'd just give the devices static Ip addresses and remove them from the dhcp pool

Any way to make the picture bigger or sizeable so that it is readable?

0 Likes