- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
So i've been browsing around these forums and the internet and I am unable to find the correct answer and get this to work. I have a static ip address with about 10 internal development servers with different internal ip addresses. Each of these are running linux. What i'm trying to achieve is to allow my developers who are external to my network to access the development servers via ssh. Each developer will be accessing the different servers through putty. I don't want them all to connect to 1 and then jump to another server due to some x11 forwarding etc..
When i enable port forwarding for port 22, it only works for 1 server going to the first internal ip address i assign. When i setup static nat , i can assign the first internal ip to the external ip address for port 22, when i do the same for the second internal ip to the same external ip, i keep getting message saying the rule for 22 is already existing and conflicting. I tried to change the port for my second server to listen to 2222 and that didn't work either. Still times out. I don't have any other firewall inbetween.
How can i get the other developers to access the server via ssh using clients like putty to access the other servers?
I read alot about port forwarding etc.... but none of it seems to achieve what i'm trying to do.
My configuration:
1 Static IP (Public) (71.x.x.36)
10 Internal IP addresses ( 192.168.1.10, 192.168.1.11, 192.168.1.12, etc..)
My router model : MI424WR-GEN3I
Firmware: 40.20.7
Please help.
Andy.
Solved! Go to Correct Answer
Correct answers
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Your port forwarding rule is wrong.
In my previous instructions I specifically stated that SOURCE port should be ANY,
If source port if not ANY, then the originator's outgoing port must be the port number specified (e,g, 2222).
Not what you want.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
i Have already reviewed these links:
Static IP good info.
How to get the same IP assignment per device
Port forwarding good info.
Port Forwarding Instructions for the FiOS MI424 Router
None of them really give clear instructions for what i want to achieve.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Once you forward a port you can not forward it again.
So, you might do this...
#1 Computer one port 2222
b) Computer two port 2223
c) Computer three port 2224
#2 In the router forward port 2222 to computer one
b) In the router forward port 2223 to computer two
c) In the router forward port 2224 to computer three
#3 As need be...
a) You forward port 22 to computer one.
b) Once you know it works/the port is open from the net, then you re-edit the rule and forward port 22 to computer two.
c) Sort of Again. Once you know it works/the port is open from the net, then you re-edit the rule and forward port 22 to computer three.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
As dslr595148 stated, you can't forward the same port to multiple machines. What would happen if the router received a packet on that port? Which machine would it forward to?
You're on the right track assigning each user a different external port, i.e. 1111, 2222 etc.
The trick is to change the "port to forward to" so it's not the default "same as incoming".
You want your for forwarding rules to look like this:
User #1. Source port ANY. Destination port 1111. Target machine: server #1, Port to forward to 22.
User #2. Source port ANY. Destination port 2222. Target machine: server #2, Port to forward to 22..
etc.
Be sure you have a daemon listening on port 22 on each server machine (should already be there).
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you so much for answering. I am trying to do exactly that try different ports for different internal ip address . I want to get one of them working before i do the same for the others. I did it for 10.20.30.101.
Here is screen shot of my port forwarding page. I did it for 10.20.30.101:2223
But still unable to ssh into this server from outside.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This is my static nat page. I ended up getting 4 more ip addresses for the time being so that my developers are not sitting idle. Once i get this ironed out, i will get rid of the extra 4 ips. so that all 10 developers can can access and i only pay for 1 public ip address.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
When i try to add 10.20.30.101 to the public ip address to forward 2223 i get this message about conflict.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
On My STATIC NAT page, i can't seem to add more then 1 internal ip address to the same external ip address. Keeps giving me that ip conflicts between this rule and previous NAT/NAPT rules message.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Your port forwarding rule is wrong.
In my previous instructions I specifically stated that SOURCE port should be ANY,
If source port if not ANY, then the originator's outgoing port must be the port number specified (e,g, 2222).
Not what you want.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@andyd127 wrote:This is my static nat page. I ended up getting 4 more ip addresses for the time being so that my developers are not sitting idle. Once i get this ironed out, i will get rid of the extra 4 ips. so that all 10 developers can can access and i only pay for 1 public ip address.
Sorry wrong quote not sure why you are using static nat but maybe it's important to you.
I'd just give the devices static Ip addresses and remove them from the dhcp pool
Any way to make the picture bigger or sizeable so that it is readable?