×

Switch Account

How to assign multiple internal ip address to single static nat ip address for SSH

How to assign multiple internal ip address to single static nat ip address for SSH

SOLVED
Reply
Highlighted
Copper Contributor andyd127
Copper Contributor
Posts: 16
Registered: ‎09-10-2013

Hi,

 

So i've been browsing around these forums and the internet and I am unable to find the correct answer and get this to work.   I have a static ip address with about 10 internal development servers with different internal ip addresses.   Each of these are running linux.   What i'm trying to achieve is to allow my developers who are external to my network to access the development servers via ssh.  Each developer will be accessing the different servers through putty.  I don't want them all to connect to 1 and then jump to another server due to some x11 forwarding etc..

 

 

When i enable port forwarding for port 22, it only works for 1 server going to the first internal ip address i assign.  When i setup static nat , i can assign the first internal ip to the external ip address for port 22,  when i do the same for the second internal ip to the same external ip, i keep getting message saying the rule for 22 is already existing and conflicting.   I tried to change the port for my second server to listen to 2222 and that didn't work either.  Still times out.  I don't have any other firewall inbetween.

 

How can i get the other developers to access the server via ssh using clients like putty to access the other servers?

 

I read alot about port forwarding etc....  but none of it seems to achieve what i'm trying to do.

 

My configuration:

 

1  Static IP (Public)    (71.x.x.36)

10 Internal IP addresses ( 192.168.1.10, 192.168.1.11, 192.168.1.12, etc..)

 

My router model :  MI424WR-GEN3I

Firmware:  40.20.7

 

 

Please help.

 

Andy.

19 REPLIES 19
Highlighted
Copper Contributor andyd127
Copper Contributor
Posts: 16
Registered: ‎09-10-2013

i Have already reviewed these links:

 

Static IP good info.

How to get the same IP assignment per device

 

Port forwarding good info.

Port Forwarding Instructions for the FiOS MI424 Router

 

 

 

None of them really give clear instructions for what i want to achieve.    

Highlighted
Platinum Contributor III Platinum Contributor III
Platinum Contributor III
Posts: 5,779
Registered: ‎09-24-2008
Message 3 of 20
(3,080 Views)

Once you forward a port you can not forward it again.

 

So, you might do this...

 

#1 Computer one port 2222

 

b) Computer two port 2223

 

c) Computer three port 2224

 

#2 In the router forward port 2222 to computer one

 

b) In the router forward port 2223 to computer two

 

c) In the router forward port 2224 to computer three

 

#3 As need be...

 

a) You forward port 22 to computer one.

 

b) Once you know it works/the port is open from the net, then you re-edit the rule and forward port 22 to computer two.

 

c) Sort of Again. Once you know it works/the port is open from the net, then you re-edit the rule and forward port 22 to computer three.

 

 

If you are the original poster (OP) and your issue is solved, please remember to click the "Solution?" button so that others can more easily find it. If anyone has been helpful to you, please show your appreciation by clicking the "Kudos" button.


 

Highlighted
Gold Contributor III
Gold Contributor III
Posts: 1,122
Registered: ‎12-04-2009

As dslr595148 stated, you can't forward the same port to multiple machines.  What would happen if the router received a packet on that port?  Which machine would it forward to?

 

You're on the right track assigning each user a different external port, i.e. 1111, 2222 etc.

The trick is to change the "port to forward to" so it's not the default "same as incoming".

 

You want your for forwarding rules to look like this:

User #1.  Source port ANY.  Destination port 1111.  Target machine: server #1, Port to forward to 22.

User #2.  Source port ANY.  Destination port 2222.  Target machine: server #2, Port to forward to 22..

etc.

Be sure you have a daemon listening on port 22 on each server machine (should already be there).

 

 

 

 

Highlighted
Copper Contributor andyd127
Copper Contributor
Posts: 16
Registered: ‎09-10-2013

Thank you so much for answering.  I am trying to do exactly that try different ports for different internal ip address .  I want to get one of them working before i do the same for the others.    I did it for 10.20.30.101.

 

Here is screen shot of my port forwarding page.   I did it for 10.20.30.101:2223    

 

But still unable to ssh into this server from outside.

 

portforwarding1.png

Highlighted
Copper Contributor andyd127
Copper Contributor
Posts: 16
Registered: ‎09-10-2013

This is my static nat page.  I ended up getting 4 more ip addresses for the time being so  that my developers are not sitting idle.  Once i get this ironed out, i will get rid of the extra 4 ips. so that all 10 developers can can access and i only pay for 1 public ip address.

 

staticnat1.png

Highlighted
Copper Contributor andyd127
Copper Contributor
Posts: 16
Registered: ‎09-10-2013

When i try to add 10.20.30.101 to the public ip address to forward 2223 i get this message about conflict.

 

conflict.png

Highlighted
Copper Contributor andyd127
Copper Contributor
Posts: 16
Registered: ‎09-10-2013

On My STATIC NAT page, i can't seem to add more then 1 internal ip address to the same external ip address.  Keeps giving me that ip conflicts between this rule and previous NAT/NAPT rules message.

Highlighted
Gold Contributor III
Gold Contributor III
Posts: 1,122
Registered: ‎12-04-2009

Your port forwarding rule is wrong.

 

In my previous instructions I specifically stated that SOURCE port should be ANY,

If source port if not ANY, then the originator's outgoing port must be the port number specified (e,g, 2222).

Not what you want.

 

 

Highlighted
Gold Contributor VII Gold Contributor VII
Gold Contributor VII
Posts: 2,153
Registered: ‎11-10-2009
Message 10 of 20
(2,933 Views)

@andyd127 wrote:

This is my static nat page.  I ended up getting 4 more ip addresses for the time being so  that my developers are not sitting idle.  Once i get this ironed out, i will get rid of the extra 4 ips. so that all 10 developers can can access and i only pay for 1 public ip address.

 

 

Sorry wrong quote not sure why you are using static nat but maybe it's important to you.

I'd just give the devices static Ip addresses and remove them from the dhcp pool

 

Any way to make the picture bigger or sizeable so that it is readable?

 

How-To Videos
 
The following videos were produced by users like you!
   
Videos are subject to the Verizon Fios Community Terms of Service and User Guidelines and contains content that is not created by Verizon.


Browse Categories
Categories:
Posts

Verizon Troubleshooters
Unable to find your answer here? Try searching Verizon Troubleshooters for more options.