There is a server in my company and many people in the company work on it by Putty. We installed the Putty for our own computers to remote the server. BUT all of these happened in the company's inner web.
Now I want to remote the server from outer web. For example, I am home and I work on the company's server. For now I dont know how to realize this.
How can I configure the server and my PC at home?
Need I make some configuration for the router of the company? How?
Thanks in advance.
Assuming your company has a competent IT staff, there is a firewall that blocks incoming SSH attempts out. (It is called SSH, not Putty. Putty is just a program that Windows users tend to use for SSH.) Inside the company's network, you can SSH. So, from home, you will hit a firewall and you can't SSH in.
Does your company have a VPN system? If so, use that. There are many forms of VPN. Your company's IT staff can tell you how to configure your home machine so it can connect to the company's VPN. Once it does that, it will be as though your home computer is inside the company. You are inside the firewall. You can SSH.
You can ask if they will open the firewall for you. They shouldn't, but you can ask.
If you don't have VPN, all is not lost, but it gets more difficult. I don't expect you to do this, so I will only list the steps.
Install an SSH server on your home computer. Get it up and running. SSH into it from another computer at home.
Forward incoming port 22 requests to your home's firewall/router to your home computer so you can SSH into your home machine from outside your house, ie: From work. Test it from work to ensure it works.
Set up a reverse port forward SSH connection from the server at work to your home computer. What this does is initiate an SSH connection from the work server to your home computer. It then listens on a port on your home computer (pretend you used 2222 as the port). Now, from home, you SSH to your home computer (localhost) on 2222 and it connects over the previously made connection to the server at work.
Your IT staff might notice that you did this. They probably won't like it because you are bypassing their firewall.
You can either forward the port of the server to the public internet, or you can set up a VPN located inside your company's LAN that can be reached from outside the LAN such as OpenVPN.
Note: If you are planning to forward the server directly, make sure the server's security settings are set up correctly to prevent misuse of attackers. You can also restrict access to specific IP addresses using a firewall.
Assuming that your server is behind corporate network, you MUST require a VPN connection to access it. Talk to your IT department and they will be able to help with setting VPN connection.
Related
I hope someone can point me in the right direction.
I have a Windows Server 2012R2 running Bitvise SSH server, for the sake of simplicity it has only one ethernet card. SSH listens to 192.168.1.115 port 22.
When the server is connected to the internet with VPN (NordVPN client > I cannot edit config) the SSH connection is no longer working. I believe this is very normal as the VPN changes the gateway and routes all, including SSH, packages through it.
I was hoping it is possible to simply edit the routing table or similar so that all SSH packages on 192.168.1.115 port 22 are routed to the original gateway (the gateway before VPN is connected so to speak) and that all other are routed via the VPN gateway.
Alas, I have no idea how to start with this split tunneling. Maybe there are tools or other solution for this? I have search high and low but did not find an easy answer.
Looking really forward to your expertise. Thank you.
With best regards,
ShadowHunter
I have set up a new NAS using Open Media Vault. I have installed the WebMin extension to get on to the web gui for configuration. My problem is that I have to be on the same network as my NAS. How can I connect to my NAS from a different network than it is connected to? On the network that it is connected to its IP is 192.168.0.99:1000 for the WebMin gui. How can I access this from a different network?
Setup a VPN to connect to the network that your NAS is on. Once the VPN is connected you can connect to the NAS as if you were on the local network.
You could also possibly setup firewall and/or port forwarding rules depending on how your network is setup but please consider the security issues when doing so.
You could alternatively also try to open the NAS and give it a public IP address and a DNS. This will allow you to setup SSH and FTP as it was any other server.
To SSH remotely over the internet, you need either a permanent IP address or a domain name that is updated to point to the IP address when it changes. The latter requires a dynamic domain name service. A good free one is DuckDNS (duckdns.org). First, use one of the sign-in options such as Google. In the domain line enter your preferred subdomain name.
There is a great guide on how you can do this here: https://forums.freenas.org/index.php?threads/how-to-how-to-access-your-freenas-server-remotely-and-securely.27376/
I have a client who is remote. I need to debug some weird problem that none of my other clients are having. Before I try and set up a conference with this client, I would like to know if there is some way of remotely debugging our application.
I see that there are remote debugging tools available for Visual Studio, but from what I've read, I need to be on the same subnet. As the person is remote, this is not a possibility. Also, as I'd like to keep our connection secure, I would need to connect up some sort of encrypted tunnel (this is where I'm a little fuzzy as my networking skills are mostly theoretical).
As I understand it, an encrypted tunnel is a bridge to another (different) subnet. This is to ensure that those computers on the other side won't interfere with the local subnet computers.
So, because the client's computer is on a different subnet, I think that this is not possible. Or is it? Should there not be a way of making the client's computer show up as a virtual computer on my subnet, by forwarding packets from one subnet to another? I would think that this is theoretically possible, but I'm not exactly sure how I would go about this.
Also, at the moment, my current way that we connect to clients is through GoToMeeting, but I don't think that it supports tunneling. If not, then I may need some way of generating a tunnel, so I was also thinking of maybe using some SSH programme like PuTTY.
As I have said before, my knowledge of networking is quite theoretical, so if the tools that I am suggesting are not the correct ones, please correct me. (I'm a programmer, damm it! Not a network engineer!)
Both computers are Windows boxes. Windows 10 (client) and Windows 8.1 (development).
If you can connect to an ssh server in the remote network, you can (subject to configuration on the server) create a tunnel such that you connect to a socket on your local pic and the connection appears from the server to an endpoint on the remote network.
You'll want to investigate the -L command of OpenSSH, which combined with the PuTTY docs, should help explain what's required.
By default, the endpoint would be a port on the ssh server, but it could be a port on a different host that the remote server can connect to.
I'm not familiar with the current state of Windows SSH servers, but even if there isn't a system server to hand, you should be able to have on run 'on demand' - if you run it on a non-privileged port and by the user you want to connect in as, it shouldn't even need Admin privileges.
I'm not familiar with GoToMeeting, but the one thing with SSH tunnelling it that IT depts should be familiar with SSH. If trying that, focus on getting a working connection in, then setting up the tunnel, then connecting through it as separate steps.
Once you have an SSH connection, then it doesn't need to do something itself, and you can then investigate connecting while specifying the port forwarding, but will will need to get the basic connection working correctly first.
The website says:
Tunnlr uses SSH remote tunneling. It securely connects a port on your
local machine to an open port on our public server. Once you start
your Tunnlr client, the web server on your local machine will be
available to the rest of the world through your special Tunnlr URL.
Could someone please go into a bit more detail over how this entire process works? Or maybe point to something open source that allows the same thing?
The SSH protocol allows tunneling of connections in either direction. So based on the description above here's what is happening:
You download a client program (an SSH client) to your computer and run it.
The client establishes an SSH connection out from your computer to the tunnlr remote server
On the tunnlr server an access port is opened for incoming connections. Let's say port 1234.
Now when anyone connects to tunnlr:1234 the tunnlr server will instruct your client program through the connection established in step 2 to open a connection inside your computer - let's say to port 80 (e.g. you're running a webserver there).
The tunnel connection will now shuffle data between tunnlr:1234 and your_computer:80.
So effectively this is what is running:
[some_remote_computer]<->[tunnlr:1234]<->[SSH tunnel]<->[your_computer:80]
Assume some_remote_computer is your friend or anyone else you want to be able to connect to your local web server.
SSH is available for many platforms (Linux, Windows, OSX and more). You can build such tunnels quite easily with it, but you will of course need access to both computers you want to build the tunnel between. Let's say one computer is your own computer and another is a VPS you've rented (or any other remote server with SSH access). Now you can run exactly the same setup.
The advantage with tunnlr is they manage the remote server for you, and they have a registered hostname you can use for your tunnels.
I googled, followed all the instructions but still stuck, and unable to create a home ftp server.
My internet is from dsl modem -> vonage router -> wifi router
FileZilla server ip is 127.0.0.1 and it works fine when tried from command prompt. But I need it to be accessible from outside.
I enabled ftp on wifi router's web settings page using virtual server setting.
I am stuck at this point, I don't know what else to do further. Any help is greatly appreciated.
Also, if you are planning on accessing your server remotely, (not in your network) you will have to enable port forwarding on your router. (Use the ip address of the machine running the server and use port 21) Otherwise, you only be able to connect while in your LAN.
This pretty much summarizes your needs(via lifehacker.com)
If you're FTP'ing across your home
network (like from your upstairs PC to
your bedroom PC), you can reach the
server by using its internal network
address (most likely something like
192.168.xx.xx.) From the command line, type ipconfig to see what that address
is. If you want to log into your FTP
server over the internet, set up a
memorable URL for it and allow
connections from outside your network.
To do so, check out how to assign a
domain name to your home server and
how to access your home server behind
a router and firewall.
Original Article
How to assign a domain name to your home server
How to access a server behind a router and firewall
You need to be able to access your internal network from the internet. Consider using a service like dynDNS if your router supports it.