Find the answer to your Linux question:
Page 1 of 2 1 2 LastLast
Results 1 to 10 of 20
Hi all, I am looking for a solution that would allow me to remote admin (console access would be fine) Linux devices that are behind NAT router / firewall. Reverse ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Apr 2010
    Posts
    6

    Remote admin behind NAT


    Hi all,

    I am looking for a solution that would allow me to remote admin (console access would be fine) Linux devices that are behind NAT router / firewall.

    Reverse SSH tunnels look promising, however I am looking to have hundreds of devices and assume with reverse SSH this could be only either achieved by having a different source domain each or different port per device, which is not scalable.

    Does anyone know if there would be way to manage multiple devices with single reverse SSH tunnel source or some other technology that would give me an access to Linux devices when behind NAT?

    Regards,

    Olli

  2. #2
    Trusted Penguin Irithori's Avatar
    Join Date
    May 2009
    Location
    Munich
    Posts
    3,391
    For hundreds of devices individual tunnels are too much work.

    You could consider installing OpenVPN on the router/firewall.
    You must always face the curtain with a bow.

  3. #3
    Just Joined!
    Join Date
    Apr 2010
    Posts
    6
    Thanks for the reply. The devices are in networks that I have no control over, so cannot install or configure anything on the router/firewall.

    Would it be possible e.g. to write a server side program that would open two way socket when contacted from the device and then you could issue shell commands through this socket?

    Regards,

    Olli

  4. #4
    Linux User
    Join Date
    Dec 2009
    Posts
    264
    But you could install openVPN on the clients of the networks ...
    So they connect too your server within the internet and get an IP there.

    You could configure them so that you local computer seems to be in the same network.

    Example:
    The - clients you wanna controll are in a private network: 10.0.0.0/24
    You create a VPN Network with the private address pool: 10.0.1.0/24
    Your local router is the VPN Server all the client computers connect to it automaticly.
    So you can access them with the ips 10.0.1.1 - 10.0.1.100

    That way you don't need any unsecured open ports in the Internet ... just one openVPN Server ... only access-able with the 100 keys the clients got.

  5. #5
    Linux Guru coopstah13's Avatar
    Join Date
    Nov 2007
    Location
    NH, USA
    Posts
    3,149
    Quote Originally Posted by ojaro View Post
    Thanks for the reply. The devices are in networks that I have no control over, so cannot install or configure anything on the router/firewall.
    Zombykilla, OP already posted that they cannot do something like this as they have no control over router/firewall, which would be needed to set up a VPN

  6. #6
    Linux User
    Join Date
    Dec 2009
    Posts
    264
    You don't need the control over the router.
    The connection is started by the clients behind the firewall... so the replies from your "control" Computer / VPN Server will pass the firewall as established connection.
    The only thing you may need to set is that the connection uses tcp instead of udp.

  7. #7
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    If these devices are all on the same network you only need to worry about access to one server. From there you should be able to ssh into the others.

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  8. #8
    Just Joined!
    Join Date
    Apr 2010
    Posts
    6
    Ok. Looks like I should do some testing with OpenVPN then

    Any view on maximum number of clients? Also, what is the best practive to indentify each device? If I know their MAC accesses can I find somehow which IP belongs to which MAC?

    Regards,

    Olli

  9. #9
    Just Joined!
    Join Date
    Apr 2010
    Posts
    6
    Aah, reading OpenVPN documentation the client IP address can be defined when creating the connection, so assume I could just maintain a database of devices and IPs.

    Olli

  10. #10
    Trusted Penguin Irithori's Avatar
    Join Date
    May 2009
    Location
    Munich
    Posts
    3,391
    *Hint* Client certificates *Hint*
    You must always face the curtain with a bow.

Page 1 of 2 1 2 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •