[Micronet] ssh to two static IPs behind a router

classic Classic list List threaded Threaded
10 messages Options
Reply | Threaded
Open this post in threaded view
|

[Micronet] ssh to two static IPs behind a router

Mohammad Soheilypour
Hi Everyone,

I'm not quite sure that this is the right place to ask this type of question or not, I hope it is. We have two servers in our lab that are both connected through a router. Both servers have static IPs and we need to be able to ssh to each of them. The problem is that we cannot ssh to both of them when they are connected to the router (they are in another room and therefore we are not in their network), rather we can see only one of them. Is there any solution to have both of them connected to the router and also accessible from outside?

Best,
Mohammad

--
Mohammad Soheilypour
Molecular Cell Biomechanics Laboratory
University of California, Berkeley

           [hidden email]
           


 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] ssh to two static IPs behind a router

Isaac Orr
Hi Mohammad,

Without getting into the specifics of configuring things so this
works, is there a reason why the servers are connected behind their
own router?  Just curious, because there may be a simpler way to do
things.

iso


On Mon, Nov 24, 2014 at 9:51 AM, Mohammad Soheilypour
<[hidden email]> wrote:

> Hi Everyone,
>
> I'm not quite sure that this is the right place to ask this type of question
> or not, I hope it is. We have two servers in our lab that are both connected
> through a router. Both servers have static IPs and we need to be able to ssh
> to each of them. The problem is that we cannot ssh to both of them when they
> are connected to the router (they are in another room and therefore we are
> not in their network), rather we can see only one of them. Is there any
> solution to have both of them connected to the router and also accessible
> from outside?
>
> Best,
> Mohammad
>
> --
> Mohammad Soheilypour
> Molecular Cell Biomechanics Laboratory
> University of California, Berkeley
>
> Email : [hidden email]
>            [hidden email]
>
>
>
>
> -------------------------------------------------------------------------
> The following was automatically added to this message by the list server:
>
> To learn more about Micronet, including how to subscribe to or unsubscribe
> from its mailing list and how to find out about upcoming meetings, please
> visit the Micronet Web site:
>
> http://micronet.berkeley.edu
>
> Messages you send to this mailing list are public and world-viewable, and
> the list's archives can be browsed and searched on the Internet.  This means
> these messages can be viewed by (among others) your bosses, prospective
> employers, and people who have known you in the past.
>



--
Isaac Simon Orr
Manager, Network Operations and Services
IST Telecommunications, UC Berkeley
P: +1 510 643 9837 C: +1 510 517 9408 E: [hidden email]

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] ssh to two static IPs behind a router

Igor Savine
A simple workaround would be using a nonstandard port number (e.g. 33
instead of 22) on one of the servers.

--
Igor Savine
Information Systems Analyst
University of California Berkeley
993 Evans Hall
Berkeley, CA 94720
(510) 643-8747
[hidden email]

On Mon, Nov 24, 2014 at 9:54 AM, Isaac Orr <[hidden email]> wrote:

> Hi Mohammad,
>
> Without getting into the specifics of configuring things so this
> works, is there a reason why the servers are connected behind their
> own router?  Just curious, because there may be a simpler way to do
> things.
>
> iso
>
>
> On Mon, Nov 24, 2014 at 9:51 AM, Mohammad Soheilypour
> <[hidden email]> wrote:
>> Hi Everyone,
>>
>> I'm not quite sure that this is the right place to ask this type of question
>> or not, I hope it is. We have two servers in our lab that are both connected
>> through a router. Both servers have static IPs and we need to be able to ssh
>> to each of them. The problem is that we cannot ssh to both of them when they
>> are connected to the router (they are in another room and therefore we are
>> not in their network), rather we can see only one of them. Is there any
>> solution to have both of them connected to the router and also accessible
>> from outside?
>>
>> Best,
>> Mohammad
>>
>> --
>> Mohammad Soheilypour
>> Molecular Cell Biomechanics Laboratory
>> University of California, Berkeley
>>
>> Email : [hidden email]
>>            [hidden email]
>>
>>
>>
>>
>> -------------------------------------------------------------------------
>> The following was automatically added to this message by the list server:
>>
>> To learn more about Micronet, including how to subscribe to or unsubscribe
>> from its mailing list and how to find out about upcoming meetings, please
>> visit the Micronet Web site:
>>
>> http://micronet.berkeley.edu
>>
>> Messages you send to this mailing list are public and world-viewable, and
>> the list's archives can be browsed and searched on the Internet.  This means
>> these messages can be viewed by (among others) your bosses, prospective
>> employers, and people who have known you in the past.
>>
>
>
>
> --
> Isaac Simon Orr
> Manager, Network Operations and Services
> IST Telecommunications, UC Berkeley
> P: +1 510 643 9837 C: +1 510 517 9408 E: [hidden email]
>
>
> -------------------------------------------------------------------------
> The following was automatically added to this message by the list server:
>
> To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:
>
> http://micronet.berkeley.edu
>
> Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] ssh to two static IPs behind a router

Mohammad Soheilypour
In reply to this post by Isaac Orr
Hi Isaac,

Thanks for the prompt response. Actually I am not the person who set up the router configuration but my guess is that it gives a more secure connection for the servers (I'm no expert in this!).

By the way, to make sure that I was clear, both servers are connected through the same router.

Thanks,
Mohammad

On Mon, Nov 24, 2014 at 9:54 AM, Isaac Orr <[hidden email]> wrote:
Hi Mohammad,

Without getting into the specifics of configuring things so this
works, is there a reason why the servers are connected behind their
own router?  Just curious, because there may be a simpler way to do
things.

iso


On Mon, Nov 24, 2014 at 9:51 AM, Mohammad Soheilypour
<[hidden email]> wrote:
> Hi Everyone,
>
> I'm not quite sure that this is the right place to ask this type of question
> or not, I hope it is. We have two servers in our lab that are both connected
> through a router. Both servers have static IPs and we need to be able to ssh
> to each of them. The problem is that we cannot ssh to both of them when they
> are connected to the router (they are in another room and therefore we are
> not in their network), rather we can see only one of them. Is there any
> solution to have both of them connected to the router and also accessible
> from outside?
>
> Best,
> Mohammad
>
> --
> Mohammad Soheilypour
> Molecular Cell Biomechanics Laboratory
> University of California, Berkeley
>
> Email : [hidden email]
>            [hidden email]
>
>
>
>
> -------------------------------------------------------------------------
> The following was automatically added to this message by the list server:
>
> To learn more about Micronet, including how to subscribe to or unsubscribe
> from its mailing list and how to find out about upcoming meetings, please
> visit the Micronet Web site:
>
> http://micronet.berkeley.edu
>
> Messages you send to this mailing list are public and world-viewable, and
> the list's archives can be browsed and searched on the Internet.  This means
> these messages can be viewed by (among others) your bosses, prospective
> employers, and people who have known you in the past.
>



--
Isaac Simon Orr
Manager, Network Operations and Services
IST Telecommunications, UC Berkeley
P: <a href="tel:%2B1%20510%20643%209837" value="+15106439837">+1 510 643 9837 C: <a href="tel:%2B1%20510%20517%209408" value="+15105179408">+1 510 517 9408 E: [hidden email]



--
Mohammad Soheilypour
Molecular Cell Biomechanics Laboratory
University of California, Berkeley

           [hidden email]
           


 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] ssh to two static IPs behind a router

Mohammad Soheilypour
In reply to this post by Igor Savine
Hi Igor,

And then what do I need to do on the router to distinguish the two servers?

Thanks,
Mohammad

On Mon, Nov 24, 2014 at 9:59 AM, Igor Savine <[hidden email]> wrote:
A simple workaround would be using a nonstandard port number (e.g. 33
instead of 22) on one of the servers.

--
Igor Savine
Information Systems Analyst
University of California Berkeley
993 Evans Hall
Berkeley, CA 94720
<a href="tel:%28510%29%20643-8747" value="+15106438747">(510) 643-8747
[hidden email]

On Mon, Nov 24, 2014 at 9:54 AM, Isaac Orr <[hidden email]> wrote:
> Hi Mohammad,
>
> Without getting into the specifics of configuring things so this
> works, is there a reason why the servers are connected behind their
> own router?  Just curious, because there may be a simpler way to do
> things.
>
> iso
>
>
> On Mon, Nov 24, 2014 at 9:51 AM, Mohammad Soheilypour
> <[hidden email]> wrote:
>> Hi Everyone,
>>
>> I'm not quite sure that this is the right place to ask this type of question
>> or not, I hope it is. We have two servers in our lab that are both connected
>> through a router. Both servers have static IPs and we need to be able to ssh
>> to each of them. The problem is that we cannot ssh to both of them when they
>> are connected to the router (they are in another room and therefore we are
>> not in their network), rather we can see only one of them. Is there any
>> solution to have both of them connected to the router and also accessible
>> from outside?
>>
>> Best,
>> Mohammad
>>
>> --
>> Mohammad Soheilypour
>> Molecular Cell Biomechanics Laboratory
>> University of California, Berkeley
>>
>> Email : [hidden email]
>>            [hidden email]
>>
>>
>>
>>
>> -------------------------------------------------------------------------
>> The following was automatically added to this message by the list server:
>>
>> To learn more about Micronet, including how to subscribe to or unsubscribe
>> from its mailing list and how to find out about upcoming meetings, please
>> visit the Micronet Web site:
>>
>> http://micronet.berkeley.edu
>>
>> Messages you send to this mailing list are public and world-viewable, and
>> the list's archives can be browsed and searched on the Internet.  This means
>> these messages can be viewed by (among others) your bosses, prospective
>> employers, and people who have known you in the past.
>>
>
>
>
> --
> Isaac Simon Orr
> Manager, Network Operations and Services
> IST Telecommunications, UC Berkeley
> P: <a href="tel:%2B1%20510%20643%209837" value="+15106439837">+1 510 643 9837 C: <a href="tel:%2B1%20510%20517%209408" value="+15105179408">+1 510 517 9408 E: [hidden email]
>
>
> -------------------------------------------------------------------------
> The following was automatically added to this message by the list server:
>
> To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:
>
> http://micronet.berkeley.edu
>
> Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.



--
Mohammad Soheilypour
Molecular Cell Biomechanics Laboratory
University of California, Berkeley

           [hidden email]
           


 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] ssh to two static IPs behind a router

Isaac Orr
In reply to this post by Mohammad Soheilypour
Hi Mohammad,

If the issue is security, you might want to consider using the campus
firewall service? It's provided at no additional charge.  There are
typically few (if any) reasons for devices to need to be behind their
own router on the campus. Typically it just results in extra
configuration and work (which is what you're running into).

Often these exist as a throw back to a time when the funding model for
network connectivity was different, and there was more of an argument
to be made for this type of a solution.

iso


On Mon, Nov 24, 2014 at 10:00 AM, Mohammad Soheilypour
<[hidden email]> wrote:

> Hi Isaac,
>
> Thanks for the prompt response. Actually I am not the person who set up the
> router configuration but my guess is that it gives a more secure connection
> for the servers (I'm no expert in this!).
>
> By the way, to make sure that I was clear, both servers are connected
> through the same router.
>
> Thanks,
> Mohammad
>
> On Mon, Nov 24, 2014 at 9:54 AM, Isaac Orr <[hidden email]> wrote:
>>
>> Hi Mohammad,
>>
>> Without getting into the specifics of configuring things so this
>> works, is there a reason why the servers are connected behind their
>> own router?  Just curious, because there may be a simpler way to do
>> things.
>>
>> iso
>>
>>
>> On Mon, Nov 24, 2014 at 9:51 AM, Mohammad Soheilypour
>> <[hidden email]> wrote:
>> > Hi Everyone,
>> >
>> > I'm not quite sure that this is the right place to ask this type of
>> > question
>> > or not, I hope it is. We have two servers in our lab that are both
>> > connected
>> > through a router. Both servers have static IPs and we need to be able to
>> > ssh
>> > to each of them. The problem is that we cannot ssh to both of them when
>> > they
>> > are connected to the router (they are in another room and therefore we
>> > are
>> > not in their network), rather we can see only one of them. Is there any
>> > solution to have both of them connected to the router and also
>> > accessible
>> > from outside?
>> >
>> > Best,
>> > Mohammad
>> >
>> > --
>> > Mohammad Soheilypour
>> > Molecular Cell Biomechanics Laboratory
>> > University of California, Berkeley
>> >
>> > Email : [hidden email]
>> >            [hidden email]
>> >
>> >
>> >
>> >
>> >
>> > -------------------------------------------------------------------------
>> > The following was automatically added to this message by the list
>> > server:
>> >
>> > To learn more about Micronet, including how to subscribe to or
>> > unsubscribe
>> > from its mailing list and how to find out about upcoming meetings,
>> > please
>> > visit the Micronet Web site:
>> >
>> > http://micronet.berkeley.edu
>> >
>> > Messages you send to this mailing list are public and world-viewable,
>> > and
>> > the list's archives can be browsed and searched on the Internet.  This
>> > means
>> > these messages can be viewed by (among others) your bosses, prospective
>> > employers, and people who have known you in the past.
>> >
>>
>>
>>
>> --
>> Isaac Simon Orr
>> Manager, Network Operations and Services
>> IST Telecommunications, UC Berkeley
>> P: +1 510 643 9837 C: +1 510 517 9408 E: [hidden email]
>
>
>
>
> --
> Mohammad Soheilypour
> Molecular Cell Biomechanics Laboratory
> University of California, Berkeley
>
> Email : [hidden email]
>            [hidden email]
>
>



--
Isaac Simon Orr
Manager, Network Operations and Services
IST Telecommunications, UC Berkeley
P: +1 510 643 9837 C: +1 510 517 9408 E: [hidden email]

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] ssh to two static IPs behind a router

Igor Savine
In reply to this post by Mohammad Soheilypour
I assume the router comes with a built-in firewall that allows to map
TCP ports 22 and 33 on the WAN network interface to LAN serverA:22 and
serverB:33, respectively.

-Igor

On Mon, Nov 24, 2014 at 10:02 AM, Mohammad Soheilypour
<[hidden email]> wrote:

> Hi Igor,
>
> And then what do I need to do on the router to distinguish the two servers?
>
> Thanks,
> Mohammad
>
> On Mon, Nov 24, 2014 at 9:59 AM, Igor Savine <[hidden email]> wrote:
>>
>> A simple workaround would be using a nonstandard port number (e.g. 33
>> instead of 22) on one of the servers.
>>
>> --
>> Igor Savine
>> Information Systems Analyst
>> University of California Berkeley
>> 993 Evans Hall
>> Berkeley, CA 94720
>> (510) 643-8747
>> [hidden email]
>>
>> On Mon, Nov 24, 2014 at 9:54 AM, Isaac Orr <[hidden email]> wrote:
>> > Hi Mohammad,
>> >
>> > Without getting into the specifics of configuring things so this
>> > works, is there a reason why the servers are connected behind their
>> > own router?  Just curious, because there may be a simpler way to do
>> > things.
>> >
>> > iso
>> >
>> >
>> > On Mon, Nov 24, 2014 at 9:51 AM, Mohammad Soheilypour
>> > <[hidden email]> wrote:
>> >> Hi Everyone,
>> >>
>> >> I'm not quite sure that this is the right place to ask this type of
>> >> question
>> >> or not, I hope it is. We have two servers in our lab that are both
>> >> connected
>> >> through a router. Both servers have static IPs and we need to be able
>> >> to ssh
>> >> to each of them. The problem is that we cannot ssh to both of them when
>> >> they
>> >> are connected to the router (they are in another room and therefore we
>> >> are
>> >> not in their network), rather we can see only one of them. Is there any
>> >> solution to have both of them connected to the router and also
>> >> accessible
>> >> from outside?
>> >>
>> >> Best,
>> >> Mohammad
>> >>
>> >> --
>> >> Mohammad Soheilypour
>> >> Molecular Cell Biomechanics Laboratory
>> >> University of California, Berkeley
>> >>
>> >> Email : [hidden email]
>> >>            [hidden email]
>> >>
>> >>
>> >>
>> >>
>> >>
>> >> -------------------------------------------------------------------------
>> >> The following was automatically added to this message by the list
>> >> server:
>> >>
>> >> To learn more about Micronet, including how to subscribe to or
>> >> unsubscribe
>> >> from its mailing list and how to find out about upcoming meetings,
>> >> please
>> >> visit the Micronet Web site:
>> >>
>> >> http://micronet.berkeley.edu
>> >>
>> >> Messages you send to this mailing list are public and world-viewable,
>> >> and
>> >> the list's archives can be browsed and searched on the Internet.  This
>> >> means
>> >> these messages can be viewed by (among others) your bosses, prospective
>> >> employers, and people who have known you in the past.
>> >>
>> >
>> >
>> >
>> > --
>> > Isaac Simon Orr
>> > Manager, Network Operations and Services
>> > IST Telecommunications, UC Berkeley
>> > P: +1 510 643 9837 C: +1 510 517 9408 E: [hidden email]
>> >
>> >
>> >
>> > -------------------------------------------------------------------------
>> > The following was automatically added to this message by the list
>> > server:
>> >
>> > To learn more about Micronet, including how to subscribe to or
>> > unsubscribe from its mailing list and how to find out about upcoming
>> > meetings, please visit the Micronet Web site:
>> >
>> > http://micronet.berkeley.edu
>> >
>> > Messages you send to this mailing list are public and world-viewable,
>> > and the list's archives can be browsed and searched on the Internet.  This
>> > means these messages can be viewed by (among others) your bosses,
>> > prospective employers, and people who have known you in the past.
>
>
>
>
> --
> Mohammad Soheilypour
> Molecular Cell Biomechanics Laboratory
> University of California, Berkeley
>
> Email : [hidden email]
>            [hidden email]
>
>

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] ssh to two static IPs behind a router

Keenan Parmelee
Most consumer routers have a "port forwarding" section that allows you to configure specific ports to go to specific private IPs, so it's pretty easy.

But as Isaac said, it makes more sense for these servers to be connected directly to the network.  It'll be an easier time in the long run.

Something to keep in mind is the campus policy on NAT devices: https://security.berkeley.edu/NAT.html

On Mon, Nov 24, 2014 at 10:39 AM, Igor Savine <[hidden email]> wrote:
I assume the router comes with a built-in firewall that allows to map
TCP ports 22 and 33 on the WAN network interface to LAN serverA:22 and
serverB:33, respectively.

-Igor

On Mon, Nov 24, 2014 at 10:02 AM, Mohammad Soheilypour
<[hidden email]> wrote:
> Hi Igor,
>
> And then what do I need to do on the router to distinguish the two servers?
>
> Thanks,
> Mohammad
>
> On Mon, Nov 24, 2014 at 9:59 AM, Igor Savine <[hidden email]> wrote:
>>
>> A simple workaround would be using a nonstandard port number (e.g. 33
>> instead of 22) on one of the servers.
>>
>> --
>> Igor Savine
>> Information Systems Analyst
>> University of California Berkeley
>> 993 Evans Hall
>> Berkeley, CA 94720
>> <a href="tel:%28510%29%20643-8747" value="+15106438747">(510) 643-8747
>> [hidden email]
>>
>> On Mon, Nov 24, 2014 at 9:54 AM, Isaac Orr <[hidden email]> wrote:
>> > Hi Mohammad,
>> >
>> > Without getting into the specifics of configuring things so this
>> > works, is there a reason why the servers are connected behind their
>> > own router?  Just curious, because there may be a simpler way to do
>> > things.
>> >
>> > iso
>> >
>> >
>> > On Mon, Nov 24, 2014 at 9:51 AM, Mohammad Soheilypour
>> > <[hidden email]> wrote:
>> >> Hi Everyone,
>> >>
>> >> I'm not quite sure that this is the right place to ask this type of
>> >> question
>> >> or not, I hope it is. We have two servers in our lab that are both
>> >> connected
>> >> through a router. Both servers have static IPs and we need to be able
>> >> to ssh
>> >> to each of them. The problem is that we cannot ssh to both of them when
>> >> they
>> >> are connected to the router (they are in another room and therefore we
>> >> are
>> >> not in their network), rather we can see only one of them. Is there any
>> >> solution to have both of them connected to the router and also
>> >> accessible
>> >> from outside?
>> >>
>> >> Best,
>> >> Mohammad
>> >>
>> >> --
>> >> Mohammad Soheilypour
>> >> Molecular Cell Biomechanics Laboratory
>> >> University of California, Berkeley
>> >>
>> >> Email : [hidden email]
>> >>            [hidden email]
>> >>
>> >>
>> >>
>> >>
>> >>
>> >> -------------------------------------------------------------------------
>> >> The following was automatically added to this message by the list
>> >> server:
>> >>
>> >> To learn more about Micronet, including how to subscribe to or
>> >> unsubscribe
>> >> from its mailing list and how to find out about upcoming meetings,
>> >> please
>> >> visit the Micronet Web site:
>> >>
>> >> http://micronet.berkeley.edu
>> >>
>> >> Messages you send to this mailing list are public and world-viewable,
>> >> and
>> >> the list's archives can be browsed and searched on the Internet.  This
>> >> means
>> >> these messages can be viewed by (among others) your bosses, prospective
>> >> employers, and people who have known you in the past.
>> >>
>> >
>> >
>> >
>> > --
>> > Isaac Simon Orr
>> > Manager, Network Operations and Services
>> > IST Telecommunications, UC Berkeley
>> > P: <a href="tel:%2B1%20510%20643%209837" value="+15106439837">+1 510 643 9837 C: <a href="tel:%2B1%20510%20517%209408" value="+15105179408">+1 510 517 9408 E: [hidden email]
>> >
>> >
>> >
>> > -------------------------------------------------------------------------
>> > The following was automatically added to this message by the list
>> > server:
>> >
>> > To learn more about Micronet, including how to subscribe to or
>> > unsubscribe from its mailing list and how to find out about upcoming
>> > meetings, please visit the Micronet Web site:
>> >
>> > http://micronet.berkeley.edu
>> >
>> > Messages you send to this mailing list are public and world-viewable,
>> > and the list's archives can be browsed and searched on the Internet.  This
>> > means these messages can be viewed by (among others) your bosses,
>> > prospective employers, and people who have known you in the past.
>
>
>
>
> --
> Mohammad Soheilypour
> Molecular Cell Biomechanics Laboratory
> University of California, Berkeley
>
> Email : [hidden email]
>            [hidden email]
>
>


-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.


 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] ssh to two static IPs behind a router

Mike Howard
In reply to this post by Igor Savine
If your router a consumer grade NAT router, it probably does not have sufficient logging capability to meet the requirements of the Security Policy for NAT Devices: https://security.berkeley.edu/NAT.html

Every server deserves it's own connection, public IP address, and hostname. You've already paid for the network and firewall service through the DNR, so take advantage of them and register your hosts properly. 

If your lab needs wiring in the walls for the second server, a new data jack can be installed for a one-time $307 fee. (This is very reasonable considering the labor involved.)

On Mon, Nov 24, 2014 at 10:39 AM, Igor Savine <[hidden email]> wrote:
I assume the router comes with a built-in firewall that allows to map
TCP ports 22 and 33 on the WAN network interface to LAN serverA:22 and
serverB:33, respectively.

-Igor

On Mon, Nov 24, 2014 at 10:02 AM, Mohammad Soheilypour
<[hidden email]> wrote:
> Hi Igor,
>
> And then what do I need to do on the router to distinguish the two servers?
>
> Thanks,
> Mohammad
>
> On Mon, Nov 24, 2014 at 9:59 AM, Igor Savine <[hidden email]> wrote:
>>
>> A simple workaround would be using a nonstandard port number (e.g. 33
>> instead of 22) on one of the servers.
>>
>> --
>> Igor Savine
>> Information Systems Analyst
>> University of California Berkeley
>> 993 Evans Hall
>> Berkeley, CA 94720
>> <a href="tel:%28510%29%20643-8747" value="+15106438747" target="_blank">(510) 643-8747
>> [hidden email]
>>
>> On Mon, Nov 24, 2014 at 9:54 AM, Isaac Orr <[hidden email]> wrote:
>> > Hi Mohammad,
>> >
>> > Without getting into the specifics of configuring things so this
>> > works, is there a reason why the servers are connected behind their
>> > own router?  Just curious, because there may be a simpler way to do
>> > things.
>> >
>> > iso
>> >
>> >
>> > On Mon, Nov 24, 2014 at 9:51 AM, Mohammad Soheilypour
>> > <[hidden email]> wrote:
>> >> Hi Everyone,
>> >>
>> >> I'm not quite sure that this is the right place to ask this type of
>> >> question
>> >> or not, I hope it is. We have two servers in our lab that are both
>> >> connected
>> >> through a router. Both servers have static IPs and we need to be able
>> >> to ssh
>> >> to each of them. The problem is that we cannot ssh to both of them when
>> >> they
>> >> are connected to the router (they are in another room and therefore we
>> >> are
>> >> not in their network), rather we can see only one of them. Is there any
>> >> solution to have both of them connected to the router and also
>> >> accessible
>> >> from outside?
>> >>
>> >> Best,
>> >> Mohammad
>> >>
>> >> --
>> >> Mohammad Soheilypour
>> >> Molecular Cell Biomechanics Laboratory
>> >> University of California, Berkeley
>> >>
>> >> Email : [hidden email]
>> >>            [hidden email]
>> >

--
Mike Howard
Network Engineer
UC Berkeley SAIT

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] ssh to two static IPs behind a router

Mohammad Soheilypour
Hi Everyone,

Thanks for all responses and information. I'm currently working with Isaac to find the best efficient solution.

Thanks again. 

Best,
Mohammad

On Mon, Nov 24, 2014 at 10:58 AM, Mike Howard <[hidden email]> wrote:
If your router a consumer grade NAT router, it probably does not have sufficient logging capability to meet the requirements of the Security Policy for NAT Devices: https://security.berkeley.edu/NAT.html

Every server deserves it's own connection, public IP address, and hostname. You've already paid for the network and firewall service through the DNR, so take advantage of them and register your hosts properly. 

If your lab needs wiring in the walls for the second server, a new data jack can be installed for a one-time $307 fee. (This is very reasonable considering the labor involved.)

On Mon, Nov 24, 2014 at 10:39 AM, Igor Savine <[hidden email]> wrote:
I assume the router comes with a built-in firewall that allows to map
TCP ports 22 and 33 on the WAN network interface to LAN serverA:22 and
serverB:33, respectively.

-Igor

On Mon, Nov 24, 2014 at 10:02 AM, Mohammad Soheilypour
<[hidden email]> wrote:
> Hi Igor,
>
> And then what do I need to do on the router to distinguish the two servers?
>
> Thanks,
> Mohammad
>
> On Mon, Nov 24, 2014 at 9:59 AM, Igor Savine <[hidden email]> wrote:
>>
>> A simple workaround would be using a nonstandard port number (e.g. 33
>> instead of 22) on one of the servers.
>>
>> --
>> Igor Savine
>> Information Systems Analyst
>> University of California Berkeley
>> 993 Evans Hall
>> Berkeley, CA 94720
>> <a href="tel:%28510%29%20643-8747" value="+15106438747" target="_blank">(510) 643-8747
>> [hidden email]
>>
>> On Mon, Nov 24, 2014 at 9:54 AM, Isaac Orr <[hidden email]> wrote:
>> > Hi Mohammad,
>> >
>> > Without getting into the specifics of configuring things so this
>> > works, is there a reason why the servers are connected behind their
>> > own router?  Just curious, because there may be a simpler way to do
>> > things.
>> >
>> > iso
>> >
>> >
>> > On Mon, Nov 24, 2014 at 9:51 AM, Mohammad Soheilypour
>> > <[hidden email]> wrote:
>> >> Hi Everyone,
>> >>
>> >> I'm not quite sure that this is the right place to ask this type of
>> >> question
>> >> or not, I hope it is. We have two servers in our lab that are both
>> >> connected
>> >> through a router. Both servers have static IPs and we need to be able
>> >> to ssh
>> >> to each of them. The problem is that we cannot ssh to both of them when
>> >> they
>> >> are connected to the router (they are in another room and therefore we
>> >> are
>> >> not in their network), rather we can see only one of them. Is there any
>> >> solution to have both of them connected to the router and also
>> >> accessible
>> >> from outside?
>> >>
>> >> Best,
>> >> Mohammad
>> >>
>> >> --
>> >> Mohammad Soheilypour
>> >> Molecular Cell Biomechanics Laboratory
>> >> University of California, Berkeley
>> >>
>> >> Email : [hidden email]
>> >>            [hidden email]
>> >

--
Mike Howard
Network Engineer
UC Berkeley SAIT



--
Mohammad Soheilypour
Molecular Cell Biomechanics Laboratory
University of California, Berkeley

           [hidden email]
           


 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.