OESF | ELSI | pdaXrom | OpenZaurus | Zaurus Themes | Community Links | Ibiblio

IPB

Welcome Guest ( Log In | Register )

 
Reply to this topicStart new topic
> How Do I Find My Ip Address?
Capn_Fish
post Jun 29 2007, 07:06 PM
Post #1





Group: Members
Posts: 2,350
Joined: 30-July 06
Member No.: 10,575



I know ifconfig will show my intranet IP address, but how do I find my internet IP address? I'm wondering about this for SSHing into my desktop from my Z (and vice versa) across the internet.

Probably a simple question, but I really have no idea how to do it.

Thanks.
Go to the top of the page
 
+Quote Post
pelrun
post Jun 29 2007, 07:44 PM
Post #2





Group: Members
Posts: 369
Joined: 6-September 04
From: Brisbane, Australia
Member No.: 4,488



If your machine is on a private IP segment (10.x.x.x or 192.168.x.x) then there's a NAT gateway/firewall between your machine and the internet proper and you can't directly SSH in from outside. You have to configure an explicit port redirection on the gateway machine/router to do it.
Go to the top of the page
 
+Quote Post
adf
post Jun 29 2007, 09:38 PM
Post #3





Group: Members
Posts: 2,821
Joined: 13-September 04
From: Wasilla Ak.
Member No.: 4,572



QUOTE(pelrun @ Jun 30 2007, 03:44 AM)
If your machine is on a private IP segment (10.x.x.x or 192.168.x.x) then there's a NAT gateway/firewall between your machine and the internet proper and you can't directly SSH in from outside. You have to configure an explicit port redirection on the gateway machine/router to do it.
*

Maybe use dyndns and redirect ssh over a more common http (or something port)? That would simplify getting into your Z from different networking environments, especially those where you can't eaily do the port redirection on the NAT, wouldn't it?
You'd probably want to be running a firewall on the Z and of course edit yuor hostname and sshd.conf, right? Or had you already considered this option?
Go to the top of the page
 
+Quote Post
InSearchOf
post Jun 30 2007, 05:37 AM
Post #4





Group: Admin
Posts: 1,210
Joined: 20-January 06
From: York, Pennsylvania
Member No.: 8,961



QUOTE(adf @ Jun 30 2007, 01:38 AM)
QUOTE(pelrun @ Jun 30 2007, 03:44 AM)
If your machine is on a private IP segment (10.x.x.x or 192.168.x.x) then there's a NAT gateway/firewall between your machine and the internet proper and you can't directly SSH in from outside. You have to configure an explicit port redirection on the gateway machine/router to do it.
*

Maybe use dyndns and redirect ssh over a more common http (or something port)? That would simplify getting into your Z from different networking environments, especially those where you can't eaily do the port redirection on the NAT, wouldn't it?
You'd probably want to be running a firewall on the Z and of course edit yuor hostname and sshd.conf, right? Or had you already considered this option?
*



and like adf said... edit your sshd.conf and set AllowRootLogin to NO!

I has my pdaxrom-dev box open so I could get to it from work... and before I did that I disabled it... well one day something told me to check my why root has so much mail... my SELinux logs say I was getting about 500 bad login attempts from people using random pass gentrators on the root account. But even it there password was right... they still wouldnt get in :-)

Late
Go to the top of the page
 
+Quote Post
Capn_Fish
post Jun 30 2007, 06:19 AM
Post #5





Group: Members
Posts: 2,350
Joined: 30-July 06
Member No.: 10,575



Yes, I know about setting up sshd.conf. I currently (on the boxes I SSH into from my Z on my intranet) have them set up to deny root access and with DSA key authentication, so if you don't have the private part of the key, you can't get in. Also, I'm firewalled off from all incoming connections from the internet by my router. I realize I'd have to change that to SSH in through the internet, but it's secure AFAIK.

EDIT: That's about as far as my firewalling knowledge goes. I as going to try to learn how to set up IPTables a while ago, but all of tutorials were confusing at that point.

And a quick question: If I open a port on my router's firewall/set up port knocking on it (if possible), could I SSH in then?
Go to the top of the page
 
+Quote Post
adf
post Jun 30 2007, 11:55 AM
Post #6





Group: Members
Posts: 2,821
Joined: 13-September 04
From: Wasilla Ak.
Member No.: 4,572



if you told the Z to listen on that port in sshd.conf

which reminds me--- lokkit or some other simple fast iptables gui would be really helpful on the Z (gpe shield would be fine, but it is currently not working in pdaxii13)
Go to the top of the page
 
+Quote Post
Da_Blitz
post Jul 2 2007, 04:25 AM
Post #7





Group: Members
Posts: 1,565
Joined: 7-April 05
From: Sydney, Australia
Member No.: 6,806



if you are behind a NAT and you want your gateways IP then goto whatsmyip.net and it will spit out the IP it sees

as for hiding behind the NAT you want to foward port 22 (or hatever you use, i dont recomend the default) to the IP of the device you want to ssh into, if you dont control the gateway (ie work) then try a default password (the evil way) or you have 2 options

1: Reverse ssh/telnet, involves getting the Z to ssh and port foward to a machine you own. you then connect to the machine you own which connects you to the Z, encrypts data twice (overhead)
2: VPN and fowarding, creates a private address range of physically seperate machines (ie 10.0.0.x might be in japan while 10.0.1.x might be in sydney) that appear local. i am thinking about offering this to people from my server.

btw are we talking about <generic brand> routers here or a DIY linux/openBSD special? makes a diffrence in how you set up the port fowarding (and if you blocked incomming connections properly, remeber only allow "established" connections in

if you are using <generic brand> routers then they have support for dyndns updates these days. however if you drop the line more than twice an hour you might get periods of no conectivity (affects me for eg) or if you own a dowain name and server its posible to update your ip via ssh, but thats getting a bit complex (thats what i like)

i remeber writing up a sshd tricks guide in the security fourm somwhere , should dig that up and add it to my tag
Go to the top of the page
 
+Quote Post
Capn_Fish
post Jul 3 2007, 06:21 AM
Post #8





Group: Members
Posts: 2,350
Joined: 30-July 06
Member No.: 10,575



Thank you for the informitive post!

I'll look into that stuff.

And for future reference, this is just a standalone router. No custom Linux/BSD setup, I'm afraid. sad.gif
Go to the top of the page
 
+Quote Post

Reply to this topicStart new topic
2 User(s) are reading this topic (2 Guests and 0 Anonymous Users)
0 Members:

 



RSS Lo-Fi Version Time is now: 28th November 2014 - 07:57 AM