isolation

[roland brouwers]

> roland brouwers wrote:
> 
>>Hello,
>>
>>I have an installation of a Linux server Redhat 9.0 in a network
>>192.168.9.0/24, containing 2 routers. Router-1 connecting to the world
>>and router-2 connecting to another network, 192.168.1.0/24.
>>
>>Somehow I cannot connect to the Linux server, neither with ping,
> 
> telnet
> 
>>or ftp. From the internet I can connect to server with SSH. If I make
> 
> a
> 
>>tunnel VPN with my pc to the router-1, I cannot reach the server, no
>>ping, no ftp.
>>
>>What can I do?
> 
> 
> When you say "router", I'm assuming you mean something like a Linksys
> or D-Link cable or DSL router.  Those perform routing AND NAT.  You
must
> NAT, as the 192.168.0.0/16 network is not routable over the internet.
> 
> You must set the router between the internet and your 192.168.9.0/24
> network to "port forward" the ports you want to the Linux box.  For
> example, assuming the Linux box is at 192.168.9.5, you must have the 
> router forward port 22 to that IP.  D-Link calls this service "virtual
> servers", I'm not sure what Linksys calls them.
> 
> Some more details:
> 
> The network 192.168.9.0/24 has a server Linux RH9 192.168.9.254,
several
> workstations and 2 routers, router-1 192.168.9.98(to the internet) and
> router-2 192.168.9.97 to another network, 192.168.1.0/24. 
> On router-1 I forwarded port 22 to the server.
> 
>>From home a can connect to the linuxbox with SSH port 22, passing
> router-1.
> If I establish a VPN connection to this router from my pc at home, I
can
> ping and ftp to the LinuxServer
> 
> If the VPN tunnel is established from the other network, 192.168.1.0,
> the Linuxserver is not reachable by ping or ftp, passing router-2.
> 
> On the other hand the router-1 is reachable by ping, coming from this
> network 192.168.1.0. over router-2.
> 
> What does the linuxserver can do different from the router-1.

Both router-1 and router-2 must forward port 22 to the Linux box.  For
this discussion, let's call the port on each router that connects to
192.168.9.0/24 the "LAN" port and the port that connects to the outside
(internet or any other network) the "WAN" port.  Having established that
much, you must see that both routers must know that port 22 traffic
coming in from the WAN port must be "NATted" and directed to the Linux
box on the LAN port.  That's the only way it'll work if you use NAT.

> I suppose, when you buil a tunnel VPN, no port-forwarding is
necessary.

That's right.  You don't because a VPN simply connects two chunks of a
private network together using the Internet as a bridge.  If you define
a 192.168/16 private network and keep 192.168.1/24 in one office and
192.168.9/24 in another office and connect them using a VPN, they're all
still part of the /16 with a bridge between them.  The VPN does the
routing between the two sections.

Technically, a true VPN doesn't even IPs on the segments of the private
network.  It simply picks up traffic on one segment, encrypts it, shoots
it over to the other end, decrypts it and spews it onto the other
segment.  The only reason they do use IPs is to permit you to control
the VPN itself.

> I wonder!!

Wonder no more!  ;-)

> Maybe its like a woman, you have to work around.

Okt,20

I have a little question:
I changed the routing on the LinuxBox and added:
Route add -net 192.168.0.0 netmask 255.255.255.0 gw 192.168.9.97 (this
is the router to the other network)
>From then on I could reach the Linux Box, coming from 192.168.0/24
network
Why is this necessary?

Now that I have you on line, a little other question:
How can I change the Timezone for the server and for the user?

I really thank you for your prompt answer. You are a great guy.
Some day I will send you flowers.

roland