Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Speed Stream 5861

  1. #1

    Speed Stream 5861

    I have some problems. I have a Speed Stream 5861 router/modem at a lab. We have three PC's on the inside sharing a connection and a Red Hat server. The PC's need a static IP address in order to log into the software on the Linux box. OK that is my setup. The problem is I am trying to SSH into the Linux box through the modem/router by opening port 22 on the router. The config is a little screwy and I can't seem to find any more info on the router. There is a remote side and a ethernet side in the config. I have NAT turned on on the remote side and NAT turned on on the the ethernet side. I can SSH fine, but the internet does not work from the inside. If I shut NAT off on ethernet I can not SSH but I can access the internet. Weird. The other thing I noticed was that if I run a nmap when NAT ethernet is off port 22 is filtered. If the NAT ethernet is on port 22 says it is filtered. Anyone have any ideas. I have set this up before on a different router/modem and had no problems. I can't figure this one out though.

  2. #2
    Moderator
    Good Guru
    Schotty's Avatar
    Join Date
    Jul 2001
    Location
    Milwaukee, WI
    Posts
    5,760

    Re:Speed Stream 5861

    setup port forwarding on the nat gateway to forward the ssh requests to the server. And of course allow on the server ssh requests.

    After a second of thinking -- is this a bridge or a normal nat gateway? If it is a bridge make sure that the firewall on the server is set to allow your real world (wan) IPs. Otherwise if it is a nat gateway, it would be the private IPs (LAN0 that would be used.

    So if 1.2.3.4 -1.2.3.6 are issued to you from your ISP, your firewall would need to know that the following IPs need to connect. If it is not bridged and therefore natted, we need to say ... map 192.168.0.4 - 192.168.0.6 to each WAN IP and allow ssh sessions from 192.168.4 - 192.168.0.6.

  3. #3

    Re:Speed Stream 5861

    It is set up like that right now. It has somthing to do with the wierd settings I posted before. I just dont get how I can SSH one way and not get to the net and the other way I can get to the net but not SSH.

  4. #4
    Moderator
    Good Guru
    Schotty's Avatar
    Join Date
    Jul 2001
    Location
    Milwaukee, WI
    Posts
    5,760

    Re:Speed Stream 5861

    Set in the router the rules. I have a speed stream 5861, so i am familiar with the type of equipment you got. What we do here is forward entire IPs to the servers (we got a 5 ip block), and firewall from there. The natted machines on the gateway have no real way of getting hacked behind the firewall/gateway so those are left alone, but each server with direct access to the net is firewalled and filtered like all hell.

  5. #5

    Re:Speed Stream 5861

    Andrew that is sweet that you have one of these. Ok, in a few minutes I am gonna paste the settings and you can tell me where I went wrong. I did it all by command line so I hope you did it the same way.

  6. #6

    Re:Speed Stream 5861

    Here are the settings. The * are numbers but are I just put them in there to protect the innocent. Can you see anything wrong?
    GLOBAL BRIDGING/ROUTING SETTINGS:
    Bridging enabled..................... no
    Exchange spanning tree with dest... yes
    Bridge only PPPoE with dest........ no
    IP Routing enabled................... yes
    Multicast forwarding enabled....... no
    Firewall filter enabled ........... yes
    Directed Broadcasts Allowed........ no
    RIP Multicast address.............. default
    VRRP Multicast address............. default
    IPX Routing enabled.................. no

    ETHERNET INFORMATION FOR <ETHERNET/0>
    Hardware MAC address................. 00:20:6F:13:34:F5
    Send IP RIP to the LAN............... rip-1 compatible
    Advertise me as default router..... yes
    Process IP RIP packets received...... rip-1 compatible
    Receive default route by RIP....... yes
    IP address translation............... no
    IP filters defined................... no
    IP address/subnet mask............... 192.168.21.1/255.255.255.0
    Management IP address/subnet mask.... 0.0.0.0/0.0.0.0
    Static Ethernet routes defined....... none
    Virtual Ethernet routes defined...... none
    IPX External network number.......... 00000000
    IPX Frame type....................... 802.2
    MTU.................................. default
    # rem list
    INFORMATION FOR <internet>
    Status............................... enabled
    Interface in use..................... HSD
    Protocol in use...................... RFC1483 (SNAP) - MAC Encapsulated Routin
    g
    ATM traffic shaping...................no
    Connection Identifier (VPI*VCI)...... 0*35
    IP address translation............... on
    Server(s) (IP Translation) ........ 192.168.21.200 proto-TCP port-22
    IP filters defined................... no
    Send/Receive Multicast............... off
    Block NetBIOS Packets................ on
    Source IP address/subnet mask........ 66.*.*.*/255.255.255.248
    Remote IP address/subnet mask........ 0.0.0.0/0.0.0.0
    Management IP address/subnet mask.... 0.0.0.0/0.0.0.0
    Send IP RIP to this dest............. no
    Send IP default route if known..... no
    Receive IP RIP from this dest........ no
    Receive IP default route by RIP.... no
    Keep this IP destination private..... yes
    Total IP remote routes............... 1
    0.0.0.0/0.0.0.0/1->66.*.*.*
    IPX network number................... 00000000
    Use IPX RIP/SAP (negotiate with PPP): yes
    Total IPX remote routes.............. 0
    Total IPX SAPs....................... 0
    Bridging enabled..................... no
    Exchange spanning tree with dest... no
    Bridge only PPPoE with dest........ no
    mtu.................................. 1500
    # system list
    GENERAL INFORMATION FOR <>
    System started on.................... 10/16/2002 at 7:55
    Authentication override.............. none
    WAN to WAN Forwarding................ yes
    Block NetBIOS Default................ no
    BOOTP/DHCP Server address............ none
    Telnet Port.......................... default (23)
    Telnet Clients....................... LAN
    SNMP Port............................ disabled (0)
    SNMP Clients......................... LAN
    HTTP Port............................ default (80)
    HTTP Clients......................... LAN
    Syslog Port.......................... default (514)
    Allowed Syslog Servers............... LAN
    Default Syslog Servers............... none
    System message:
    Security timer....................... 10 minutes
    One WAN Dial Up...................... no
    Management feature................... 0
    Rip timer............................ 30
    Backup............................... no (no valid remote profile is enabled)
    Retry Interval In Minutes.......... 30
    Stability Interval In Minutes...... 3

  7. #7
    Moderator
    Good Guru
    Schotty's Avatar
    Join Date
    Jul 2001
    Location
    Milwaukee, WI
    Posts
    5,760

    Re:Speed Stream 5861

    Yeah, I preferred the command line simply because the sofware is for winderz only.

    Well, after reading up a bit in their manual, I can reccomend one really easy way to handle this. Since it appears that you are using a setup similar to this : (beware -- bad artwork)

    dsl -> 5861 -> Lan (3 PCs, 1 Server)

    I would do this -- in the built in sofware, turn on the firewall and do the usual blocking. Now setup hostmapping for the server. And setup the firewall rules accordingly.

    Now, your workstations will by default be able to access the net (if you enable nat). I personally hated dealing with the dhcp server, mainly because I hate dhcp in the first place. So I disabled mine. And my 5861 used 192.168.254.0/24 as the default subnet, with .254 as the 5861 unitself.

    I have currently 2 nodes connected -- a mail server and my gateway. The mail server is setup with hostmapping, the gateway isnt yet, although I may add it at a later time. The firewalls on each unit filter appropriately for each duty -- mail server only needs mail, gateway more stuff, but no mail -- yadda adda...

    My suggestion is similar. Once you have the natting in place the workstations will be able to do their work. restrictions can be added with a firewall/proxy. For the server -- well the same thing. And since you can setup the server to accept ssh quite easily, the rest is history.

    For the ssh session from outside the LAN, say you were given 1.1.1.1/32 as your IP. you can do an (assuming the server is 192.168.254.1):

    Code:
    system addHostMapping 1.1.1.1 1.1.1.1 192.168.254.1
    save
    reboot
    and a

    Code:
    ssh 1.1.1.1
    will get thru to the server provided that the source IP isnt firewalled, and you are setup to go thru port 22 (ssh can be remapped to an alternate port)

    Does that suit what you need?



  8. #8

    Re:Speed Stream 5861

    Thanks Schotty, I will give it a shot as soon as it lets up here. Let you know how it goes.

  9. #9
    Moderator
    Good Guru
    Schotty's Avatar
    Join Date
    Jul 2001
    Location
    Milwaukee, WI
    Posts
    5,760

    Re:Speed Stream 5861

    Hehehe, I know that feeling. Gimme a hollar if you need anything. I live in hell ... ahem work. ;D

  10. #10
    Moderator
    Good Guru
    Schotty's Avatar
    Join Date
    Jul 2001
    Location
    Milwaukee, WI
    Posts
    5,760

    Re:Speed Stream 5861

    How did it turn out (if anything yet) ?

Similar Threads

  1. FC4 Stream recording
    By GastonV in forum Linux - General Topics
    Replies: 3
    Last Post: 11-08-2005, 08:11 PM
  2. Playing asf stream in mplayer
    By cloverm in forum Linux - General Topics
    Replies: 2
    Last Post: 12-24-2004, 03:50 AM
  3. Real Player -- Firefox 0.9.3: No Matching Stream
    By shebang in forum Linux - Software, Applications & Programming
    Replies: 2
    Last Post: 10-01-2004, 12:19 PM
  4. Speed up VNC
    By Blaqb0x in forum Linux - Software, Applications & Programming
    Replies: 1
    Last Post: 10-11-2002, 05:47 PM
  5. Need 4 Speed
    By coltrane in forum Announcements and Suggestions
    Replies: 2
    Last Post: 12-31-2001, 08:45 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •