3

I have a local network built up with 8 computers connected to switch. Main node has a public IP, so I can ssh it from external network. Is it possible to access other 7 nodes without assigning public IPs to them?(access them from the node that has public IP) I don't have access to the switch terminal.

Improve this question
3
  • Could you give more specifics on addressing in this network. One computer has public IP. OK. What IP other computers have and can they talk to computer with public IP by any means? What operating system they run?
    – VL-80
    Commented Aug 8, 2013 at 15:56
  • One computer has a public IP. I can connect to it externally, but when I try to ping other computers I get no results. Other computers have 10.10.3.xx IPs and I can ping the public IP, but when I try to ssh it I get error "port 22: No route to host". They all run Raspbian.
    – mnaskret
    Commented Aug 9, 2013 at 14:14
  • OK. See my update in the answer
    – VL-80
    Commented Aug 9, 2013 at 15:24

3 Answers 3

Reset to default
1

Yes. This is possible. If you want to just SSH to them you could first SSH to the computer with the public IP address from an external network and from that computer establish SSH connections to the computers in the internal network, providing no connectivity issues.

Also there is NAT. With NAT it is possible to do more complex setup for accessing internal networks from an external one.

How to setup NAT in Windows

How to setup NAT in Linux

Port forwarding

UPDATE

Based on what you said in the comments, you want the computer with the public IP address to act as a router, so that it would be able to talk to 2 networks simultaneously. This can be achieved by creating a virtual interface with an IP address in the range 10.10.3.xx (your internal network). So, it will have access to two networks at the same time.

Next thing to do is to setup NAT/port forwarding (now see links above).

Or, as I said earlier, if you just want to SSH to them - you will be able to SSH to the computer with the public IP, and from there - establish SSH connections to other computers in the internal network. And this should work without setting up NAT / port forwarding.

Improve this answer
0
1

First I hit http://www.IP-DETECT.com to get the public IP being assigned to my network (if you don't have it already).

Then you can use port-mapping feature in your firewall to get to each machine behind the single public IP address. Map SSH on each workstation to a unique port such as 8123, 8124, 8125. This is the same way web traffic is returned to 100 computers sitting behind one public IP address. Each computer surfing the web (outbound port 80), the return traffic session goes to a port that is NATed to the private IP of the internal computer.

Hope this helps!

Improve this answer
4
  • This question was asked and answered over 3 years ago. What does your answer add that wasn't addressed in the original accepted answer?
    – music2myear
    Commented Jan 30, 2017 at 22:32
  • Free remote admin tools such as LogMeIn.com and Join.me essentially handle this port mapping for you. If you don't wish to use a tool like that and want to 'natively' access each computer, then map each internal private IP to a port on the firewall. So that way your single public IP address can be used to access each internal computer.
    – Tilmen
    Commented Jan 31, 2017 at 18:05
  • As an example: Your public IP on the external interface of your firewall is 8.8.8.8 and your private IP addresses for three of the workstations are 10.10.10.1, 10.10.10.2, 10.10.10.3. To begin mapping ports to computers on your firewall you would make a rule such as: 8.8.8.8 on port 999 --> 10.10.10.1, port 80
    – Tilmen
    Commented Jan 31, 2017 at 18:08
  • I see what you're saying, but that information was already included in the existing accepted answer, your example about how existing support tools can do this automatically is misinformed (you still need to punch through the router using rules unless you're using a public server. LogMeIn only works using a public server that knows how to reach a client always running on your local computer), and finally, using 8.8.8.8 as a public IP example is rather unwise, as is the 10.10.10. range for private IPs. 8.8.8.8 is Google's public DNS, and the 10.10.10 range is often used by Comcast for modem IPs.
    – music2myear
    Commented Jan 31, 2017 at 18:30
0

Only solution, except exotic port-redirection @ main host ( the one allready reachable via it's public IP ), is the one you said: access them from the "public node".

Another solution would be using the "public node" as VPN concentrator and then reach the hosts via their local IP.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .