我有一个静态 IP 和 ADSL 路由器,连接到一个 linksys 无线路由器,我的所有机器都连接到该路由器。我想在其中一台机器上设置 SVN,并提供 SSH 访问权限,我的网络外的用户应该可以访问该访问权限。这可能吗?即使只是通过 Web 进行 SVN 访问也应该没问题。请告诉我要实现这一点需要做哪些事情?我在一台 iMac Leopard 机器和另外两台 Win 7 32/64 位机器上运行着 Ubuntu VM。我可以在另一台机器上设置独立的 Ubuntu 或 Win XP。
如果需要的话,请给我提供端口转发的指针,因为我完全不知道如何去做。
谢谢,拉贾。
编辑:
Thanks for the detailed explaination. I tried to setup the ssh first to my mac machine itself instead of VM. Here is currentconfiguration: DSL Router IPv4 Address: 192.168.1.1 Linksys Wireless Router connected to it has IPv4 Address: 192.168.0.1 and same subnet mask 255.255.255.0 as above
Now I have assigned my Mac an IP of 192.168.0.20 and Default Gateway as 192.168.0.1
I enabled SSH in MAC and am able to SSH from another machine locally. ssh [email protected] works.
I have enabled port forwarding on 22 in Linksys router but still I am not able to do ssh raja@publicip Where am I going wrong or what else needs to be done?
答案1
If you have a generic setup for SSHD, it's just a matter of telling your Linksys router to forward TCP port 22 to the IP you want access to internally, then from the outside ssh to the static IP, and you'll want to have the machine internally running ssh to have a static IP assigned, not a dynamic (DHCP) address.
Personally, I would change the port to another port not used on your machine, as a nonstandard port makes it more difficult for bots to scan you (And it will happen). But that's up to you. If you use the standard port, you need to be more careful with passwords and usernames, and don't allow root to log in to that port, and you may want to consider installing Denyhosts to block ip's that give an incorrect password 3 times automatically.
Make sure your VM (I assume that's where you are running sshd?) is assigned it's own IP and is using bridged networking so it's not natted twice. That's asking for a world of hurt (nat behind the router, then natted again behind the Leopard machine's VM software). Bridged networking makes the machine appear as if it were another physical machine in your network from the logical view.
You don't necessarily need to set up ssh on the server to a nonstandard port...you could set up a nonstandard port on the router to forward to the internal machine's port 22, if your router supports non-one-to-one mapping (i.e., forward external port 26 to internal port 22 on 192.168.xxx.xxx...), so that only machines outside your network need to use the nonstandard port assignment. But my personal preference is to alter the SSH port on the inside just to tick off bot-scanners.
To sum up...tell your linksys to forward port 22 (or what you choose to use) to your VM's IP. I recommend using a different port, though. Make sure your internal VM machine is using a static, not DHCP, ip address on your internal network, so reboots don't break the forwarding map. Then it's a matter of ssh'ing to your external static IP from an external system to test it. I also recommend using denyhosts if you stick with default port 22 to ban probes. Make sure your VM instance is running bridged, not NAT, networking on the host computer.