FTPD & SSHD server
bsilver at chrononomicon.com
Sun May 23 07:29:42 PDT 2004
On May 23, 2004, at 10:04 AM, Andri Kok wrote:
> Hello fellas,
> I have FTPD and SSHD running. The way enabled it was by uncommenting
> lines in inetd.conf. Now, If I access it from the outside (school's
> lab to my home computer, we have static IP) it works. But If my
> friends try to access it from the local network, it doesn't work
> (Using windows). I set up my server using a DHCP assigned IP address
> (C class), and the router that I use is the default router from my
> adsl modem. Should I use the server as the gateway as well?
> suggestions? TIA guys =)
You mean if your friends try accessing the server from the *internal*
network it won't let them, but from the outside world going into the
server it works fine?
A) Did you verify the IP address they are connecting to is the actual
internal IP the server has?
B) Is the server set to reject certain IP addresses from accessing
C) What do the logs have to say about the connection attempts?
If *I* were setting it up, I'd advise not having the server set up
using DHCP internally. Set the server system to a static IP outside of
the router's DHCP range, then make sure the port forwarding on the
router is set up properly to forward those protocols to the internal
server's static IP address. Only the router would be the gateway, as
it is what is handling the routing of packets to the Internet (Unless
you're setting up your BSD system to act as a proxy server with
something like Squid...but I think that's outside the scope of your
I've seen this setup several times...you have a static IP as seen from
the Internet (actually it hits a router/NAT/soho device just behind the
cable modem or DSL modem); that device is set to forward certain
services to internal machines. Those machines should have static
addresses to prevent the server from "wandering" if the DHCP address
changes for some reason. Leave the DHCP to be sent to visiting
machines and non-server workstations on the internal network...if you
don't have a reason for them to constantly keep the IP, then they're a
candidate for DHCP (advice? Don't do it unless you have notebook PCs.
Home and small networks usually don't present such a management
quagmire that it's too difficult to keep static IPs on them. I
personally have my internal computers set to static IPs with a DHCP
server handing out only a narrow number of IPs for the visiting laptops
I use from work and the occasional playing with the PDA with wireless
access...it's much easier to see if another system is hopping the
network when an "alien" MAC address shows up in the logs; that's just
my personal take on it though).
Hope that helps...if you can, try posting errors from the server logs
if the above suggestions don't help you.
More information about the freebsd-questions