I thought I would write down my understanding of computer networking since so much of this blog has been and will continue to be about using virtual machines. My basic understanding is built on what I have learned from the manuals and from messing with things and trying to get servers to work to I could communicate with virtual machines from outside. I believe networking is a good thing to get to know because it helps with a basic understanding of firewalls as well. I am not professionally trained so my terminology may be way off and I certainly welcome any comments or suggestions or clarifications.
Each computer has an IP address that is used to identify it on the inter- and intra- net. This IP address is supplied by your service provider. To find it, go to whatsmyip.org and your address will be at the top of the screen. If you want to communicate with your computer from another location then this is the address that you would you use. It's pretty easy, as long as you are using only one computer at your house...
The complication arises when you have more than one computer, or you begin using virtual machines, which present themselves to your computer, or Operating System to be more precise, as a separate entity. As I learned when trying to set up Host Interfacing and give my virtual machine it's own IP address, most people are allowed only one IP address by their provider. This is where networking comes in - network addresses are then used and all information is passed through a single entity, be it a computer or router, to all the other operating systems. Therefore, any network computer has basically two addresses - the outside the network address, which is essentially shared with all the other computers on the network, and the inside the network address, which is unique among all the computers on the network. To find an OS's inside address you just open a console/ command prompt and type ipconfig for windows and ip addr for linux. The result will usually be something like 192.168.X.X. All the computers in the network will share the first three numbers and then be identified by the last three.
Whereas your provider assigns you your outside IP address, your network address is assigned by a server inside the network, through which all internet traffic passes. This server usually resides inside a router, but in the case of virtual machines it can also be a program. It is referred to as a DHCP server, and it provides each computer with an IP address and then routes any information that is specified for a certain address, usually by port forwarding, to the specified OS. Therefore, when communicating with a networked computer from outside the network, you still use the outside IP address (whatsmyip.org) that they all share, and then the information is routed by the router to and from the OS to you.
This is where port forwarding comes in. A port is basically a numbered 'plug' in your OS that is used to communicate with other computers. If you have a server or a piece of software that needs to interact with the outside, then it is assigned a port to which to listen and communicate through. Any incoming information that has that port associated with it will be routed to that port on your OS. Many ports are pre-set, such as port 80, which is preset for browser traffic. In order for your OS, be it the host or virtual, to communicate with the outside world a port has to be opened, and then the DHCP server needs to be told to route all information to and from that port to the specified OS.
Forwarding ports through the router/DHCP server can be done in two ways: Port Range Forwarding, which all router software supports, and Port Forwarding, which more expensive routers support - or third party firmware like DD-WRT. Port Range Forwarding allows you to select either a single port or a range of ports and directly forward them to the specified network OS, ie set 9966 on the router to forward to 9966 on 192.168.x.x. Port forwarding allows you to forward a specific port on the router to a specific, and different, port on the specified OS, ie you can set port 9999 on the router to communicate with port 9966 on 192.168.x.x. The latter makes things easier when setting up ssh servers on different computers because it lets you keep the ssh port, 22, open on the network computer but easily change the outside port in the router.
I'll use the ssh server set up on Puppy Linux as an example. This example assumes a virtual machine set up on a host machine that is connected to an external router which is then connected to the internet modem, ie the external (wireless usually) router is where the DHCP server resides and it provides the network IP addresses and handles the port forwarding. In addition, I assume host interface networking is being used in the virualbox virtual machine, as I described in a previous blog, so that the virtual machine has its own network IP that begins with the same three numbers as the host OS and is uniquely identified by the last number, ie the router sees the virtual machine as a completely separate machine. To communicate with the server you would first obtain your outside ip address at whatsmyip.org. Then, find the server's network ip address by typing ip addr in a console inside Puppy. Access your router, usually at 192.168.1.1, and port forward a designated port to the network address you obtained. If you have to use Port Range Forwarding, then I suggest you change the port that the ssh server listens on from inside Puppy and then forward this from the router, such as 9999. With Port Forwarding you would forward a random port, such as 9999, to port 22 on Puppy (192.168.x.x).
To access the server from a different location, ie outside the network, using an openssh commandline interface, you would type:
ssh 12.34.56.789 -l root -p 9999
where 12.34.56.789 is your outside ip address, root is your username and 9999 is the port that you designated on the router.
Actually, it can be a little different in the case of virtual machines inside a computer connected directly to the internet, ie the cable from the modem connects directly to the computer and the virtual machine software, such as innotek's VirtualBox, acts as a DHCP server by providing IP addresses to the virtual machine and routing information. In this case the host computer to which the cable is connected is essentially the router through which ports are forwarded using the command line technique described in VBox's manual, or whatever is described in a particular machines manual for port forwarding.
Some additional considerations: some internet providers will change your ip address at regular intervals. In order to be able to consistently communicate with your machine you either have to keep checking your outside IP address, or you can use a service like Dynamic DNS, which will assign a domain name to you address and then keep track of any changes. Therefore you can always type in the same written address, like mydomain.dyndns.com, and not be concerned about the changing IP address. Dynamic DNS is an easy, useful, and best of all free service.
Also, when communicating between computers on the same network be sure to use the network address, the 192.168.x.x address, so that the traffic is routed through the router at that speed, rather than leaving the network then coming back in. This is useful when you have music on one machine and want to stream it to another. This sounds basic, but I have seen plenty of 'how to's' for music servers that say to access your 'host' computer by using the outside the network address. This ability to communicate between computers within a network is another reason to choose host interface networking when possible, ie when you have an external router handling your internet traffic.
Networking can be further complicated by firewalls, which is outside the scope of this post, so if you are having troubles turn your firewall off and see if that is the source of the problem. Just don't forget to turn it right back on!!
Happy networking!!
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment