Port forwarding and the server-side firewall

This section details how to configure port forwarding with a server-side firewall.

Having a server side firewall is the typical configuration on many systems. There is only one method for doing this, whether you use telnet or ssh: map a port to be forwarded to the server in the firewall router. It is not advised that you use telnet from the Internet for security reasons; that is usually why you have a firewall.

Decide which method of connectivity will be allowed, and determine what port you will use to forward to this service. If there is only one server involved, you can use port 22 for ssh or 23 for telnet and forward them straight through to the server. But if there are several servers involved and they do not have public IP addresses, you will need to pick different ports on the firewall router and let the router forward those ports to the different internal servers.

See Figure 1 for an example of how to do this for a telnet connection. Notice that the returning GUI path doesn't require any special handling unless there is a client side firewall. For details on this see the Client Firewall section.

Figure: Connection to server side firewall


This figure shows SSH communication flow between a workstation and two servers with a server side firewall.

See Figure 2 for an example of how to do this using ssh with port forwarding.

Figure: Connection to Server side firewall with port forwarding


This figure shows SSH communication flow between a workstation and two servers with a server side firewall and port forwarding.

The client GDC would connect to the server firewall router on port 3000 to access server 1, and port 3001 for server 2.We chose these ports arbitrarily; almost any port could be used. Numbers below 1024 are reserved for well-known services, so choose numbers above 1024.

Using port forwarding will work without modification because the GUI interface is tunneled through the initial connection, and the port it tells the server application to use is a local port to the server. Of course, the same methods as above must be used if there is more than one server.

Using telnet or non-port forwarded ssh will work also, because connections for the GUI originating from behind the server firewall will be allowed out without special mapping. If there is a client side firewall as well, see client side firewall configuration.

Example:

We have two servers that will be accessed via clients somewhere on the Internet. They will use ssh2 with port forwarding to simplify client set up and keep things secure. The firewall on the server side has an IP address of 192.168.50.2 (only valid for this example). We have mapped the two servers:
213.39.41.73:3000 -> 10.1.50.23:22213.39.41.73:3001 -> 10.1.50.14:22

The GDC client will need to be configured as well:

Figure: Showing configuration for access to Server 1


This figure shows panel three of the Genero Desktop Client shortcut wizard, with SSH2 selected and port 3000 specified in the Specific port field.

Figure: Showing configuration for access to Server 1


This figure shows panel four of the Genero Desktop Client shortcut wizard, with Fixed Port selected and port number 29000 specified.

Figure: Showing configuration for access to Server 2


This figure shows panel three of the Genero Desktop Client shortcut wizard, with SSH2 selected and port 3001 specfied in the Specific port field.

Figure: Showing configuration for access to Server 2


This figure shows panel four of the Genero Desktop Client shortcut wizard, with Fixed Port selected and port number 29000 specified.

Figure 3, Figure 4, Figure 5 and Figure 6 show how to access each server by specifying the appropriate port for each, one with 3000, the other 3001. This will allow the firewall router on the server side to direct each to the appropriate server. The IP address used would be the IP of the router.

Keep in mind that if you have two users accessing the same server, you must manually select a different port forward number to keep them unique. See Possible Configuration Problems.