I'd like to access my home linux box from the internet.  I want
HTTP,SSH, ftp and VNC (http://www.uk.research.att.com/vnc/index.html).
 My setup is:
  - BT (UK) ISDN Home Highway
  - my ISP is http://www.surfanytime.co.uk/ (24x7 fixed price)
  - I have 3 machines behind a CISCO 803 ISDN router
  - The machine I want to access is running RedHat Linux 7.2
  - I have an account at www.no-ip.com if that helps
  - The router generally times out from its internet connection after
2 min. inactivity, but I could keep it connected.

I am NOT very skilled with the CISCO router, so fairly detailed
instructions are required.  I can telnet to it and issue commands but
I don't really know what I am doing.

I'll configure it for you if you like 
or i could give you the instructions so you can do it yourself 
if you would like instructions then i will need to know the ip address
of the linux box and a few other details

hope to hear from you soon 
Andrew

Andrew,

I'd rather do it myself so I learn how.  The box I want to access is
known on my little network as 192.168.0.2.  It does not have a 'real'
IP address, that is what  I was going to use no-ip.com for.  BTW I
have managed to telnet to my router via no-ip.

What else do you need to know ?

(note that I will be away on Tues/Wed this week, so you I won't be
able to try anything those days).

JEC

This is pretty straight forward... we may need some more information
from your router to be able to do this... but assuming that you keep
it connected to the internet and that you have the no-ip account (i.e.
that you some way of knowing the 'outside' address of the router)

1.)  You should run NAT on the router... I am assuming that you
already do this if you can browse the web from all three systems that
you have connected.

2.)  You should add a static nat translation to the router to forward
traffic  for the three services that you want to the system you want
it to go to... it would look something like this.  (Change the dialer
0.3 to be what ever dialer interface that you are using)

ip nat inside source static tcp 192.168.0.2 80 interface dialer 0.3
ip nat inside source static tcp 192.168.0.2 22 interface dialer 0.3
ip nat inside source static tcp 192.168.0.2 21 interface dialer 0.3
ip nat inside source static tcp 192.168.0.2 20 interface dialer 0.3

And then one more for whatever port/port that VNC needs open...


That should pretty much do it.

Well, it did not quite work - at least I don't think so.

I entered the commands ALMOST as you said:
>telnet 192.168.0.1  (my router)
>(enter password)
>en
>(another password)
>conf t  (not sure why, but someone once told me to do this)
>ip nat inside source static tcp 192.168.0.2 20 interface Dialer1 20
(note the syntax is a little different than you suggested, your syntax
came back with 'incomplete command', this one stuck and is visible if
I run 'sh run'
>...repeat for port 21, 22,80, 5900, 5901 (see VNC FAQ section)
>end

RESULTS:
[coboj@oregon bin]$ ping coboj.zapto.org
PING coboj.zapto.org (62.60.44.107) from 192.168.0.2 : 56(84) bytes of
data.
64 bytes from modem-107-44-60-62.vip.uk.com (62.60.44.107): icmp_seq=0
ttl=255 time=1.567 msec
   PING LOOKS PROMISING

[coboj@oregon bin]$ telnet coboj.zapto.org
Trying 62.60.44.107...
Connected to coboj.zapto.org.
Escape character is '^]'.


User Access Verification

Password: 
Cisco803>
      THIS IS NOT CORRECT AS TELNET IS TO THE ROUTER, NOT THE LINUX
BOX

[coboj@oregon bin]$ ssh coboj.zapto.org
Secure connection to coboj.zapto.org refused.
[coboj@oregon bin]$ ftp coboj.zapto.org
ftp: connect: Connection refused
ftp> 
       NOT RIGHT EITHER.  I CAN SSH AND FTP TO 192.168.0.2 FROM MY
LOCAL NETWORK.  IS THERE SOME SECURITY TRICK AT WORK HERE ?

VNC DID NOT FIND MY SERVER AT ALL.

What next ?

John C.

----- the cisco config -----------------------------------------
-----ps. can one edit the config in vi or something or is it best to
enter commands one line at a time as I have ???
------------------------------------------------------------------------------

Current configuration:
!
version 12.0
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Cisco803
!
enable password 7 14141B180F0B
!
!
!
!
!
!
pots country US
ip subnet-zero
!
no ip domain-lookup
isdn switch-type basic-net3
!
!
process-max-time 200
!
interface Ethernet0
 description connected to EthernetLAN
 ip address 192.168.0.1 255.255.255.0
 no ip directed-broadcast
 ip nat inside
!
interface BRI0
 description connected to Internet
 no ip address
 no ip directed-broadcast
 ip nat outside
 encapsulation ppp
 dialer rotary-group 1
 isdn switch-type basic-net3
!
interface Dialer1
 description connected to Internet
 ip address negotiated
 no ip directed-broadcast
 ip nat outside
 encapsulation ppp
 no ip split-horizon
 dialer in-band
 dialer string 08089933036
 dialer hold-queue 10
 dialer-group 1
 no cdp enable
 ppp authentication chap pap callin
 ppp chap hostname ganff56321
 ppp chap password 7 1310051D1D09162B26
 ppp pap sent-username ganff56321 password 7 03114904100A334D43
!
router rip
 version 2
 passive-interface Dialer1
 network 192.168.0.0
 no auto-summary
!
ip nat inside source list 1 interface Dialer1 overload
ip nat inside source static tcp 192.168.0.2 5901 interface Dialer1
5901
ip nat inside source static tcp 192.168.0.2 5900 interface Dialer1
5900
ip nat inside source static tcp 192.168.0.2 22 interface Dialer1 22
ip nat inside source static tcp 192.168.0.2 21 interface Dialer1 21
ip nat inside source static tcp 192.168.0.2 20 interface Dialer1 20
ip nat inside source static tcp 192.168.0.2 80 interface Dialer1 80
no ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
!
access-list 1 permit 192.168.0.0 0.0.0.255
dialer-list 1 protocol ip permit
snmp-server engineID local 00000009020000B0C28AF4CE
snmp-server community public RO
!
access-list 1 permit 192.168.0.0 0.0.0.255
dialer-list 1 protocol ip permit
snmp-server engineID local 00000009020000B0C28AF4CE
snmp-server community public RO
!
line con 0
 exec-timeout 0 0
 password 7 06140A255F4510
 login
 transport input none
 stopbits 1
line vty 0 4
 password 7 04490E021C2A55
 login
!
end

Sorry it has taken me so long to reply,  okay as for telnet not
working that is easy,  you don't have an inside statement for port 23,
as a mater of fact you may not want to have one since that you would
cause you not to be able to telnet to your router,  the second
quesiton is are you sure that you don't have some sort or firewall or
soemthing in place that denies traffic from the outside world to your
box.

It is important to realize that the traffic will still have an outside
world source address the NAT will only change the dest address.

Also,  when posting copies of your router config please take out the
text afer password and enable password as they can be decrypted with
great ease and some one could easily take control of your box.

You should now change the console password and get rid of the enable
password and use an enable secret instead.

OK, I'll start the messing around with firewalls, etc. but that is
another matter.  Consider this question answered.

It has taken me a long time to reply because many attempts to log into
google answers have been met with - 'our servers are down....', then
we had a huge storm and no electricity !

JC