40m QIL Cryo_Lab CTN SUS_Lab TCS_Lab OMC_Lab CRIME_Lab FEA ENG_Labs OptContFac Mariner WBEEShop
  ATF eLog  Not logged in ELOG logo
Message ID: 2173     Entry time: Tue Aug 29 20:59:11 2017
Author: awade, Jon 
Type: Lab Infrastructure 
Category: Computing 
Subject: Setting up a gateway PC 

Jon has been working on getting a gateway PC set up again so that we can ssh into the lab from outside the ATF network.  

The old gateway computer has died. It looks like a dead power supply. The computer is an old Penguin tower box and is ~10 years old, its probably still good but is a lot of work to find a power supply on line to replace.  Larry Wallace didn't have any power supplies so he gave me a low end dell computer and a spare Ethernet card/usb dongle to use instead.  

Jon installed scientific linux and was trying to pass traffic through the computer from the outside world (from one Ethernet port to the other).  From what I can gather he was able to get pings in and out to the internet but there was a problem with finding a way to configure DNS settings that would allow regular internet use resolving www requests. There isn't really enough support for these types of tasks for the Scientific Linux distribution, so instead we have install Debian and will try to configure that. 

---

I'm now not sure that we want a computer firewall and all the configuration difficulty that entails.  Its possible to configure the Linksys router to forward certain port requests at the outward facing IP address so that they get redirected to ports of particular IP addresses internal to the network. This can be found under the Applications & Gaming tab at the gateway router (10.0.1.1), under UPnP Forwarding ports requested from outside the network can be redirected machines inside the network.  So, for example an outside ssh request to port 1234 can be redirected to port 4321 on machine ip 10.0.1.123.  This is basically what we want, a single machine from which we can ssh to any of the lab computers for offsite maintenance and operation

So to access the ATF subbasement computers you need to know the labs outward facing IP address <IP>, port <port> and password to the gateway machine.  Then simply run

ssh -Y controls@<IP> -p <port>

The -Y here is for window forwarding, you'll need xQuartz if you are on a mac.

These values (including password) can be found in the here in LIGO shared secrets: https://secrets.ligo.org/secrets/170/

If you can't see it you might need to ask someone in person to add you to the view list.

---

Test

ELOG V3.1.3-