40m QIL Cryo_Lab CTN SUS_Lab TCS_Lab OMC_Lab CRIME_Lab FEA ENG_Labs OptContFac Mariner WBEEShop
  ATF eLog  Not logged in ELOG logo
Message ID: 2175     Entry time: Wed Sep 6 11:50:12 2017
Author: Jon 
Type: Lab Infrastructure 
Category: Computing 
Subject: Gateway PC set up 

Jon's Edits to Andrew's Setup of the Linksys Router

Andrew is right that the Linksys router (10.0.1.1) can be configured to do everything we want from a gateway, namely providing password-protected ssh access into the LAN machines from the outside while blocking all other ports. I made some minor changes to Andrew's initial setup to balance security with ease of accessibility.

First, I made the Caltech-assigned IP address (131.215.115.216) discoverable on the ligo.caltech.edu network. This makes the gateway pingable, which is useful for determining whether the LAN is down. Note that this gateway is still only discoverable from inside the ligo.caltech.edu network, not from the outer Internet.

Second, I enabled the default port for SSH communications, port 22. I think this is fine security-wise because, again, the machine is only discoverable from within the ligo.caltech network and access is password-protected.

To connect to one of the LAN machines from another machine on the ligo.caltech.edu network with X11 graphics forwarding, you can add this script to your .bashrc file:

connect_onsite()
{
     ssh -Xt controls@<IP> \
     ssh -X controls@10.0.1.XX
}

where 10.0.1.XX is the address of the machine on the local network. You'll be prompted twice for a password, first for the gateway and second for the inside machine.

To connect from outside the ligo.caltech.edu network, forward the connection through a network machine (e.g., I use my office desktop) by adding the line:

connect_offsite()
{
     ssh -Xt USERNAME@MACHINE.ligo.caltech.edu \
     ssh -Xt controls@<IP> \
     ssh -X controls@10.0.1.XX
}
ELOG V3.1.3-