help setting up a computer "lab"

[kr4y3]

Hi me and my friend are starting to learn about security so i went out and got 5 computers and installed linux or windows XP on each of them. They are all on my LAN so i have constant access but im not sure how to set it up so my friend can use them like a shell account i guess. I have a Linksys DSL Router going into a Cisco 1900 catalyst hub. (i have a cisco router too but it has the T1 card in it not the DSL one) Pleez help me out thnx. and let me know if i need to explain myself better b/c im obviously not the most articulate

[phishphreek]

Well, you may want to setup something like ssh. It is very similar to telnet except that it is encrypted.
They will run on both the win32 and *nix platforms.

It is pretty easy to setup but it will only give you command line access.
http://www.openssh.com/
http://www.gideonsoftworks.com/SSHHOWTO/SSH-HOWTO.html
http://www.csua.berkeley.edu/ssh-howto.html

If you want something like remote desktop, look into vnc .
http://www.uk.research.att.com/vnc/docs.html

You will want to tunnel vnc over ssh as the vnc traffic is not encrypted.

Oh, ssh runs by default on port 22. You can change this if you want to access more than one machine on your network. You can also tunnel from one machine to another on your network. VNC by default (without ssh tunneling) runs on port 59xx (where the xx is the display number). Use your router to forward to the correct machines and ports of your choice.

j3r explained the router setup much better than I below.

[j3r]

Given that you have a DSL router, I assume you only have one "real" IP address, and are using NAT to let all 5 machines talk to the outside world. If that's the case, read on.

First, make sure DHCP is turned off. You want each machine to have the same IP address each time it comes up. Next, you'll have to use port forwarding to give your friend access to each of the machines inside the network.

Let's say you've got the following setup:

Code:

Your Friend --- Internet --- DSL Router --- Cisco box --- Machine 1
10.2.3.4                     10.3.4.5                  |  192.168.1.10
                                                       +- Machine 2
                                                       |  192.168.1.20
                                                       +- Machine 3
                                                          192.168.1.30

Say you want to give your friend SSH access to each machine. She can't directly see any of the 192.168.1.* machines, since they're hidden behind the DSL router's NAT. However, you can set up the DSL Router to forward packets it receives into the machines inside your network. The way this works in general is that you set up a port to be redirected on the NAT box. When it receives an incoming connection, it passes the packets destined for that port through to a machine on its network. On many routers this is powerful and cool. On Linksys DSL routers, it's... workable.

The downside of the Linksys port forwarding is that if you want to forward requests to port x on the NAT box, they'll only go to port x on the destination machine. This makes if very easy to configure port forwarding for one machine, but hard if you want to do it for many. Because you want to forward the same service (SSH) to multiple machines, you're going to have to use non-standard ports for at least some of them. This means that you're going to have to configure SSH to listen on a different port than the standard (22). Here's a sample configuration that you may wish to consider:
Machine 1 (192.168.1.10) listens on port 2122
Machine 2 (192.168.1.20) listens on port 2222
Machine 3 (192.168.1.30) listens on port 2322
You then set the DSL router to forward port 2122 to machine 1, 2222 to machine 2, and 2322 to machine 3. This way, your friend can connect to machine 3 using SSH, for example, by typing ssh alice@10.3.4.5 -p 2322.

You can access the port forwarding setting by accessing the DSL router via a web browser from the inside of your network. Click the "Advanced" tab (the orange on one the right), then click the "Forwarding" tab.

Good luck!

[kr4y3]

Hey thanks alot for the great info. I think i'll be able to do it now