Questions

Access internal IP remotely

Tags:
+
0 Votes
Locked

Access internal IP remotely

mellow52
I have twelve HP DL360 G5 servers (small animation render farm) and one of them is the main DHCP / file server. This rack is home based so FIOS home with a dynamic external IP. I use DYNDNS and it works perfect to access the DHCP server but I am wondering how do I access the other servers iLO internal ip's to turn them on or off remotely?

Thanks!
  • +
    0 Votes
    cmiller5400

    Do those servers have "public" IP's as well or are they behind a firewall? If they are behind a firewall, you have a few options. Port forwarding or VPN. It all depends on what networking hardware you are running.

    +
    0 Votes
    mellow52

    Only my DHCP / File Server has a public IP the others all have private IP's for their iLO and sits behind a firewall. So if I understand you correctly the best practice is to VPN in and then control them via the private iLO IP's? I am not sure I want to open ports to them even if it is only to the mangament nic / iLO.

    +
    0 Votes
    robo_dev

    In order to access the DHCP server, there must be a firewall rule that does two things, it opens a port for communication and sends external communication to the internal IP address of the server.

    So, let's say you were using VNC at port 9000 to goto your DHCP server with an IP address of 192.168.0.2. In a Cisco router you need a rule to open port 9000 inbound and a second NAT (network address translation) rule so requests hitting the WAN interface goto the LAN IP of your server.

    Most standard home routers let you do the same thing, typically you have to define a 'custom service or program' (opening the Port) and then assign what LAN IP address gets that service (the NAT rule).

    In the case of multiple servers, you would have to open more ports, or else use a single device (or server) to control the other devices.

    If you want a solution that's bulletproof and secure, there are KVM-over-IP solutions from MiniComm or Raritan that give you BIOS-level remote access to servers from one device...this lets you actually remotely reconfigure BIOS settings or reboot a really-locked-up server remotely...and they are secure and require nothing to be loaded on each server.

    In the example listed above where you were using VNC, you would need to open up a port for each server and have a NAT rule for each server (port 9001,9002, 9003, etc.). Then remotely, it's just a matter of pointing to the correct port number in whatever app you use to do remote control.

    +
    0 Votes
    mellow52

    Thanks. The servers sits behind a LINKSYS VPN Router (RV082) using its firewall. Because this rack sits at my home office and I did not spring for the FIOS buisness my FIOS home has a dynamic WAN IP that I solve by using DYNDNS and I can open and access my "Remote Workplace" by using my DYNDNS name https://*********.gotdns.com/Remote.

    I think I will just setup a VPN on my laptop and then access and control the local iLO IP's that way. Seem to be the most simple, secure and cost effective way.

  • +
    0 Votes
    cmiller5400

    Do those servers have "public" IP's as well or are they behind a firewall? If they are behind a firewall, you have a few options. Port forwarding or VPN. It all depends on what networking hardware you are running.

    +
    0 Votes
    mellow52

    Only my DHCP / File Server has a public IP the others all have private IP's for their iLO and sits behind a firewall. So if I understand you correctly the best practice is to VPN in and then control them via the private iLO IP's? I am not sure I want to open ports to them even if it is only to the mangament nic / iLO.

    +
    0 Votes
    robo_dev

    In order to access the DHCP server, there must be a firewall rule that does two things, it opens a port for communication and sends external communication to the internal IP address of the server.

    So, let's say you were using VNC at port 9000 to goto your DHCP server with an IP address of 192.168.0.2. In a Cisco router you need a rule to open port 9000 inbound and a second NAT (network address translation) rule so requests hitting the WAN interface goto the LAN IP of your server.

    Most standard home routers let you do the same thing, typically you have to define a 'custom service or program' (opening the Port) and then assign what LAN IP address gets that service (the NAT rule).

    In the case of multiple servers, you would have to open more ports, or else use a single device (or server) to control the other devices.

    If you want a solution that's bulletproof and secure, there are KVM-over-IP solutions from MiniComm or Raritan that give you BIOS-level remote access to servers from one device...this lets you actually remotely reconfigure BIOS settings or reboot a really-locked-up server remotely...and they are secure and require nothing to be loaded on each server.

    In the example listed above where you were using VNC, you would need to open up a port for each server and have a NAT rule for each server (port 9001,9002, 9003, etc.). Then remotely, it's just a matter of pointing to the correct port number in whatever app you use to do remote control.

    +
    0 Votes
    mellow52

    Thanks. The servers sits behind a LINKSYS VPN Router (RV082) using its firewall. Because this rack sits at my home office and I did not spring for the FIOS buisness my FIOS home has a dynamic WAN IP that I solve by using DYNDNS and I can open and access my "Remote Workplace" by using my DYNDNS name https://*********.gotdns.com/Remote.

    I think I will just setup a VPN on my laptop and then access and control the local iLO IP's that way. Seem to be the most simple, secure and cost effective way.