1 hour 18 minutes
Hey, welcome back. Thank you so much for sticking with me in this section Three of the lab we're gonna talk about S H access. Um,
And what the reason why I wanted to do shh access is because we're gonna try toe access something that d m Z.
in order for us to do this, we're gonna need to do something called Port 40.
Or in that which is gonna be network address translation.
And the best way that I think I could describe it to you is
let's say you got three people and these three people are only gonna be together in one location every day.
And the scenario that I'm gonna draw for you is it's a boy
who's in home room
and he's friends
with a girl. And the girl that he's friends with
is friends with a girl that he likes
He was understanding with
the girl that he's friends with,
that he likes her friend
and he wants to give her a note so she can pass that note.
Tow her friend that says, Will you go to prom with me?
Circle Yes or no?
And that's basically what Port Ford and network address Translation comes down to in my mind, and that helped me a little bit. Uh, I know it seems funny, but I'm going somewhere with this
try to access
something in the d m z,
we're not actually going to s h to the target i p address for that asset in the d m Z, but we're gonna have to go through the when interface, and we're gonna have to set up a firewall rules that redirect to the target. I pee on this specific port.
Now, if you're following me, and I hope you are,
what we're doing as that boy with that note in home room is
we're on a certain port or we're in a certain classroom and we're passing a note.
that girl who's your friend knows is not for her, but it's for her friend,
right? And it's almost like this intermediary. She is the firewall. And you're trying to get sshh access to something that is behind her in the d m Z in the home room, which is her best friend, which is something that you like and you want to go to prom with.
I know, it probably sounds funny. I hope it is comical to you. But I also hope that you get some understanding from it, right, that you're not directly accessing that asset in the D m Z or you're not directly access in the person that you like.
You're going through that firewall or that intermediary
friend and she knows, based off of the conversations and the understanding that you have with her that the note is not for her, but it's for
her friend, which you're both gonna see a home room again. Port 22 for s s h is what I'm talking about. So let's actually attempt
a computer in the d m Z. And again, we're gonna do this by trying to go through the when interface. Is that when is what connects us to the d m Z, Right?
So bear with me
and we're gonna We're gonna see that in action.
Now, keep in mind this I p address that I'm typing in is that land interface. It is not the actual target I p address
for the asset in the d. M. Z is We can't get to it that way. We have to go through the land interface. All right, we're gonna notice that we're not getting any action, right? We're not seeing that echo reply that we're hoping for, Right? A Ziff. We were doing a ping, but we're not getting that connection. Even though we
we put in the user name,
you got the i P. Address and we're using the essays protocol. Nothing's happening.
Why? We probably need to create a rule. And that's what we're gonna do while we head back to that Windows eight
box and we're gonna create that rule. We're gonna make our way to firewall go than that rule, and then make sure we're on the choose on the tab port boarding,
and then we're gonna get going here. We definitely don't want this disabled because we want this to work.
I want this to work on the wind interface, which is gonna signify the the friend that knows the boy and knows the girl that we like, right.
Protocols in a state TCP
and the destination port range homeroom is gonna be shh.
The redirect target. I p That's gonna be important. This is where we want that note to go. It's not for her, our friend. It's for her friend. So we want to make sure that she knows that we want to make sure fire will knows. This is well again. I hope you're following me and over getting a good laugh out of this.
So let's go ahead and put in that I p address for the actual target. I pee in the d m Z that we want access to.
I want to make sure that redirect
port is is gonna be s S h and we'll give it up a quick description, right? It's always good to be descriptive. Like I said,
that way we know exactly what we've done. If something comes behind us, they know as well okay, we're gonna save that rule. We're gonna apply that change.
We're gonna make sure
that this is gonna actually work. Now that we applied it,
we're gonna go back to the Callum machine,
and we'll actually try to run that again. Okay,
so let's see what happens
and look at that.
Are you sure you want to continue yes or no? Just like that boy in homeroom past that note
to his friend who's friends with a girl that he likes.
Are you sure you want to go out? Promise me yes or no? Okay. So seems like
we are in a good position
to goto problem with the girl that we like or
in a firewall term, were able to access as it's h right. So we're gonna go ahead and put in that password
and we're in. So I hope that
that gives some credence to how
port forward in
Phil turn in batting outbound on follow works. Um, I know that there's tons of analogies and examples that we can use, but really think about what I said in terms off. Sshh. In terms of
the target, I pee in terms of going through the land interface because that makes the most sense. That's your wide area network. That's how connections air coming in
through your *** z. Think about network address translation again,
we're gonna talk about this much more in depth in section three, and you can always come back thio the lab section 12 and three of the labs
and hopefully have some ah ha moments. Based on some of the things that I've said in Section One
as well as some of the quirky analogies that I've just provided to help you understand the network sorcery That's kind of going on to allow us to have access to things through a firewall and the segments that is created. Thank you so much.
Configuring a Virtual Private Network with OpenVPN Lab
This lab is part of a series of lab exercises intended to support courseware for ...
Configure an FTP Server with Linux
This IT Pro Challenge Virtual Lab has the learner take on the role of a ...
Learn On Demand