Allow connections between "outside" and a device directly connected to "main computer"?
by somanyquestions from LinuxQuestions.org on (#5N0HW)
Imagine a little 1-board computer with Linux, running as USB ethernet gadget, connected to a bigger Linux computer's USB host port. So there is a network connection.
I was so far working with an SSH tunnel connection to be able to SSH into the little computer from the "outside world", via the "main computer"'s connection to a switch.
Creating this tunnel connection is an extra burden for the client, though. And it appears not to allow UDP connections.
I have searched a bit about other ways of doing that without the SSH tunnel, and more universally.
I.e. optimally, the "main computer" would provide an IP address for reaching services running directly on it with TCP, UDP, SSH/SCP; and another IP address for reaching the "little computer" that's USB-connected to it, with all those protocols - and this internal connection being invisible to the outside. As if the "main computer" had 2 addresses on the same LAN jack - not necessarily in the same subnet.
I have found some topics that seem relevant - but I'm not exactly an admin, and I'm not sure I understood the relations between those things completely.
- NAT - to be set up with iptables
- routing, e.g. with ip route command
- MACVLAN in passthru mode
*If* I got it correctly, the last two won't completely help me, unless the "little computer" and the internal interface it's connected to have IPs already in the wanted subnet - and routing will just make them "findable" from the outside?
(it may be necessary that the little computer be in a different subnet from the main IP of the main computer)
So there is no way around using NAT? iptables seems not to be available in BusyBox, on which the "main computer"'s Linux is based, which is why I was shying away from it. Perhaps it can be added.
I would prefer minimalist solutions that don't require special software to be installed, anyway.
I was so far working with an SSH tunnel connection to be able to SSH into the little computer from the "outside world", via the "main computer"'s connection to a switch.
Creating this tunnel connection is an extra burden for the client, though. And it appears not to allow UDP connections.
I have searched a bit about other ways of doing that without the SSH tunnel, and more universally.
I.e. optimally, the "main computer" would provide an IP address for reaching services running directly on it with TCP, UDP, SSH/SCP; and another IP address for reaching the "little computer" that's USB-connected to it, with all those protocols - and this internal connection being invisible to the outside. As if the "main computer" had 2 addresses on the same LAN jack - not necessarily in the same subnet.
I have found some topics that seem relevant - but I'm not exactly an admin, and I'm not sure I understood the relations between those things completely.
- NAT - to be set up with iptables
- routing, e.g. with ip route command
- MACVLAN in passthru mode
*If* I got it correctly, the last two won't completely help me, unless the "little computer" and the internal interface it's connected to have IPs already in the wanted subnet - and routing will just make them "findable" from the outside?
(it may be necessary that the little computer be in a different subnet from the main IP of the main computer)
So there is no way around using NAT? iptables seems not to be available in BusyBox, on which the "main computer"'s Linux is based, which is why I was shying away from it. Perhaps it can be added.
I would prefer minimalist solutions that don't require special software to be installed, anyway.