Re: ssh to my computer behind NAT

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 2010-03-09 at 00:49 +0300, Hiisi wrote: 
> Dear list!
> I would like to be able to ssh to my home computer located behind my
> ISP' NAT. I know, I can tunnel to it through some middle host and
> actually I'm doing it at the moment. But I'm fancy is there a better
> solution? Is there a possibility of not using any computer at the
> middle to connect to my home system from the outside world? Can I
> connect to it directly using some magic setup? Any thoughts?
> -- 
> Hiisi.
> Registered Linux User #487982. Be counted at: http://counter.li.org/
> --
> Spandex is a privilege, not a right.

You said something about a middle host.  This middle host confuses me.
Is this middle host controlled by the ISP?  What is this middle host?

When I worked for a certain company, I had to ssh to a gateway host.
They didn't want anyone able to ssh directly to their internal LAN.
When you said middle host, I thought of that company and their gateway.

I would be surprised if an ISP requires you to go to a middle host.
I would expect an ISP to use the NAT where only IP addresses change.
I would expect an ISP to forward all ports to your assigned IP address.

If the ISP provided a router to you, that is doing NAT,
you should be able to configure that router to forward your ssh port.

I would not be surprised if a company requires you to go to a gateway.

If it's a company gateway, we mustn't help you defeat their security.

I don't want to discuss whether having a gateway adds to security.
Personally, I believe all devices in the internal LAN must be secure.
I do not believe security can be done solely at the border of a LAN.

Do you control the device that is doing NAT for you or does the ISP?
If controlled by the ISP, did the ISP provide a way to configure it?

As others have said and will say, one needs to have the NAT device
port forward the appropriate port (whatever port you use for ssh)
to your host.


-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux