Am Dienstag, den 09.03.2010, 00:17 -0600 schrieb Rick Sewill: > On Tue, 2010-03-09 at 00:08 -0600, Rick Sewill wrote: > > On Tue, 2010-03-09 at 08:40 +0300, Hiisi wrote: > > > 2010/3/9 Rick Sewill <rsewill@xxxxxxxxx>: > > > > On Tue, 2010-03-09 at 00:49 +0300, Hiisi wrote: > > > >> Dear list! > > > >> I would like to be able to ssh to my home computer located behind my > > > >> ISP' NAT. I know, I can tunnel to it through some middle host and > > > >> actually I'm doing it at the moment. But I'm fancy is there a better > > > >> solution? Is there a possibility of not using any computer at the > > > <--SNIP--> > > > > > > > > If it's a company gateway, we mustn't help you defeat their security. > > > > > > > > I don't want to discuss whether having a gateway adds to security. > > > > Personally, I believe all devices in the internal LAN must be secure. > > > > I do not believe security can be done solely at the border of a LAN. > > > > > > > > Do you control the device that is doing NAT for you or does the ISP? > > > > If controlled by the ISP, did the ISP provide a way to configure it? > > > > > > > > As others have said and will say, one needs to have the NAT device > > > > port forward the appropriate port (whatever port you use for ssh) > > > > to your host. > > > > > > > > > > > > > > You and other, thank for your responses. Sorry I didn't make it clear. > > > I don't have any router. I'm connected to Internet via LAN. My IP > > > address is something like 192.168.3.20 and I use ISP' router IP > > > (192.168.0.1) as a gateway (I don't have any access to the router). > > > So, I decided its called NAT. Am I wrong here? I don't know. I know > > > only that I can't reach my computer from the outside of the LAN. So, I > > > did the following: on the target computer I ran: > > > ssh -R 10002:localhost:22 user@xxxxxxxxxxx (it's a computer somewhere > > > and I have ssh access there) > > > Now I can connect to the target computer in a few steps: > > > 1. connect to middle.host: > > > ssh user@xxxxxxxxxxx > > > 2. and from there: > > > ssh Hiisi@xxxxxxxxxxxxx -p 10002 > > > See, it's not very convenient and I'm not sure whether it's possible > > > to use VNC using this setup (as I would like to). So, is there any > > > better solution? > > > -- > > > Hiisi. > > > Registered Linux User #487982. Be counted at: http://counter.li.org/ > > > -- > > > Spandex is a privilege, not a right. > > > > Your explanation of a middle host is good. > > I didn't understand what you were doing, previously. > > > > Your description of NAT is fine. Your ISP is doing NAT. > > > > My first thought is to say, talk to the ISP. > > The ISP should have a way for you to configure their NAT router > > to forward the ssh port to your host. > > > > I have difficulty thinking why the ISP wouldn't let you configure > > their NAT router to forward the ssh port to your host...unless. > > > > I hadn't thought of it before, but putting customers behind a NAT > > router, and not letting customers configure the NAT router to > > forward ports, might be a way to prevent customers running servers. > > > > Is this what the ISP is trying to do? Stop customers running servers? > > > > If a customer wants to run a server, even an ssh server, > > which is what you wish to do, does the ISP wish to charge more money? > > > > If the ISP is deliberately stopping you, I'd say get another ISP. > > If you can't get another ISP, I don't know what to suggest. > > > > I just thought of another possibility the ISP might be doing. > > Are you, and some other customers of the ISP, sharing the same public > IP address? Doing so would reduce the number of public IP addresses > the ISP would need. I'd be very, very surprised if an ISP did this. > I'd be more than surprised. I'd be shocked. > > > It's usual for ISP to do so, at least outside U.S.A. Public IP4 addresses are scarce even in Germany: German Telekom provides a public IP to my DSL router, O2 provides an non-routable 10.x.x.x address to my 3G device. The only solution will be IPv6. I hope it will come soon. Joerg -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
