Re: ssh to my computer behind NAT

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 2010-03-09 at 08:40 +0300, Hiisi wrote: 
> 2010/3/9 Rick Sewill <rsewill@xxxxxxxxx>:
> > On Tue, 2010-03-09 at 00:49 +0300, Hiisi wrote:
> >> Dear list!
> >> I would like to be able to ssh to my home computer located behind my
> >> ISP' NAT. I know, I can tunnel to it through some middle host and
> >> actually I'm doing it at the moment. But I'm fancy is there a better
> >> solution? Is there a possibility of not using any computer at the
> <--SNIP-->
> >
> > If it's a company gateway, we mustn't help you defeat their security.
> >
> > I don't want to discuss whether having a gateway adds to security.
> > Personally, I believe all devices in the internal LAN must be secure.
> > I do not believe security can be done solely at the border of a LAN.
> >
> > Do you control the device that is doing NAT for you or does the ISP?
> > If controlled by the ISP, did the ISP provide a way to configure it?
> >
> > As others have said and will say, one needs to have the NAT device
> > port forward the appropriate port (whatever port you use for ssh)
> > to your host.
> >
> >
> 
> You and other, thank for your responses. Sorry I didn't make it clear.
> I don't have any router. I'm connected to Internet via LAN. My IP
> address is something like 192.168.3.20 and I use ISP' router IP
> (192.168.0.1) as a gateway (I don't have any access to the router).
> So, I decided its called NAT. Am I wrong here? I don't know. I know
> only that I can't reach my computer from the outside of the LAN. So, I
> did the following: on the target computer I ran:
> ssh -R 10002:localhost:22 user@xxxxxxxxxxx (it's a computer somewhere
> and I have ssh access there)
> Now I can connect to the target computer in a few steps:
> 1. connect to middle.host:
> ssh user@xxxxxxxxxxx
> 2. and from there:
> ssh Hiisi@xxxxxxxxxxxxx -p 10002
> See, it's not very convenient and I'm not sure whether it's possible
> to use VNC using this setup (as I would like to).  So, is there any
> better solution?
> -- 
> Hiisi.
> Registered Linux User #487982. Be counted at: http://counter.li.org/
> --
> Spandex is a privilege, not a right.

Your explanation of a middle host is good.  
I didn't understand what you were doing, previously.

Your description of NAT is fine.  Your ISP is doing NAT.

My first thought is to say, talk to the ISP.
The ISP should have a way for you to configure their NAT router
to forward the ssh port to your host.

I have difficulty thinking why the ISP wouldn't let you configure
their NAT router to forward the ssh port to your host...unless.

I hadn't thought of it before, but putting customers behind a NAT
router, and not letting customers configure the NAT router to 
forward ports, might be a way to prevent customers running servers.

Is this what the ISP is trying to do?  Stop customers running servers?

If a customer wants to run a server, even an ssh server,
which is what you wish to do, does the ISP wish to charge more money?

If the ISP is deliberately stopping you, I'd say get another ISP.
If you can't get another ISP, I don't know what to suggest.


-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux