Re: ssh to my computer behind NAT

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



If that's true (they want to prevent you from running a server) then get a new ISP.

--
Chris Kloiber


On 03/09/2010 01:08 AM, Rick Sewill wrote:
On Tue, 2010-03-09 at 08:40 +0300, Hiisi wrote:
2010/3/9 Rick Sewill<rsewill@xxxxxxxxx>:
On Tue, 2010-03-09 at 00:49 +0300, Hiisi wrote:
Dear list!
I would like to be able to ssh to my home computer located behind my
ISP' NAT. I know, I can tunnel to it through some middle host and
actually I'm doing it at the moment. But I'm fancy is there a better
solution? Is there a possibility of not using any computer at the
<--SNIP-->

If it's a company gateway, we mustn't help you defeat their security.

I don't want to discuss whether having a gateway adds to security.
Personally, I believe all devices in the internal LAN must be secure.
I do not believe security can be done solely at the border of a LAN.

Do you control the device that is doing NAT for you or does the ISP?
If controlled by the ISP, did the ISP provide a way to configure it?

As others have said and will say, one needs to have the NAT device
port forward the appropriate port (whatever port you use for ssh)
to your host.



You and other, thank for your responses. Sorry I didn't make it clear.
I don't have any router. I'm connected to Internet via LAN. My IP
address is something like 192.168.3.20 and I use ISP' router IP
(192.168.0.1) as a gateway (I don't have any access to the router).
So, I decided its called NAT. Am I wrong here? I don't know. I know
only that I can't reach my computer from the outside of the LAN. So, I
did the following: on the target computer I ran:
ssh -R 10002:localhost:22 user@xxxxxxxxxxx (it's a computer somewhere
and I have ssh access there)
Now I can connect to the target computer in a few steps:
1. connect to middle.host:
ssh user@xxxxxxxxxxx
2. and from there:
ssh Hiisi@xxxxxxxxxxxxx -p 10002
See, it's not very convenient and I'm not sure whether it's possible
to use VNC using this setup (as I would like to).  So, is there any
better solution?
--
Hiisi.
Registered Linux User #487982. Be counted at: http://counter.li.org/
--
Spandex is a privilege, not a right.

Your explanation of a middle host is good.
I didn't understand what you were doing, previously.

Your description of NAT is fine.  Your ISP is doing NAT.

My first thought is to say, talk to the ISP.
The ISP should have a way for you to configure their NAT router
to forward the ssh port to your host.

I have difficulty thinking why the ISP wouldn't let you configure
their NAT router to forward the ssh port to your host...unless.

I hadn't thought of it before, but putting customers behind a NAT
router, and not letting customers configure the NAT router to
forward ports, might be a way to prevent customers running servers.

Is this what the ISP is trying to do?  Stop customers running servers?

If a customer wants to run a server, even an ssh server,
which is what you wish to do, does the ISP wish to charge more money?

If the ISP is deliberately stopping you, I'd say get another ISP.
If you can't get another ISP, I don't know what to suggest.



Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux