-- Chris Kloiber On 03/09/2010 01:08 AM, Rick Sewill wrote:
On Tue, 2010-03-09 at 08:40 +0300, Hiisi wrote:2010/3/9 Rick Sewill<rsewill@xxxxxxxxx>:On Tue, 2010-03-09 at 00:49 +0300, Hiisi wrote:Dear list! I would like to be able to ssh to my home computer located behind my ISP' NAT. I know, I can tunnel to it through some middle host and actually I'm doing it at the moment. But I'm fancy is there a better solution? Is there a possibility of not using any computer at the<--SNIP-->If it's a company gateway, we mustn't help you defeat their security. I don't want to discuss whether having a gateway adds to security. Personally, I believe all devices in the internal LAN must be secure. I do not believe security can be done solely at the border of a LAN. Do you control the device that is doing NAT for you or does the ISP? If controlled by the ISP, did the ISP provide a way to configure it? As others have said and will say, one needs to have the NAT device port forward the appropriate port (whatever port you use for ssh) to your host.You and other, thank for your responses. Sorry I didn't make it clear. I don't have any router. I'm connected to Internet via LAN. My IP address is something like 192.168.3.20 and I use ISP' router IP (192.168.0.1) as a gateway (I don't have any access to the router). So, I decided its called NAT. Am I wrong here? I don't know. I know only that I can't reach my computer from the outside of the LAN. So, I did the following: on the target computer I ran: ssh -R 10002:localhost:22 user@xxxxxxxxxxx (it's a computer somewhere and I have ssh access there) Now I can connect to the target computer in a few steps: 1. connect to middle.host: ssh user@xxxxxxxxxxx 2. and from there: ssh Hiisi@xxxxxxxxxxxxx -p 10002 See, it's not very convenient and I'm not sure whether it's possible to use VNC using this setup (as I would like to). So, is there any better solution? -- Hiisi. Registered Linux User #487982. Be counted at: http://counter.li.org/ -- Spandex is a privilege, not a right.Your explanation of a middle host is good. I didn't understand what you were doing, previously. Your description of NAT is fine. Your ISP is doing NAT. My first thought is to say, talk to the ISP. The ISP should have a way for you to configure their NAT router to forward the ssh port to your host. I have difficulty thinking why the ISP wouldn't let you configure their NAT router to forward the ssh port to your host...unless. I hadn't thought of it before, but putting customers behind a NAT router, and not letting customers configure the NAT router to forward ports, might be a way to prevent customers running servers. Is this what the ISP is trying to do? Stop customers running servers? If a customer wants to run a server, even an ssh server, which is what you wish to do, does the ISP wish to charge more money? If the ISP is deliberately stopping you, I'd say get another ISP. If you can't get another ISP, I don't know what to suggest.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
-- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
