Re: ssh to my computer behind NAT

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 2010-03-09 at 00:49 +0300, Hiisi wrote: 
> Dear list!
> I would like to be able to ssh to my home computer located behind my
> ISP' NAT. I know, I can tunnel to it through some middle host and
> actually I'm doing it at the moment. But I'm fancy is there a better
> solution? Is there a possibility of not using any computer at the
> middle to connect to my home system from the outside world? Can I
> connect to it directly using some magic setup? Any thoughts?
> -- 
> Hiisi.
> Registered Linux User #487982. Be counted at: http://counter.li.org/
> --
> Spandex is a privilege, not a right.

You said something about a middle host.  This middle host confuses me.
Is this middle host controlled by the ISP?  What is this middle host?

When I worked for a certain company, I had to ssh to a gateway host.
They didn't want anyone able to ssh directly to their internal LAN.
When you said middle host, I thought of that company and their gateway.

I would be surprised if an ISP requires you to go to a middle host.
I would expect an ISP to use the NAT where only IP addresses change.
I would expect an ISP to forward all ports to your assigned IP address.

If the ISP provided a router to you, that is doing NAT,
you should be able to configure that router to forward your ssh port.

I would not be surprised if a company requires you to go to a gateway.

If it's a company gateway, we mustn't help you defeat their security.

I don't want to discuss whether having a gateway adds to security.
Personally, I believe all devices in the internal LAN must be secure.
I do not believe security can be done solely at the border of a LAN.

Do you control the device that is doing NAT for you or does the ISP?
If controlled by the ISP, did the ISP provide a way to configure it?

As others have said and will say, one needs to have the NAT device
port forward the appropriate port (whatever port you use for ssh)
to your host.


-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux