Re: ssh to my computer behind NAT

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tuesday 09 March 2010 06:41:52 am Hiisi wrote:
> 2010/3/9 Rick Sewill <rsewill@xxxxxxxxx>:
> > On Tue, 2010-03-09 at 00:08 -0600, Rick Sewill wrote:
> >> On Tue, 2010-03-09 at 08:40 +0300, Hiisi wrote:
> >> > 2010/3/9 Rick Sewill <rsewill@xxxxxxxxx>:
> >> My first thought is to say, talk to the ISP.
> >> The ISP should have a way for you to configure their NAT router
> >> to forward the ssh port to your host.

Other than charging for the service, it might be hard for the ISP to forward 
the ssh port to your host, simply because ssh port is maybe already being 
forwarded to some other host, for internal use by the ISP admins --- they 
might want to get into one of their machines just like you want to get into 
yours, and there might be no way for the router to decide when to forward the 
port to this or that computer while doing NAT.

This depends on the capabilities of the master router of your ISP, and their 
infrastructure. I used to work once for an institution which had *one* single 
public IP available for the single router, everything else was behind NAT. And 
the router itself was a miserable pos, for that matter...

> > Are you, and some other customers of the ISP, sharing the same public
> > IP address?  Doing so would reduce the number of public IP addresses
> > the ISP would need.  I'd be very, very surprised if an ISP did this.
> > I'd be more than surprised.  I'd be shocked.

This is actually a fairly common practice. I believe there are more ISP's in 
the world that do this than those that don't. Think China or such. Not every 
country has a wide enough range of public IP's available, so local ISP's use 
this kind of measures to save the IP pool as much as possible, until IPv6 
arrives.
 
> I live in a students hostel and I'm unable to change ISP. The only
> other solution would be to to get a gprs-modem. But I don't want to
> bay it because prices are wild here in Moscow (and I'd have dynamic IP
> then, correct?). Before writing on this list I've consulted my ISP.
> They have no better (free) solution that the one I have at the moment.
> Alternatively, they can charge me with extra money for so called
> 'static IP'. I don't need it because I don't want to run WEB-server at
> home. I just want to access my files at home computer from lab
> computer to eliminate stresses in case I forgot a USB-drive in a rash
> to the lab :-)

You might want to look into OpenVPN. It's a method to create a "virtual" 
network, which would allow you to do whatever you want within that network, 
including ssh, vnc, and other. This has some drawbacks, however:

1) you need at least one machine with a fixed IP which is publicly visible (the 
"middle" computer that you use now) to set up a OpenVPN server (to which all 
other machines --- clients --- should connect to)

2) it might be somewhat slower than the native connection, but that is 
insignificant if all your machines are on the same LAN. It might get 
significantly slower if one machine is in Paris, the other in Cairo and the 
server is in Peking...

3) It takes some time and effort to learn, install and set up. It is simpler to 
use than your current usage of ssh -R, but way more complicated to set up. 
Although, you need to set it up only once.

But once you master it and implement it, no router or firewall may stop you 
from accessing your own machines. That's what I use --- I have connected three 
clients (all three behind various ISP NAT's in two different cities) to my main 
machine (which acts as an OpenVPN server) which has public IP. I use the 
virtual network to admin all those machines (including the server itself) from 
the other side of the continent, for over a year now.

Works like a charm, never failed me. ;-)

HTH, :-)
Marko

-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux