On Tuesday 09 March 2010 06:41:52 am Hiisi wrote: > 2010/3/9 Rick Sewill <rsewill@xxxxxxxxx>: > > On Tue, 2010-03-09 at 00:08 -0600, Rick Sewill wrote: > >> On Tue, 2010-03-09 at 08:40 +0300, Hiisi wrote: > >> > 2010/3/9 Rick Sewill <rsewill@xxxxxxxxx>: > >> My first thought is to say, talk to the ISP. > >> The ISP should have a way for you to configure their NAT router > >> to forward the ssh port to your host. Other than charging for the service, it might be hard for the ISP to forward the ssh port to your host, simply because ssh port is maybe already being forwarded to some other host, for internal use by the ISP admins --- they might want to get into one of their machines just like you want to get into yours, and there might be no way for the router to decide when to forward the port to this or that computer while doing NAT. This depends on the capabilities of the master router of your ISP, and their infrastructure. I used to work once for an institution which had *one* single public IP available for the single router, everything else was behind NAT. And the router itself was a miserable pos, for that matter... > > Are you, and some other customers of the ISP, sharing the same public > > IP address? Doing so would reduce the number of public IP addresses > > the ISP would need. I'd be very, very surprised if an ISP did this. > > I'd be more than surprised. I'd be shocked. This is actually a fairly common practice. I believe there are more ISP's in the world that do this than those that don't. Think China or such. Not every country has a wide enough range of public IP's available, so local ISP's use this kind of measures to save the IP pool as much as possible, until IPv6 arrives. > I live in a students hostel and I'm unable to change ISP. The only > other solution would be to to get a gprs-modem. But I don't want to > bay it because prices are wild here in Moscow (and I'd have dynamic IP > then, correct?). Before writing on this list I've consulted my ISP. > They have no better (free) solution that the one I have at the moment. > Alternatively, they can charge me with extra money for so called > 'static IP'. I don't need it because I don't want to run WEB-server at > home. I just want to access my files at home computer from lab > computer to eliminate stresses in case I forgot a USB-drive in a rash > to the lab :-) You might want to look into OpenVPN. It's a method to create a "virtual" network, which would allow you to do whatever you want within that network, including ssh, vnc, and other. This has some drawbacks, however: 1) you need at least one machine with a fixed IP which is publicly visible (the "middle" computer that you use now) to set up a OpenVPN server (to which all other machines --- clients --- should connect to) 2) it might be somewhat slower than the native connection, but that is insignificant if all your machines are on the same LAN. It might get significantly slower if one machine is in Paris, the other in Cairo and the server is in Peking... 3) It takes some time and effort to learn, install and set up. It is simpler to use than your current usage of ssh -R, but way more complicated to set up. Although, you need to set it up only once. But once you master it and implement it, no router or firewall may stop you from accessing your own machines. That's what I use --- I have connected three clients (all three behind various ISP NAT's in two different cities) to my main machine (which acts as an OpenVPN server) which has public IP. I use the virtual network to admin all those machines (including the server itself) from the other side of the continent, for over a year now. Works like a charm, never failed me. ;-) HTH, :-) Marko -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines