ssh to my computer behind NAT

Chris Kloiber ckloiber at ckloiber.com
Tue Mar 9 06:15:42 UTC 2010 

If that's true (they want to prevent you from running a server) then get 
a new ISP.

-- 
Chris Kloiber


On 03/09/2010 01:08 AM, Rick Sewill wrote:
> On Tue, 2010-03-09 at 08:40 +0300, Hiisi wrote:
>> 2010/3/9 Rick Sewill<rsewill at gmail.com>:
>>> On Tue, 2010-03-09 at 00:49 +0300, Hiisi wrote:
>>>> Dear list!
>>>> I would like to be able to ssh to my home computer located behind my
>>>> ISP' NAT. I know, I can tunnel to it through some middle host and
>>>> actually I'm doing it at the moment. But I'm fancy is there a better
>>>> solution? Is there a possibility of not using any computer at the
>> <--SNIP-->
>>>
>>> If it's a company gateway, we mustn't help you defeat their security.
>>>
>>> I don't want to discuss whether having a gateway adds to security.
>>> Personally, I believe all devices in the internal LAN must be secure.
>>> I do not believe security can be done solely at the border of a LAN.
>>>
>>> Do you control the device that is doing NAT for you or does the ISP?
>>> If controlled by the ISP, did the ISP provide a way to configure it?
>>>
>>> As others have said and will say, one needs to have the NAT device
>>> port forward the appropriate port (whatever port you use for ssh)
>>> to your host.
>>>
>>>
>>
>> You and other, thank for your responses. Sorry I didn't make it clear.
>> I don't have any router. I'm connected to Internet via LAN. My IP
>> address is something like 192.168.3.20 and I use ISP' router IP
>> (192.168.0.1) as a gateway (I don't have any access to the router).
>> So, I decided its called NAT. Am I wrong here? I don't know. I know
>> only that I can't reach my computer from the outside of the LAN. So, I
>> did the following: on the target computer I ran:
>> ssh -R 10002:localhost:22 user at middle.host (it's a computer somewhere
>> and I have ssh access there)
>> Now I can connect to the target computer in a few steps:
>> 1. connect to middle.host:
>> ssh user at middle.host
>> 2. and from there:
>> ssh Hiisi at home.computer -p 10002
>> See, it's not very convenient and I'm not sure whether it's possible
>> to use VNC using this setup (as I would like to).  So, is there any
>> better solution?
>> --
>> Hiisi.
>> Registered Linux User #487982. Be counted at: http://counter.li.org/
>> --
>> Spandex is a privilege, not a right.
>
> Your explanation of a middle host is good.
> I didn't understand what you were doing, previously.
>
> Your description of NAT is fine.  Your ISP is doing NAT.
>
> My first thought is to say, talk to the ISP.
> The ISP should have a way for you to configure their NAT router
> to forward the ssh port to your host.
>
> I have difficulty thinking why the ISP wouldn't let you configure
> their NAT router to forward the ssh port to your host...unless.
>
> I hadn't thought of it before, but putting customers behind a NAT
> router, and not letting customers configure the NAT router to
> forward ports, might be a way to prevent customers running servers.
>
> Is this what the ISP is trying to do?  Stop customers running servers?
>
> If a customer wants to run a server, even an ssh server,
> which is what you wish to do, does the ISP wish to charge more money?
>
> If the ISP is deliberately stopping you, I'd say get another ISP.
> If you can't get another ISP, I don't know what to suggest.
>
>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6653 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.fedoraproject.org/pipermail/users/attachments/20100309/e66f153c/attachment.bin

More information about the users mailing list