Re: ssh to my computer behind NAT
- From: Joerg Bergmann <email@xxxxxxxxxxxx>
- Date: Tue, 09 Mar 2010 07:42:06 +0100
Am Dienstag, den 09.03.2010, 00:17 -0600 schrieb Rick Sewill:
On Tue, 2010-03-09 at 00:08 -0600, Rick Sewill wrote:It's usual for ISP to do so, at least outside U.S.A. Public IP4
On Tue, 2010-03-09 at 08:40 +0300, Hiisi wrote:
2010/3/9 Rick Sewill <rsewill@xxxxxxxxx>:
On Tue, 2010-03-09 at 00:49 +0300, Hiisi wrote:<--SNIP-->
I would like to be able to ssh to my home computer located behind my
ISP' NAT. I know, I can tunnel to it through some middle host and
actually I'm doing it at the moment. But I'm fancy is there a better
solution? Is there a possibility of not using any computer at the
If it's a company gateway, we mustn't help you defeat their security.
I don't want to discuss whether having a gateway adds to security.
Personally, I believe all devices in the internal LAN must be secure.
I do not believe security can be done solely at the border of a LAN.
Do you control the device that is doing NAT for you or does the ISP?
If controlled by the ISP, did the ISP provide a way to configure it?
As others have said and will say, one needs to have the NAT device
port forward the appropriate port (whatever port you use for ssh)
to your host.
You and other, thank for your responses. Sorry I didn't make it clear.
I don't have any router. I'm connected to Internet via LAN. My IP
address is something like 192.168.3.20 and I use ISP' router IP
(192.168.0.1) as a gateway (I don't have any access to the router).
So, I decided its called NAT. Am I wrong here? I don't know. I know
only that I can't reach my computer from the outside of the LAN. So, I
did the following: on the target computer I ran:
ssh -R 10002:localhost:22 user@xxxxxxxxxxx (it's a computer somewhere
and I have ssh access there)
Now I can connect to the target computer in a few steps:
1. connect to middle.host:
2. and from there:
ssh Hiisi@xxxxxxxxxxxxx -p 10002
See, it's not very convenient and I'm not sure whether it's possible
to use VNC using this setup (as I would like to). So, is there any
Registered Linux User #487982. Be counted at: http://counter.li.org/
Spandex is a privilege, not a right.
Your explanation of a middle host is good.
I didn't understand what you were doing, previously.
Your description of NAT is fine. Your ISP is doing NAT.
My first thought is to say, talk to the ISP.
The ISP should have a way for you to configure their NAT router
to forward the ssh port to your host.
I have difficulty thinking why the ISP wouldn't let you configure
their NAT router to forward the ssh port to your host...unless.
I hadn't thought of it before, but putting customers behind a NAT
router, and not letting customers configure the NAT router to
forward ports, might be a way to prevent customers running servers.
Is this what the ISP is trying to do? Stop customers running servers?
If a customer wants to run a server, even an ssh server,
which is what you wish to do, does the ISP wish to charge more money?
If the ISP is deliberately stopping you, I'd say get another ISP.
If you can't get another ISP, I don't know what to suggest.
I just thought of another possibility the ISP might be doing.
Are you, and some other customers of the ISP, sharing the same public
IP address? Doing so would reduce the number of public IP addresses
the ISP would need. I'd be very, very surprised if an ISP did this.
I'd be more than surprised. I'd be shocked.
addresses are scarce even in Germany: German Telekom provides a public
IP to my DSL router, O2 provides an non-routable 10.x.x.x address to
my 3G device. The only solution will be IPv6. I hope it will come soon.
users mailing list
To unsubscribe or change subscription options:
- Prev by Date: Re: ssh to my computer behind NAT
- Next by Date: Re: webcam for linux
- Previous by thread: Re: ssh to my computer behind NAT
- Next by thread: Re: ssh to my computer behind NAT