Re: ssh to my computer behind NAT
- From: Marko Vojinovic <vvmarko@xxxxxxxxx>
- Date: Tue, 9 Mar 2010 11:45:52 +0000
On Tuesday 09 March 2010 06:41:52 am Hiisi wrote:
2010/3/9 Rick Sewill <rsewill@xxxxxxxxx>:
On Tue, 2010-03-09 at 00:08 -0600, Rick Sewill wrote:
On Tue, 2010-03-09 at 08:40 +0300, Hiisi wrote:
2010/3/9 Rick Sewill <rsewill@xxxxxxxxx>:My first thought is to say, talk to the ISP.
The ISP should have a way for you to configure their NAT router
to forward the ssh port to your host.
Other than charging for the service, it might be hard for the ISP to forward
the ssh port to your host, simply because ssh port is maybe already being
forwarded to some other host, for internal use by the ISP admins --- they
might want to get into one of their machines just like you want to get into
yours, and there might be no way for the router to decide when to forward the
port to this or that computer while doing NAT.
This depends on the capabilities of the master router of your ISP, and their
infrastructure. I used to work once for an institution which had *one* single
public IP available for the single router, everything else was behind NAT. And
the router itself was a miserable pos, for that matter...
Are you, and some other customers of the ISP, sharing the same public
IP address? Doing so would reduce the number of public IP addresses
the ISP would need. I'd be very, very surprised if an ISP did this.
I'd be more than surprised. I'd be shocked.
This is actually a fairly common practice. I believe there are more ISP's in
the world that do this than those that don't. Think China or such. Not every
country has a wide enough range of public IP's available, so local ISP's use
this kind of measures to save the IP pool as much as possible, until IPv6
I live in a students hostel and I'm unable to change ISP. The only
other solution would be to to get a gprs-modem. But I don't want to
bay it because prices are wild here in Moscow (and I'd have dynamic IP
then, correct?). Before writing on this list I've consulted my ISP.
They have no better (free) solution that the one I have at the moment.
Alternatively, they can charge me with extra money for so called
'static IP'. I don't need it because I don't want to run WEB-server at
home. I just want to access my files at home computer from lab
computer to eliminate stresses in case I forgot a USB-drive in a rash
to the lab :-)
You might want to look into OpenVPN. It's a method to create a "virtual"
network, which would allow you to do whatever you want within that network,
including ssh, vnc, and other. This has some drawbacks, however:
1) you need at least one machine with a fixed IP which is publicly visible (the
"middle" computer that you use now) to set up a OpenVPN server (to which all
other machines --- clients --- should connect to)
2) it might be somewhat slower than the native connection, but that is
insignificant if all your machines are on the same LAN. It might get
significantly slower if one machine is in Paris, the other in Cairo and the
server is in Peking...
3) It takes some time and effort to learn, install and set up. It is simpler to
use than your current usage of ssh -R, but way more complicated to set up.
Although, you need to set it up only once.
But once you master it and implement it, no router or firewall may stop you
from accessing your own machines. That's what I use --- I have connected three
clients (all three behind various ISP NAT's in two different cities) to my main
machine (which acts as an OpenVPN server) which has public IP. I use the
virtual network to admin all those machines (including the server itself) from
the other side of the continent, for over a year now.
Works like a charm, never failed me. ;-)
users mailing list
To unsubscribe or change subscription options:
- Prev by Date: Re: ssh to my computer behind NAT
- Next by Date: Re: Problem with an external usb HD - slow usb
- Previous by thread: Re: ssh to my computer behind NAT
- Next by thread: Re: ssh to my computer behind NAT