Re: help connecting to my linux machine with verizon dsl via ssh

On 26 Sep 2006, in the Usenet newsgroup comp.os.linux.networking, in article
<1159279637.053076.218200@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>,
dongarbage@xxxxxxxxxxx wrote:

I have verizon dsl with a westell modem. Verizon assigns a dynamic IP
address to me on occasion. I get the dynamic IP address (X.X.X.X) for
my machine from showipaddress.com. I can ssh to the machine from a
machine outside my home's local network with no problem.

Your westell modem is acting as a NAT router, taking packets from the
Internet addressed to the apparent SSH server on (example) 70.19.144.200:22
and forwarding them to the actual SSH daemon on 192.168.Y.Y. Normal,
though sometimes restricted by some ISPs.

I can ssh to the machine from itself and machines local to my home's
local network but only using "localhost" and the machine's local ip
address (192.168.Y.Y).

and if you ran a traceroute or sniffed the wire with tcpdump, you'd see the
packets going direct to the SSH server.

When I try to ssh to my machine using the dynamic IP address of verizon
from inside my home's network, I get a connection refused.

Tcpdump, or traceroute would provide the clues here. You are trying to
connect to the _apparent_ server on the outside of your westell modem
(which gets forwarded to 192.168.Y.Y). The router knows that your
192.168.Y.Y can't appear on the Internet, and is NATing that to an
Internet address such as 70.19.144.200, then realizes you are trying to
connect to the inside server from an inside address, and is getting pissed
that you are wasting it's time and CPU cycles. The tcpdump output _might_
show it sending back an ICMP Type 5 (Redirect) message telling you to send
your packets directly and not bother the router. This is normal behavior
of any routing system when it discovers the the source and destination of
a packet are on the same hardware interface.

Solution: Don't do that.

Old guy
.

Relevant Pages

  • Re: Linux als Router
    ... # Enter all trusted network interfaces here. ... # which should be available to the internet and set FW_ROUTE to yes. ... space separated list of ports, ... # Packets to silently reject without log message. ...
    (de.comp.os.unix.linux.misc)
  • Re: Routing and Remote Access NAT - I need to modify TTL
    ... with two interfaces: PUBLIC (internet) and PRIVATE ... use it as a gateway, they can access hosts on the PUBLIC interface, TTL is ... but the replay that comes back to the NAT ... They relay on the fact that client computers accept packets with TTL=0, ...
    (microsoft.public.windows.server.networking)
  • Re: Routing and Remote Access NAT - I need to modify TTL
    ... with two interfaces: PUBLIC (internet) and PRIVATE ... use it as a gateway, they can access hosts on the PUBLIC interface, TTL is ... but the replay that comes back to the NAT ... They relay on the fact that client computers accept packets with TTL=0, ...
    (microsoft.public.windows.server.networking)
  • Re: Ethernet issue: works one way but not another
    ... packets transmitted, 5 packets received, 0% packet loss ... (This is when connected directly to internet through ... FBSD, I have been working with BSDI at the isp I work for for the last ... As for my network topology, I have an internal network that goes ...
    (freebsd-questions)
  • Re: ntpd fails to synchronize on FreeBSD 6.3-STABLE
    ... 12 packets received by filter ... Then let the tcpdump go for about 15 minutes. ... Firewall on my router/gateway is disabled, ... # shutdown -r now ...
    (freebsd-stable)
Loading