Re: Looking for program that emails me when dhcp addr changes

From: Sooner Al \(MVP\) (SoonerAl_at_somewhere.net.invalid)
Date: 05/18/05


Date: Wed, 18 May 2005 05:15:51 -0500

For SSH all you need forwarded is TCP Port 22...

-- 
Al Jarvi (MS-MVP Windows Networking)
Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no rights...
"Larry Alkoff" <nobody@nowhere.com> wrote in message 
news:cqal81pvscuea8fvmnaf5vhmfn8f54gs83@4ax.com...
> On 17 May 2005 22:25:51 -0400, "Richard E. Silverman" <res@qoxp.net>
> wrote:
>
>>
>>>>>>> "LA" == Larry Alkoff <nobody@nowhere.com> writes:
>>
>>    LA> Neither my ssh info or man route says mentions about how to ssh in
>>    LA> to a NATted machine.
>>
>>That's because you don't, not directly.  This is the creeping, subversive
>>horror of NAT -- a machine behind a PNAT gateway is not actually connected
>>to the Internet, not in the way God intended.  It has no globally
>>meaningful IP address, and hence cannot be the explicit target of incoming
>>traffic.  Instead, it has a kind of shadowy half-existence, able to
>>participate in TCP connections or UDP conversations it initiates but
>>unable to reciprocate.
>>
>>The usual hack around this is to program your router to intercept TCP
>>connections addressed to the router's address on certain ports, and
>>"forward" (proxy) them to certain internal machines of your choice.
>>
>>The sheer ugliness of NAT is breathtaking.  IP and packet-switching was
>>designed to support a resilient a network of peer hosts, all fully capable
>>of providing services to one another.  With pervasive NAT, most pairs of
>>machines on the Net today are in fact *incapable* of talking directly to
>>one another, because neither one has a real address!  Instead,
>>communication has to be mediated by mutual connection to some server --
>>which turns the Internet back into the sort of brittle hierarchical thing
>>it was originally designed to replace!  And of course, also enforces a
>>broadcast, push-only model of content distribution, helping turn the Net
>>into just another kind of digital TV.  More channels, but the same crap
>>from the same corporations.
>>
>>It's painful.  And every time the topic of IPv6 comes up in places like
>>slashdot, you get a hundred idiots babbling on about how "the market has
>>spoken" and we don't really need it, NAT has solved all the problems just
>>fine.  That's like believing that we don't need fusion, because putting
>>air filters on the smokestacks of coal-burning power plants has solved the
>>problem.  It's a short-term stopgap with real downsides, not a solution.
>
> Thank you Richard for a very interesting and informative explanation
> of why my difficulty is happening.
>
> It seems my only alternative are either to attach a modem or work out
> "the usual hack around".
>
> I'm willing to restrict all incoming ssh connections to a single
> machine since I can go anywhere on my LAN from there.
>
> So I'm going to ask the floppyfw (single bootable floppy based router
> / iptables firewall) people how to modify it to forward all port 22
> connections to my selected machine.  That doesn't sound so hard.
>
> Any other connections besides port 22 I need to address?
>
> Thanks again,
> Larry
> 


Relevant Pages

  • Re: ipfw and nmap
    ... > even be correct but I have a bsd box that is simply providing me SSH ... add allow tcp from any to me 22 setup in via fxp0 keep-state ... Note too that there is nothing to prevent port scanners simply setting ... the 'SYN' flag in the probe packets they send to your server. ...
    (freebsd-questions)
  • Re: ssh and vnc problem
    ... but also SSH connections have a source port> 1024. ... I hope your firewall does not block ...
    (comp.security.ssh)
  • Re: Looking for program that emails me when dhcp addr changes
    ... > LA> Neither my ssh info or man route says mentions about how to ssh in ... >participate in TCP connections or UDP conversations it initiates but ... >The sheer ugliness of NAT is breathtaking. ... Any other connections besides port 22 I need to address? ...
    (comp.security.ssh)
  • Re: --display for Fedora Core 2 new Xorg server
    ... >> it never allows any remote display at all. ... > Enabel X11Forward on the SSH server and SSH client? ... It goes straight to the port 6000 TCP. ...
    (comp.os.linux.x)
  • ssh v4.2p1 IPv6 TCP checksum error
    ... repeatedly encounter TCP checksum errors. ... on to the ssh problem... ... Internet Protocol Version 6 ... Transmission Control Protocol, Src Port: 41335, Dst Port: ssh ...
    (SSH)