Re: Looking for program that emails me when dhcp addr changes
From: Sooner Al \(MVP\) (SoonerAl_at_somewhere.net.invalid)
Date: Wed, 18 May 2005 05:15:51 -0500
For SSH all you need forwarded is TCP Port 22...
-- Al Jarvi (MS-MVP Windows Networking) Please post *ALL* questions and replies to the news group for the mutual benefit of all of us... The MS-MVP Program - http://mvp.support.microsoft.com This posting is provided "AS IS" with no warranties, and confers no rights... "Larry Alkoff" <email@example.com> wrote in message news:firstname.lastname@example.org... > On 17 May 2005 22:25:51 -0400, "Richard E. Silverman" <email@example.com> > wrote: > >> >>>>>>> "LA" == Larry Alkoff <firstname.lastname@example.org> writes: >> >> LA> Neither my ssh info or man route says mentions about how to ssh in >> LA> to a NATted machine. >> >>That's because you don't, not directly. This is the creeping, subversive >>horror of NAT -- a machine behind a PNAT gateway is not actually connected >>to the Internet, not in the way God intended. It has no globally >>meaningful IP address, and hence cannot be the explicit target of incoming >>traffic. Instead, it has a kind of shadowy half-existence, able to >>participate in TCP connections or UDP conversations it initiates but >>unable to reciprocate. >> >>The usual hack around this is to program your router to intercept TCP >>connections addressed to the router's address on certain ports, and >>"forward" (proxy) them to certain internal machines of your choice. >> >>The sheer ugliness of NAT is breathtaking. IP and packet-switching was >>designed to support a resilient a network of peer hosts, all fully capable >>of providing services to one another. With pervasive NAT, most pairs of >>machines on the Net today are in fact *incapable* of talking directly to >>one another, because neither one has a real address! Instead, >>communication has to be mediated by mutual connection to some server -- >>which turns the Internet back into the sort of brittle hierarchical thing >>it was originally designed to replace! And of course, also enforces a >>broadcast, push-only model of content distribution, helping turn the Net >>into just another kind of digital TV. More channels, but the same crap >>from the same corporations. >> >>It's painful. And every time the topic of IPv6 comes up in places like >>slashdot, you get a hundred idiots babbling on about how "the market has >>spoken" and we don't really need it, NAT has solved all the problems just >>fine. That's like believing that we don't need fusion, because putting >>air filters on the smokestacks of coal-burning power plants has solved the >>problem. It's a short-term stopgap with real downsides, not a solution. > > Thank you Richard for a very interesting and informative explanation > of why my difficulty is happening. > > It seems my only alternative are either to attach a modem or work out > "the usual hack around". > > I'm willing to restrict all incoming ssh connections to a single > machine since I can go anywhere on my LAN from there. > > So I'm going to ask the floppyfw (single bootable floppy based router > / iptables firewall) people how to modify it to forward all port 22 > connections to my selected machine. That doesn't sound so hard. > > Any other connections besides port 22 I need to address? > > Thanks again, > Larry >