[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Fri, 27 Feb 2009, dave wrote: > When EntaNet bothered providing a connection I had a static IP address, > and from outside I could simply ssh tunnel into it. However, with mobile > broadband they use their own NAT somewhere in their network. Does anyone > know a solution to this? Skype works okay, so there is obviously a > technique that punches through their and my NAT, but I don't know how to > ssh in, short of setting up a reverse tunnel to an external machine. > That would provide another point of failure, and slow the connection > further. > > Has anyone tried or solved this? You'd need to establish a tunnel out of your home setup to some external host which you are allowed to connect into, either a VPN of some sorts, or some sort of ssh tunnel - eg. use the reverse port forwarding facilities. So from home to external host: ssh external-host -R2222:localhost:22 and login to the remote host as usual from home, then establish something that will keep the connection alive - eg a ping somewhere, once a minute. You obviously need to set this up in advance, or provide a mechanism to kick this off remotely... (Note -R and not -L) Then, from anywhere on the 'net, ssh into the external host from wherever you are, then ssh localhost -p2222 and that will then tunnel through the connection opened by the ssh outgoing from the home host. It's fiddly, but it's a trick I use to access some of my clients PBXs when they can't/won't port-forward/firewall their router to let me in... They have a command on their PBX that establishes the outgoing tunnel to one of my hosts, I then ssh from my host into their PBX to do what I need to do. And you can subsequently port-forward via this tunnel too, so I can get remote web access and so on... I'm sure openVpn,etc. might be a more elegant solution but this will work in the absence of anything like that. Gordon -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html