[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
Gordon Henderson wrote: > On Fri, 27 Feb 2009, dave wrote: > > >> When EntaNet bothered providing a connection I had a static IP address, >> and from outside I could simply ssh tunnel into it. However, with mobile >> broadband they use their own NAT somewhere in their network. Does anyone >> know a solution to this? Skype works okay, so there is obviously a >> technique that punches through their and my NAT, but I don't know how to >> ssh in, short of setting up a reverse tunnel to an external machine. >> That would provide another point of failure, and slow the connection >> further. >> >> Has anyone tried or solved this? >> > > You'd need to establish a tunnel out of your home setup to some external > host which you are allowed to connect into, either a VPN of some sorts, or > some sort of ssh tunnel - eg. use the reverse port forwarding facilities. > > So from home to external host: > > ssh external-host -R2222:localhost:22 > > and login to the remote host as usual from home, then establish something > that will keep the connection alive - eg a ping somewhere, once a minute. > You obviously need to set this up in advance, or provide a mechanism to > kick this off remotely... > > (Note -R and not -L) > > Then, from anywhere on the 'net, ssh into the external host from wherever > you are, then > > ssh localhost -p2222 > > and that will then tunnel through the connection opened by the ssh > outgoing from the home host. > > > It's fiddly, but it's a trick I use to access some of my clients PBXs when > they can't/won't port-forward/firewall their router to let me in... They > have a command on their PBX that establishes the outgoing tunnel to one of > my hosts, I then ssh from my host into their PBX to do what I need to do. > And you can subsequently port-forward via this tunnel too, so I can get > remote web access and so on... > > I'm sure openVpn,etc. might be a more elegant solution but this will work > in the absence of anything like that. > > Gordon > > Yes, that's what I meant by a reverse tunnel. A good explanation. My only problem with this is that it adds further delay to the link, and requires the ssh command on the NAtted server to be robust. autossh might help here. You can combine the remote unit to "proxy" server into one command: ssh -L 2222:localhost:2222 <proxy_server> Any ssh -p 2222 on your remote machine will now connect straight to the home Natted server. I still feel that there must be a way of p2p ing through the ISPs NAT. STUNT is supposed to do this (like STUN for TCP). I'm not sure what tools to use here. http://nutss.gforge.cis.cornell.edu/stunt.php D -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html