Re: [TCLUG:8149] ssh and NAT

To: "Tclug-List (E-mail)" <tclug-list@mn-linux.org>
Subject: Re: [TCLUG:8149] ssh and NAT
From: "Daniel M. Debertin" <katdan@mail.swdata.com>
Date: Wed, 8 Sep 1999 12:51:04 -0500 (CDT)
In-Reply-To: <A0AE096498F6D1119F2A00104B62748C4EC3AC@epex>

Hello Unni --
	I am doing exactly the same thing. Assuming USWEST sets up their
routers in bridging mode like my ISP does (very likely), You have two
gotchas with ssh: 
1. Your ISP may block that port or do something funny with it. Mine blocks
21, 22 and 23, for whatever reason, so I have to run ssh on a nonstandard
port. This is probably not your problem, as you are at least able to get a
connection.
2. Ssh tries to use priveleged ports first -- I think they start at 1000
instead of the usual 1024. If you have some firewalling thrown in with
that NAT, be sure you are allowing those ports through.

It sounds to me like it could be a dhcp problem. You connect, communicate
regularly for awhile, then USWEST changes your IP addy, and ssh is still
using the old IP, which is now given to some poor fellow in Eagan or
something. If this is the case, there is nothing you can do but find an
ISP that allows you to have a static IP (MNInter.net does this. They are
not too bad an ISP. I think real-time will do it for an extra couple
bucks, too). 

Good luck --
Dan Debertin


On Wed, 8 Sep 1999, Unni Nambiar wrote:

> Does anything special need to be done to get ssh working through NAT ?
> 
> I've got my USWest DSL hooked up (finally !).  I'm using the Cisco 675
> external with DHCP server enabled.  So eth0 on the linux box is configured
> to get its ip address via dhcp.  Also NAT is probably working in port
> address translation mode, since the router negotiates just one wan address
> from the isp (also uswest) which is also dynamic (dhcp) not static.
> 
> Suddenly ssh is starting to misbehave.  I'm able to log in to my sshd server
> at work, but in a few minutes the whole connection freezes.  Don't know
> whats causing it.  Sometimes it feels as though, if i keep typing something
> the connection stays alive.  But that assumption might not be correct.  Also
> i can only run one ssh session, the second one hangs.  I don't think they've
> done anything on the server side to restrict connections.  In any case the
> one connection should not freeze.
> 
> I assume that ssh only encrypts the data part of the packet and leaves the
> ip header alone.  So theorectically NAT should have no effect.
> 
> Any ideas ?
> 
> Thanks.
> 
> -Unni
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tclug-list-unsubscribe@mn-linux.org
> For additional commands, e-mail: tclug-list-help@mn-linux.org
>

Follow-Ups:
- Re: [TCLUG:8149] ssh and NAT
  - From: Ben Kochie <ben@nerp.net>

References:
- ssh and NAT
  - From: Unni Nambiar <unambiar@Legato.COM>

Prev by Date: Re: [TCLUG:8150] Strong Opinions on PCMCIA Ethernet Adapters and Linux?
Next by Date: Re: [TCLUG:8149] ssh and NAT
Prev by thread: Re: [TCLUG:8149] ssh and NAT
Next by thread: Re: [TCLUG:8149] ssh and NAT
Index(es):
- Date
- Thread