TCLUG Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [TCLUG:8149] ssh and NAT



ummm.. your ISP blocks 21, 22, and 23 on the outgoing?????? that's really
lame.. i would drop them in about 5 min

Thank You,
        Ben Kochie (ben@nerp.net)

*-----------------------*  [ - * - * - * - * - * - * - * - ]
| Unix/Linux Consulting |  [ Haiku Error Message:          ]
|  PC/Mac Repair        |  [  Chaos reigns within.         ]
|   Networking          |  [  Reflect, repent, and reboot. ]
| http://nerp.net       |  [  Order shall return.          ]
*-----------------------*  [ - * - * - * - * - * - * - * - ]

 "Unix is user friendly, Its just picky about its friends."

On Wed, 8 Sep 1999, Daniel M. Debertin wrote:

> Hello Unni --
> 	I am doing exactly the same thing. Assuming USWEST sets up their
> routers in bridging mode like my ISP does (very likely), You have two
> gotchas with ssh: 
> 1. Your ISP may block that port or do something funny with it. Mine blocks
> 21, 22 and 23, for whatever reason, so I have to run ssh on a nonstandard
> port. This is probably not your problem, as you are at least able to get a
> connection.
> 2. Ssh tries to use priveleged ports first -- I think they start at 1000
> instead of the usual 1024. If you have some firewalling thrown in with
> that NAT, be sure you are allowing those ports through.
> 
> It sounds to me like it could be a dhcp problem. You connect, communicate
> regularly for awhile, then USWEST changes your IP addy, and ssh is still
> using the old IP, which is now given to some poor fellow in Eagan or
> something. If this is the case, there is nothing you can do but find an
> ISP that allows you to have a static IP (MNInter.net does this. They are
> not too bad an ISP. I think real-time will do it for an extra couple
> bucks, too). 
> 
> Good luck --
> Dan Debertin
> 
> 
> On Wed, 8 Sep 1999, Unni Nambiar wrote:
> 
> > Does anything special need to be done to get ssh working through NAT ?
> > 
> > I've got my USWest DSL hooked up (finally !).  I'm using the Cisco 675
> > external with DHCP server enabled.  So eth0 on the linux box is configured
> > to get its ip address via dhcp.  Also NAT is probably working in port
> > address translation mode, since the router negotiates just one wan address
> > from the isp (also uswest) which is also dynamic (dhcp) not static.
> > 
> > Suddenly ssh is starting to misbehave.  I'm able to log in to my sshd server
> > at work, but in a few minutes the whole connection freezes.  Don't know
> > whats causing it.  Sometimes it feels as though, if i keep typing something
> > the connection stays alive.  But that assumption might not be correct.  Also
> > i can only run one ssh session, the second one hangs.  I don't think they've
> > done anything on the server side to restrict connections.  In any case the
> > one connection should not freeze.
> > 
> > I assume that ssh only encrypts the data part of the packet and leaves the
> > ip header alone.  So theorectically NAT should have no effect.
> > 
> > Any ideas ?
> > 
> > Thanks.
> > 
> > -Unni
> > 
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: tclug-list-unsubscribe@mn-linux.org
> > For additional commands, e-mail: tclug-list-help@mn-linux.org
> > 
> 
> 
> 
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tclug-list-unsubscribe@mn-linux.org
> For additional commands, e-mail: tclug-list-help@mn-linux.org
>