RE: [TCLUG:8149] ssh and NAT

To: "'tclug-list@mn-linux.org'" <tclug-list@mn-linux.org>
Subject: RE: [TCLUG:8149] ssh and NAT
From: Unni Nambiar <unambiar@Legato.COM>
Date: Wed, 8 Sep 1999 15:10:25 -0500

Thanks for the responses. I'm not using linux for NAT.  This is Cisco's
internal NAT implementation.

> From: Jon Schewe
> Why don't you just puthte router in 
> bridging mode and
> then take the IP address for your Linux box and have that do 
> the gatewaying?

&

> From: Daniel M. Debertin
>Assuming USWEST sets up their
> routers in bridging mode like my ISP does (very likely),

Actually, the router is setup in PPP mode, not bridging.  My understanding
is that  you can use bridging mode only if you are alloted a static IP
address.  Since my router is using PPP's IPCP protocol to talk to the
central office and is then being assigned a dynamic IP address from the
server's DHCP server, i cannot(?) use bridging mode.  Is this wrong ?
 
> 2. Ssh tries to use priveleged ports first -- I think they 
> start at 1000
> instead of the usual 1024. If you have some firewalling thrown in with
> that NAT, be sure you are allowing those ports through.
>

No I don't have any firewalling other than basic tcp-wrapper.  In fact since
the router is doing NAT (or PAT) maybe i may not need firewalling since no
one can get past my router as long as i keep the router's password secure.
I will only need to do something if i get a static address.  Also, i don't
run any servers on my side that i need to get to from outside.
 
> It sounds to me like it could be a dhcp problem. You connect, 
> communicate
> regularly for awhile, then USWEST changes your IP addy, and 
> ssh is still
> using the old IP, which is now given to some poor fellow in Eagan or
> something.
>

I think DHCP works using a lease mechanism.  IP addresses are assigned for a
time period.  Even after we disconnect and reconnect (which i don't do
anymore since i'm using DSL as a permanent connection).  I've always
wondered how they identify that the same machine has connected.  In any
case, i think its unlikely that my IP address could get reassigned
on-the-fly. Right ?

> If this is the case, there is nothing you can do 
> but find an
> ISP that allows you to have a static IP (MNInter.net does 
> this. They are
> not too bad an ISP. I think real-time will do it for an extra couple
> bucks, too). 
>

I may eventually have to do this.  I'd just like to be sure that i "have"
to.

I think the privileged port thingie is playing a role here.  Does NAT have
anything to do with privileged ports ?  I know ssh does.  Or does it depend
on how the NAT is configured.  This NAT is the one that comes built into the
router's OS (CBOS).  I'm not using linux for NAT.

Daniel, did you say you have the same setup and ssh is working ?

Thanks.

-Unni

Follow-Ups:
- RE: [TCLUG:8149] ssh and NAT
  - From: "Daniel M. Debertin" <katdan@mail.swdata.com>
- Re: [TCLUG:8149] ssh and NAT
  - From: "Jon Schewe" <schewe@tcfreenet.org>

Prev by Date: Re: [TCLUG:8158] RedHat stock
Next by Date: Re: [TCLUG:8149] ssh and NAT
Prev by thread: Re: [TCLUG:8158] RedHat stock
Next by thread: Re: [TCLUG:8149] ssh and NAT
Index(es):
- Date
- Thread