TCLUG Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [TCLUG:8149] ssh and NAT



Ah, thanks for the clarifications. I thought you meant you had problems
with *incoming* ssh (and BTW no, my ISP blocks those 3 ports for incoming
connections, not outgoing, so they're not as fascist as they seem :^). I
was also under the impression that you were using a linux box for your NAT
services. And, on to your reply --

On Wed, 8 Sep 1999, Unni Nambiar wrote:

> 
> I think DHCP works using a lease mechanism.  IP addresses are assigned for a
> time period.  Even after we disconnect and reconnect (which i don't do
> anymore since i'm using DSL as a permanent connection).  I've always
> wondered how they identify that the same machine has connected.  In any
> case, i think its unlikely that my IP address could get reassigned
> on-the-fly. Right ?

Generally, if you're using DHCP, then they identify your box by MAC
address. Sucks, because you have to call them up every time you change a
box or a NIC

> 
> I may eventually have to do this.  I'd just like to be sure that i "have"
> to.
> 
> I think the privileged port thingie is playing a role here.  Does NAT have
> anything to do with privileged ports ?  I know ssh does.  Or does it depend
> on how the NAT is configured.  This NAT is the one that comes built into the
> router's OS (CBOS).  I'm not using linux for NAT.

I'm clueless about cbos, but linux uses ports 61000-65536 for masqueraded
connections. I've heard about some ISPs blocking these ports and screwing
up people's NAT configurations royally, but this may just be the way Linux
does it. Try running some sort of packet capture util or network monitor
and see what ports cbos tries to use for its NAT.

 > 
> Daniel, did you say you have the same setup and ssh is working ?

I have, as it turns out, not quite the same thing. I have static-IP
DSL, which means that my router is set up in bridging mode, and the actual
NAT is done by a linux box -- a 486 that has been up for almost 40 days at
a time, I might add :). But aside from that, I have both incoming and
outgoing ssh working perfectly. I haven't a clue about how NAT works in
cbos, though, much is the pity, so that's where my expertise stops. Good
luck --

Dan Debertin