Date: Mon, 13 Sep 2004 18:42:46 -0400 From: Chuck Swiger <cswiger@mac.com> To: Mark Ovens <marko@freebsd.org> Cc: freebsd-questions@freebsd.org Subject: Re: Quick and simple ssh(1) question Message-ID: <41462266.9000404@mac.com> In-Reply-To: <41460E03.8020408@freebsd.org> References: <41460E03.8020408@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Mark Ovens wrote: > Is it correct that you can't ssh(1) between two machines on the same LAN > (using NAT) _via the Internet?_ > > Strange question I know, but I need to be able to access one of my > machines, postie, remotely. I've got sshd(8) running and can ssh(1) to > it from a local machine using it's local hostname. However, since I only > have a single 'net connection here I tried to test connecting remotely > by ssh(1)'ing to my router's 'net-facing hostname but I get > > ssh: connect to host <router_hostname> port 22: Connection refused > > Port 22 is forwarded to postie on the router. Given time and sufficient determination, you ought to be able to make this work, but it's a real pain-- you need to set up an IP alias on postie for the public IP, not just your internal NAT address, you need to watch out for any anti-spoofing rules and anything blocking the RFC-1918 unroutable IPs commonly used with NAT on the machines involved, and you may even have to set up a host-specific route for the public IP to the NIC/subnet where the machine actually is on your router, as well (if that isn't already implied by the router when forwarding ports to a box, or marking an IP as the "DMZ host", etc, depending on what your router is). Using "split DNS" to return a local IP rather than a public IP when a machine on your LAN asks for a public name is easier to set up. -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?41462266.9000404>