Quick and simple ssh(1) question
Chuck Swiger
cswiger at mac.com
Mon Sep 13 15:43:03 PDT 2004
Mark Ovens wrote:
> Is it correct that you can't ssh(1) between two machines on the same LAN
> (using NAT) _via the Internet?_
>
> Strange question I know, but I need to be able to access one of my
> machines, postie, remotely. I've got sshd(8) running and can ssh(1) to
> it from a local machine using it's local hostname. However, since I only
> have a single 'net connection here I tried to test connecting remotely
> by ssh(1)'ing to my router's 'net-facing hostname but I get
>
> ssh: connect to host <router_hostname> port 22: Connection refused
>
> Port 22 is forwarded to postie on the router.
Given time and sufficient determination, you ought to be able to make this
work, but it's a real pain-- you need to set up an IP alias on postie for the
public IP, not just your internal NAT address, you need to watch out for any
anti-spoofing rules and anything blocking the RFC-1918 unroutable IPs commonly
used with NAT on the machines involved, and you may even have to set up a
host-specific route for the public IP to the NIC/subnet where the machine
actually is on your router, as well (if that isn't already implied by the
router when forwarding ports to a box, or marking an IP as the "DMZ host",
etc, depending on what your router is).
Using "split DNS" to return a local IP rather than a public IP when a machine
on your LAN asks for a public name is easier to set up.
--
-Chuck
More information about the freebsd-questions
mailing list