From owner-freebsd-questions@FreeBSD.ORG Thu Sep 30 21:38:32 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A808316A4CF for ; Thu, 30 Sep 2004 21:38:32 +0000 (GMT) Received: from o2.hostbaby.com (o2.hostbaby.com [208.187.29.121]) by mx1.FreeBSD.org (Postfix) with SMTP id 6539243D3F for ; Thu, 30 Sep 2004 21:38:32 +0000 (GMT) (envelope-from ceo@l-i-e.com) Received: (qmail 20688 invoked by uid 1001); 30 Sep 2004 21:38:35 -0000 Received: from 67.167.52.21 (SquirrelMail authenticated user ceo@l-i-e.com); by www.l-i-e.com with HTTP; Thu, 30 Sep 2004 14:38:35 -0700 (PDT) Message-ID: <2065.67.167.52.21.1096580315.squirrel@www.l-i-e.com> In-Reply-To: <20040930095458.54176.qmail@web51609.mail.yahoo.com> References: <20040930095458.54176.qmail@web51609.mail.yahoo.com> Date: Thu, 30 Sep 2004 14:38:35 -0700 (PDT) From: "Richard Lynch" To: "Mark Jayson Alvarez" User-Agent: Hostbaby Webmail X-Mailer: Hostbaby Webmail MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal cc: freebsd-questions@freebsd.org Subject: Re: Is there a reverse Network Address Translation??? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: ceo@l-i-e.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Sep 2004 21:38:32 -0000 Mark Jayson Alvarez wrote: > Hi, > I wan't to access my pc at work from home through > freebsd's sshd. Is it possible?, knowing that it > doesn't have a public ip address? That workstation of > mine is only gaining internet access through LAN > servers and routers. Will it help if I know the > gateway ip where my workstation passes through and the > proxy as well as dns server's ip's? I know its > possible but I can't imagine the process, perhaps > something like a reverse network address > translation... Any idea? I think you would need to have the public IP LAN server/router ready, willing, and able to port-forward SSH packets to your personal workstation. Your work IT Administrator may, or may not, be willing to set this up for you. If *YOU* control the public-IP LAN gear at work, you need to set them up to "port-forward" anything on some port that the public-IP LAN gear isn't using to your desktop workstation. You'd think that SSH needs port 22, but if that's already in use, you can: 1. Configure the public-IP to accept/forward port 222 (or whatever) to your desktop workstation. 2. Configure sshd on the desktop workstation to accept traffic on 222 and use sshd to handle that traffic. 3. Use ssh -p 222 USER@PUBLIC_IP at home to log in to the desktop at work. The PUBLIC IP box gets the connection on 222, forwards it to your desktop, and you're in like Flynn. If the "PUBLIC" IP is dynamic (IE, cable modem, DSL, etc) you can also set up software to create a valid domain name for it using something like: http://dyndns.org or one of a few dozen other similar services. In that case, you'd install a small client on the PUBLIC IP box which will notify the DynDNS folks whenever your IP changes, then they update the DNS routing tables for you, and Whammo! you don't really care that your IP is dynamic because they tied a domain name to it for you. If you can't alter the PUBLIC IP LAN gear at work, then I don't think you can manage to ssh in to your desktop box. -- Like Music? http://l-i-e.com/artists.htm