Date: Mon, 10 Mar 2003 23:09:14 -0800 From: James Long <list@museum.rain.com> To: Ryan Thompson <ryan@sasknow.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: SSH to a box behind NAT Message-ID: <20030310230914.A53656@ns.museum.rain.com> In-Reply-To: <20030310224025.L34446-100000@ren.sasknow.com>; from ryan@sasknow.com on Mon, Mar 10, 2003 at 11:32:00PM -0600 References: <20030310224025.L34446-100000@ren.sasknow.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Mar 10, 2003 at 11:32:00PM -0600, Ryan Thompson wrote: > > (So, it is not possible, for instance, to set up port based NAT for > inbound SSH, which is one of two things I'd normally do). The server > can, however, initiate arbitrary outbound connections. Then I'd suggest creating a ppp-over-ssh tunnel ala Greg Bond's http://www.itga.com.au/~gnb/vpn/ Have (Server) initiate the tunnel, and let the other end of the tunnel terminate at (Manager). You can then use the tunnel to effectively bypass the NT NAT box. > <--- NAT ---> > [ Server ] --- [ NT Gateway ] --- { Internet } --- [ Manager ] > 192.168.0.2 192.168.0.1 207.1.1.1 > 24.1.1.1 tun0 tun0 172.16.16.1 <------------------------------------> 172.16.16.2 Once the tunnel comes up, (Manager) should be able to ssh at will into 172.16.16.1 interactively. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030310230914.A53656>