create inbound tunnel through firewall.

have a machine at home on ADSL. The service provider has suddenly decided
to switch from public IP addresses to non-routable addresses, without any
warning. Now, part of what I need to do is to connect from outside (eg from
my work system) to that home machine, and also to have mail delivery to and
from that home machine from the work machine.
I can ssh out to my work machine from home, but obviously not the other
way. Is there some way that I can ssh from home to work and then use that
open connection to connect to the home machine from the work machine?
Eg to allow mail delivery from work to home, or allow me to work on the
home system from work?

Thanks.

On 17 Jun 2005 22:31:00 GMT, Unruh wrote:
> have a machine at home on ADSL. The service provider has suddenly decided
> to switch from public IP addresses to non-routable addresses, without any
> warning.

Really?
How do web page packets get back to your box.

I guess they could have a big NAT box.

I would goto
http://gemal.dk/browserspy/
when you get home, to see what your ip address really is.

I remember when I was on dialup, I would dial in to work and fire up a
xterm then drive in. Once there I would use ps to find the xterm connection
and get the display value. That was about 6 years ago and cannot
remember the details.

Unruh wrote:
> have a machine at home on ADSL. The service provider has suddenly decided
> to switch from public IP addresses to non-routable addresses, without any
> warning. Now, part of what I need to do is to connect from outside (eg from
> my work system) to that home machine, and also to have mail delivery to and
> from that home machine from the work machine.
> I can ssh out to my work machine from home, but obviously not the other
> way. Is there some way that I can ssh from home to work and then use that
> open connection to connect to the home machine from the work machine?
> Eg to allow mail delivery from work to home, or allow me to work on the
> home system from work?
>
> Thanks.
>

Why not run a tunnel from the home machine to work? Then stuff whatever
you want down the tunnel.

vtun.sf.net is what I use but it doesn't seem to be maintained much
anymore...

openvpn seems to be the replacement for it. It doesn't matter which way
the tunnel is running, it's symmetric....

Bit Twister <(E-Mail Removed)> writes:

>On 17 Jun 2005 22:31:00 GMT, Unruh wrote:
>> have a machine at home on ADSL. The service provider has suddenly decided
>> to switch from public IP addresses to non-routable addresses, without any
>> warning.

>Really?
>How do web page packets get back to your box.

>I guess they could have a big NAT box.

Yup.


>I would goto
> http://gemal.dk/browserspy/
>when you get home, to see what your ip address really is.

The address of their nat box, which of course does nothing for me.


>I remember when I was on dialup, I would dial in to work and fire up a
>xterm then drive in. Once there I would use ps to find the xterm connection
>and get the display value. That was about 6 years ago and cannot
>remember the details.

Unruh wrote:

> have a machine at home on ADSL. The service provider has suddenly decided
> to switch from public IP addresses to non-routable addresses, without any
> warning. Now, part of what I need to do is to connect from outside (eg
> from my work system) to that home machine, and also to have mail delivery
> to and from that home machine from the work machine.
> I can ssh out to my work machine from home, but obviously not the other
> way. Is there some way that I can ssh from home to work and then use that
> open connection to connect to the home machine from the work machine?
> Eg to allow mail delivery from work to home, or allow me to work on the
> home system from work?
>
> Thanks.

You can use one of the free DNS services around. Type free dns in google
search field and pick one.

During bootup you send your IP to the DNS provider of your choice, and your
domainname gets updated.

Benny

Unruh wrote:

> have a machine at home on ADSL. The service provider has suddenly decided
> to switch from public IP addresses to non-routable addresses, without any
> warning. Now, part of what I need to do is to connect from outside (eg
> from my work system) to that home machine, and also to have mail delivery
> to and from that home machine from the work machine.
> I can ssh out to my work machine from home, but obviously not the other
> way. Is there some way that I can ssh from home to work and then use that
> open connection to connect to the home machine from the work machine?
> Eg to allow mail delivery from work to home, or allow me to work on the
> home system from work?

While you may be able to use ssh for some things, such as mail, why not use
a proper vpn? Many distros include OpenVPN and there's also a version
available for Windows. The only thing you'll have to remember, is that the
vpn has to be initiated from your home, because of the address translation.

Incidentally, those "non-routable" addresses route just fine. However,
they're supposed to be blocked before reaching the internet. There's
nothing about them, that inherently prevents routing.

Captain Dondo wrote:

> openvpn seems to be the replacement for it. It doesn't matter which way
> the tunnel is running, it's symmetric....

It will have to be initiated by the home system, because of the address
translation.

Benny Nielsen wrote:

>> have a machine at home on ADSL. The service provider has suddenly
>> decided
>> to switch from public IP addresses to non-routable addresses, without any
>> warning. Now, part of what I need to do is to connect from outside (eg
>> from my work system) to that home machine, and also to have mail delivery
>> to and from that home machine from the work machine.
>> I can ssh out to my work machine from home, but obviously not the other
>> way. Is there some way that I can ssh from home to work and then use that
>> open connection to connect to the home machine from the work machine?
>> Eg to allow mail delivery from work to home, or allow me to work on the
>> home system from work?
>>
>> Thanks.
>
> You can use one of the free DNS services around. Type free dns in google
> search field and pick one.

Given that he's got one of those RFC1918 local network addresses, that won't
do him any good, as he can't be reached from outside his ISPs network.

James Knott wrote:

> Benny Nielsen wrote:
>
>>> have a machine at home on ADSL. The service provider has suddenly
>>> decided
>>> to switch from public IP addresses to non-routable addresses, without
>>> any warning. Now, part of what I need to do is to connect from outside
>>> (eg from my work system) to that home machine, and also to have mail
>>> delivery to and from that home machine from the work machine.
>>> I can ssh out to my work machine from home, but obviously not the other
>>> way. Is there some way that I can ssh from home to work and then use
>>> that open connection to connect to the home machine from the work
>>> machine? Eg to allow mail delivery from work to home, or allow me to
>>> work on the home system from work?
>>>
>>> Thanks.
>>
>> You can use one of the free DNS services around. Type free dns in google
>> search field and pick one.
>
> Given that he's got one of those RFC1918 local network addresses, that
> won't do him any good, as he can't be reached from outside his ISPs
> network.

Well he said he could with fixed IP. The suggestion just updates the IP
behind a given DNS name.
To reach a given computer on a LAN, you will have to redirect port 22 (for
ssh) to that computer.

Benny

Unruh wrote:

[...]
> I can ssh out to my work machine from home, but obviously not the other
> way. Is there some way that I can ssh from home to work and then use that
> open connection to connect to the home machine from the work machine?
> Eg to allow mail delivery from work to home, or allow me to work on the
> home system from work?
>

Yes.

ssh -N -R 12345:localhost:22 your-work-machine

will connect to your system at work and establish tunnel from port 12345
there to port 22 (ssh) on your local system. Now you can do everything
including setting up new tunnels from work to your home system.

There is a software (http://www.harding.motd.ca/autossh/) to monitor SSH
tunnel and restart it if needed; I have not used it myself. There are also
numerous frontends that help to setup and manage multiple SSH tunnels.

Beware that your provider is likely to drop connections once in a while
which may result in new mapping so old connections won't work. Here autossh
may be useful.

=arvi=