On 26 Sep 2006, in the Usenet newsgroup comp.os.linux.networking, in article
<(E-Mail Removed) .com>,
(E-Mail Removed) wrote:
>I have verizon dsl with a westell modem. Verizon assigns a dynamic IP
>address to me on occasion. I get the dynamic IP address (X.X.X.X) for
>my machine from showipaddress.com. I can ssh to the machine from a
>machine outside my home's local network with no problem.
Your westell modem is acting as a NAT router, taking packets from the
Internet addressed to the apparent SSH server on (example) 70.19.144.200:22
and forwarding them to the actual SSH daemon on 192.168.Y.Y. Normal,
though sometimes restricted by some ISPs.
>I can ssh to the machine from itself and machines local to my home's
>local network but only using "localhost" and the machine's local ip
>address (192.168.Y.Y).
and if you ran a traceroute or sniffed the wire with tcpdump, you'd see the
packets going direct to the SSH server.
>When I try to ssh to my machine using the dynamic IP address of verizon
>from inside my home's network, I get a connection refused.
Tcpdump, or traceroute would provide the clues here. You are trying to
connect to the _apparent_ server on the outside of your westell modem
(which gets forwarded to 192.168.Y.Y). The router knows that your
192.168.Y.Y can't appear on the Internet, and is NATing that to an
Internet address such as 70.19.144.200, then realizes you are trying to
connect to the inside server from an inside address, and is getting pissed
that you are wasting it's time and CPU cycles. The tcpdump output _might_
show it sending back an ICMP Type 5 (Redirect) message telling you to send
your packets directly and not bother the router. This is normal behavior
of any routing system when it discovers the the source and destination of
a packet are on the same hardware interface.
Solution: Don't do that.
Old guy
Similar Threads
Linear Mode
