(Similar Problem)Re: Port forwarding and ssh

Brian Fahrlander brian at fahrlander.net
Sun Oct 17 20:25:59 UTC 2004 

On Sun, 2004-10-17 at 15:16, Bao Cao wrote:
> Hi, 
> 
> I have a similar problem, I can't ssh to the machine
> at home, which is FC2, from work. The answer I got is
> the host is unreachable. But I can ssh to the home
> machine internally, I mean, by "ssh 1.2.3.4", I can
> access to it, just a trick try. Can anybody help me
> how to ssh to the home machine from work(outside)?
> Thanks.
> Sorry for not contributing any to the original
> question. :-(

    This is (until I hear to the contrary) a problem of NAT, and the
understanding of TCP/IP.  We toss around IP addresses like they're all
the same, and they're not.  There are 3-4 sets of addresses your router
has been told NOT to route. One of these is the ever-present 192.168.*.*
band of numbers.

    The idea is to reserve these for local use; from the outside, on
some 'real' IP address that anyone in the world can reach, it's probably
something like blah-blah-blah.net or something, and not being reserved,
packets get there just fine.  But unless you explicitly TELL it what to
do with certain packets (like those for port 22) they'll just wind up in
the bit bucket.

    Linksys routers, those blue-boxes, have a table that lets you route
incoming packets to internal machines. This is almost always called
"port forwarding" but so are some other things, too, sorry.  That's part
of the complexity of learning TCP/IP.  You just need to tell your router
to forward blah-blah-blah.net:22-> 192.168.something.something:22. 
Then, it'll know what to do with it, and the return packets will 'know'
what to do.

    The new IPV6 that's coming out is intended to have enough IP
addresses to literally number all the machines on the planet, and
hopefully this will never be an issue again. Personally, I kinda like
NAT, and the ability to control internal IP addressing, but that's just
me.

   Take a look, perhaps on Google, for "TCP/IP HOWTO" and you'll find
several. 

    Enjoy!
-- 
------------------------------------------------------------------------
Brian Fahrländer                  Christian, Conservative, and Technomad
Evansville, IN                                 http://www.fahrlander.net
ICQ 5119262
AIM: WheelDweller
------------------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20041017/97082f3b/attachment-0001.sig>

More information about the fedora-list mailing list