Is there a way to ssh in to a computer behind a NAT router? I'm trying to ssh in to my Linux box from work but my arse of a NAT router screws that up and although its meant to allow port-forwarding the software is so buggy it never works. I don't want to have to try and figure out the CLI for it because it looks like a PIA.

Any suggestions welcome.

Is there a way to ssh in to a computer behind a NAT router?

Yes. Allow your NAT router to accept SSH connections - open port 22. Once you've established and logged into the sessioin, open a second session to any machine inside your NAT. you may have to tweak your firewall so that both your internal and external NICs can pass port 22 traffic.

You really should use a different username/password to log into the second machine too. That way, if your NAT router is ever compromised, the bad guys have to work a little harder before they can compromise your entire network.


I don't want to have to try and figure out the CLI for it because it looks like a PIA.

Umm. What?

Originally posted by vttimwhite
Is there a way to ssh in to a computer behind a NAT router?

Yes. Allow your NAT router to accept SSH connections - open port 22. Once you've established and logged into the sessioin, open a second session to any machine inside your NAT. you may have to tweak your firewall so that both your internal and external NICs can pass port 22 traffic.

You really should use a different username/password to log into the second machine too. That way, if your NAT router is ever compromised, the bad guys have to work a little harder before they can compromise your entire network.


I don't want to have to try and figure out the CLI for it because it looks like a PIA.

Umm. What?

Ah... sorry. I wasn't very clear. My (ADSL) NAT router is a beige box, a dedicated piece of hardware, a hub-like device. I can telnet in to it and issue some obscure and complicated commands. Its not a Linux box used for routing, is what I'm saying.

What I'm asking is that if I setup a PC with an ssh host can I reach it in any way from an ssh windows client if its 'hidden' behind a NAT router? I'm guessing the answer is either "no" or "yes - if you port-forward to that computer" but confirmation or, preferably, an alternative would be good.

Thanks for you help so far, you seem to be answering most of the questions in this forum! :)

I will assume that the IP addresses on the private network are in fact private. That is 192.168.x.x, or 10.x.x.x, or 172.16.x.x addresses. If that is correct, you are out of luck unless you port-forward to the machine inside.

I don't know enough about your beige box router to help you there. Sorry. A very (very!) simple Linux install could replace your NAT router if that is an option.

-vttimwhite

Originally posted by vttimwhite

I don't know enough about your beige box router to help you there. Sorry. A very (very!) simple Linux install could replace your NAT router if that is an option.


Ironically I've just sold what used to be my Linux box. I'll just have to learn the obfusticated POS that is my ADSL router. The main problem is that the GUI tool is buggy, the web-interface doesn't setup port-forwards and the command line interface is unique to this router and a bit of a *****. I guess its something to do in my boring nightshift...

Thanks anyway. :)