[CLUE-Tech] SSH through Cisco
Sean LeBlanc
seanleblanc at americanisp.net
Sat Feb 1 13:09:22 MST 2003
On 01-29 11:04, Randy Arabie wrote:
> On Wednesday, 29 January 2003 at 10:42:12 -0700, Sean LeBlanc <seanleblanc at americanisp.net> wrote:
> > On 01-26 14:30, David Anselmi wrote:
> > > Sean LeBlanc wrote:
> > > [...]
> > > >bash-2.05$ ssh -v foo at 10.0.0.1
> > >
> > > This doesn't work. Your nat entry is only between the outside IP
> > > (wan0-0) and the inside. You have to use the outside IP as the
> > > destination for ssh.
> > >
> > > You may be able to set up a nat entry with a specific outside IP of
> > > 10.0.0.1 (set nat entry add 10.0.0.2 22 10.0.0.1 22 tcp). But that may
> > > be routed differently so it may not work.
> > >
> > > Likely the reason you can't ssh to the outside IP is that Americanisp
> > > blocks well known ports unless you have an "advanced" account. If you
> > > don't need to use port 22 on the outside you can set it up on another
> > > >1024. Or at least do that to test it.
> > >
> > > Americanisp has a mail list for "network notifications". The only
> > > notice I saw of their change in account policies (to block well known
> > > ports) was on that list the day the change went into effect. Very poor
> > > customer service, IMHO.
> >
> > BTW: that was it. I missed that announcement, and I suppose that's why it
> > worked back in August, and not now...port 22 is blocked by AmISP.
>
> It will cost you $5/mo extra to have them open inbound server ports.
> That is understandable...to an extent. I pay it cause I run my own
> website and email. But, if I were only wanting to ssh into my home box
> I would consider that extra $ a bit excessive. Seems they could leave
> port 22 open for no extra charge, IMO it doesn't quite fit their server
> limitiation criteria.
>
> Paying the extra to have them open the server ports also puts you under
> metered bandwith restrictions (30GB/mo). You are billed extra for
> exceeding the limit. That is aggregate bandwidth (Up & Down). So far,
> I've not exceeded it. My website has pretty limited traffic. My
> thought is if they are worried about bandwidth they should focus on the
> Peer-to-Peer filesharing apps.
Thanks for the info. You wouldn't happen to have a link to AmISP's website
where they lay out all this, would you? Their site is, er, just a tad
byzantine...if I were to judge them on the website instead of the
word-of-mouth via CLUE, I'd never have chosen them. :)
I wonder if anyone who was slashdotted ever got a big bill from their ISP?
Yes, I think paying $5/month to only ssh home is a tad expensive. If/when I
find myself gainfully employed again, though, I will probably pay it,
though...it's nice to be able to check mail and especially to post/read
Usenet (I am still surprised when companies don't get Usenet access,
especially when those companies deal specifically with technology. You can
post and read through Google groups, but with the delay, you might as well
do it from home) I suppose it's understandable from the ISP's viewpoint: I
*could* scp or sftp large files from that ssh server. But I could also ftp
stuff elsewhere while at home - either way, it's still going upstream.
The extra space to run a site would be nice...they only give you 10M on
their side. I have many pics from past 14er excursions I'd like to put up.
--
Sean LeBlanc:seanleblanc at americanisp.net
http://users.americanisp.net/~seanleblanc/
Get MLAC at: http://sourceforge.net/projects/mlac/
There are no real secrets - only obfuscations.
More information about the clue-tech
mailing list