[CLUE-Tech] SSH through Cisco
Sean LeBlanc
seanleblanc at americanisp.net
Wed Jan 29 10:42:12 MST 2003
On 01-26 14:30, David Anselmi wrote:
> Sean LeBlanc wrote:
> [...]
> >bash-2.05$ ssh -v foo at 10.0.0.1
>
> This doesn't work. Your nat entry is only between the outside IP
> (wan0-0) and the inside. You have to use the outside IP as the
> destination for ssh.
>
> You may be able to set up a nat entry with a specific outside IP of
> 10.0.0.1 (set nat entry add 10.0.0.2 22 10.0.0.1 22 tcp). But that may
> be routed differently so it may not work.
>
> Likely the reason you can't ssh to the outside IP is that Americanisp
> blocks well known ports unless you have an "advanced" account. If you
> don't need to use port 22 on the outside you can set it up on another
> >1024. Or at least do that to test it.
>
> Americanisp has a mail list for "network notifications". The only
> notice I saw of their change in account policies (to block well known
> ports) was on that list the day the change went into effect. Very poor
> customer service, IMHO.
BTW: that was it. I missed that announcement, and I suppose that's why it
worked back in August, and not now...port 22 is blocked by AmISP.
--
Sean LeBlanc:seanleblanc at americanisp.net
http://users.americanisp.net/~seanleblanc/
Get MLAC at: http://sourceforge.net/projects/mlac/
You may have heard that a dean is to faculty as a hydrant is to a dog.
-Alfred Kahn
More information about the clue-tech
mailing list