[CLUE-Tech] SSH through Cisco
Randy Arabie
randy at arabie.org
Wed Jan 29 11:04:13 MST 2003
On Wednesday, 29 January 2003 at 10:42:12 -0700, Sean LeBlanc <seanleblanc at americanisp.net> wrote:
> On 01-26 14:30, David Anselmi wrote:
> > Sean LeBlanc wrote:
> > [...]
> > >bash-2.05$ ssh -v foo at 10.0.0.1
> >
> > This doesn't work. Your nat entry is only between the outside IP
> > (wan0-0) and the inside. You have to use the outside IP as the
> > destination for ssh.
> >
> > You may be able to set up a nat entry with a specific outside IP of
> > 10.0.0.1 (set nat entry add 10.0.0.2 22 10.0.0.1 22 tcp). But that may
> > be routed differently so it may not work.
> >
> > Likely the reason you can't ssh to the outside IP is that Americanisp
> > blocks well known ports unless you have an "advanced" account. If you
> > don't need to use port 22 on the outside you can set it up on another
> > >1024. Or at least do that to test it.
> >
> > Americanisp has a mail list for "network notifications". The only
> > notice I saw of their change in account policies (to block well known
> > ports) was on that list the day the change went into effect. Very poor
> > customer service, IMHO.
>
> BTW: that was it. I missed that announcement, and I suppose that's why it
> worked back in August, and not now...port 22 is blocked by AmISP.
It will cost you $5/mo extra to have them open inbound server ports.
That is understandable...to an extent. I pay it cause I run my own
website and email. But, if I were only wanting to ssh into my home box
I would consider that extra $ a bit excessive. Seems they could leave
port 22 open for no extra charge, IMO it doesn't quite fit their server
limitiation criteria.
Paying the extra to have them open the server ports also puts you under
metered bandwith restrictions (30GB/mo). You are billed extra for
exceeding the limit. That is aggregate bandwidth (Up & Down). So far,
I've not exceeded it. My website has pretty limited traffic. My
thought is if they are worried about bandwidth they should focus on the
Peer-to-Peer filesharing apps.
IMHO, if they want to manage bandwidth they should just open all ports
and meter everyone.
--
Allons Rouler!
Randy
http://www.arabie.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://cluedenver.org/pipermail/clue-tech/attachments/20030129/5b2efb38/attachment.bin
More information about the clue-tech
mailing list