connectivity

Kent Borg kentborg at borg.org
Wed Jun 13 08:53:41 EDT 2001


Alex Pennace <alex at pennace.org> wrote:
>Try ssh -P ... If it works you can make this option permanent by
>adding the line "UsePrivilegedPort no" in ~/.ssh/config. See man ssh.

Thanks for the suggestion.  It got me thinking, and I finally got it
working, but I don't entirely undertstand why...

I tried running an sshd on port 2222 (in the tradition of http on
8080), but something about my DSL connection (I think that is the
fault) doesn't let me ssh in to 2222 from the World.  So I looked at
an old port scan of myself and saw that port 1524 is open.  OK, I
tried an sshd on 1524, and voila, I could ssh in from the world to
1524.  I left it running in the background, logged off and went to
bed.

Now at work, I crossed my fingers, and tried to ssh in to port 1524,
and voila again, it worked!  I even launched an emacs window under X.
Not the fastest thing in the world, but as long as I don't use the
mouse it seems possibly as fast as a plain text window and if I do
want to use an emacs menu or click a new cursor position, the round
trip from Burlington to Somerville through DC (last I looked) isn't
*that* bad.  At least at this hour.

This still leaves me with two puzzles:

1) Why, when the telnet into our firewall here at work seemed to say
   port 22 (and 19) is open, sshd doesn't work through either.  I
   figure I need to look at this myself, but I won't turn down
   suggestions.

2) More interesting is why gis.net is filtering ports someplace
   upstream of the DSL firewall in my basement, and how to give them
   sufficient hint to find it and stop it?


gis.net has been quite patient with me in the past, and were even
grateful when I pointed them to the exact page in the DSL modem manual
that explained how to default incoming traffic to a single NATed
machine.

They (gis.net via the DSL CLEC NAS) control the firewall in my
basement, but I believe they currently *do* have nearly all traffic
defaulting one of my internal addresses because the pattern of open
and closed ports is more complex a pattern than my model firewall is
capable of doing.  I say "most" ports because I suspect there is some
filter in place to make a telnet possible into the
router/firewall/modem itself.  Finding and killing that other filter
would be nice.


Still, I am doing ssh through this tangle of filters, and that makes
me happy.


Thanks,

-kb
-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).



More information about the Discuss mailing list