Slashdot Mirror

← Back to Stories (view on slashdot.org)

Life Behind the Firewall Curtain?

Posted by Cliff on from the online-but-unroutable dept.

beegle asks: "After a recent move, I discovered that my only broadband option is a cable company that puts all of its customers behind a NAT box. That means that my ISP gives me a 'private' 10.x.x.x address instead of a routable IP address. I'd like to connect to my machines remotely and use software that depends on a real address (P2P, games, etc.). The ISP doesn't prohibit this, but they're not willing to help, either. I've considered setting up a VPN to a friend's network, but that seems terribly inefficient. What hardware or software would you recommend for those of us who are stuck with 'fake' IP addresses?"

7 of 91 comments (clear)

  1. VPN or bust by Fubar420 · · Score: 5, Informative

    Well, if you want them to be able to connect to you, you're gonna need a routable IP. Period.

    Your choices then are VPN (pptp, etc) or pseudo VPN (ssh, et al.)

    Unless you know someone on the same ISP, who has a RealIP(tm), who can dnat to you, you'd be pretty much hosed :-/

    --
    -- (appended to the end of comments you post, 120 chars)
  2. I know you've discounted it... by dJCL · · Score: 4, Informative

    I know that you've discounted the VPN option, but it could work for you...

    I pay for a dedicated server at a cheap host($29.95/month... there is a catch thou..) and ip address's are cheap there too. You can setup a ppp based vpn that basically lets you act like one of the spare ip address's that you have assigned. (I use a ssh-ppp tunnel myself, and it works great for that.)

    There are cheaper VPS hosting optins out there that you could get a spare IP at and vpn throu that to get your web connection too... I'm sure you could find a $5/month cheap-O pleace and set it up, no one would care, it's not like you will be using a terabyte or so per month bandwidth anytime soon(and if you are, that's your problem to solve).

    Nice advantages of this approach: one server can be used by multiple people, you have a computer with shell access online, you have a web/mail server and my favourite - VNC desktops that you can use from anywhere!(I never close my apps, my copy of thunderbird has an uptime that rivals most systems, and the latest VNC viewer is really rather feature ritch for low bandwidth usage...)

    Anyway...
    Enjoy!

    --
    On Arrakis: early worm gets the bird. Magister mundi sum!
  3. Bug the ISP by JohnGalt00 · · Score: 5, Informative

    Bug the ISP. Call them often and either ask for a real IP address, or ask them how to get your favorite programs to work.

    Oh yeah, and tell us who you're ISP is, so we know to avoid them.

    Are you sure the NAT is to protect the customers, or are they being cheap by not shelling out for enough IP space?

  4. Re:Hardware? by jpmkm · · Score: 4, Informative

    Did you even read the first sentence of his post?

  5. Same thing happened (i thought) by Anonymous Coward · · Score: 5, Informative

    I got a cheap DSL connection, and declined the offer of a static IP ($15/month). When i checked my IP address, i was 192.168.2.79. GREAT, non routable, right?

    WELL! it turns out the DSL Modem had a NAT router built in, and when i was able to configure it, i was able to get a REAL IP address. Of course it changes every few hours, but any Dynamic DNS server can help you there.

    Try to point your browser at your "Gateway" and see if it is yours or if it is shared amongst everyone in your neighborhood. The ISPs like to default people to a "Browse Only" environment, but often real internet is only a few keystrokes away.

  6. SSH Tunnel(s)? by linuxkrn · · Score: 4, Informative

    I wrote up a short artical on how I got past dual one-way NAT connections. It does require a 3rd party that is reachable by both machines.

    http://www.linuxlogin.com/linux/admin/sshtunnels.p hp

    Works great for me. I have my home box run a cronjob and ssh into public box. It checks every 5 mins and reconnects if needed. Using ssh-keys and ssh-agent it is able to auto-login to the remote host. Then just a quick ssh port forward and everything is up and going. On my remote systems I can then ssh into my home box by doing ssh -p 2222 localhost and it is forwarded right to my home machine. You could of course forward more then one port.

  7. How did you confirm this information? by cyber0ne · · Score: 5, Informative

    I found myself in this exact situation once a while back. And when I'd call the ISP I'd usually be on the phone with "tech support" people who didn't even know what an IP was. After a lot of frusteration from not having a real IP, I later discovered that I actually _did_ but it was behind a 1:1 ratio NAT built into the ISP's modem device. I went to http://www.whatismyip.com to discover the public IP that my destinations _thought_ I had, tried to connect to it from an off-site host, and it worked. Maybe you've already tried this, but if you haven't it might be worth a shot.

    --
    http://publicvoidlife.blogspot.com