Life Behind the Firewall Curtain? 91
beegle asks: "After a recent move, I discovered that my only broadband option is a cable company that puts all of its customers behind a NAT box. That means that my ISP gives me a 'private' 10.x.x.x address instead of a routable IP address. I'd like to connect to my machines remotely and use software that depends on a real address (P2P, games, etc.). The ISP doesn't prohibit this, but they're not willing to help, either. I've considered setting up a VPN to a friend's network, but that seems terribly inefficient. What hardware or software would you recommend for those of us who are stuck with 'fake' IP addresses?"
VPN or bust (Score:5, Informative)
Your choices then are VPN (pptp, etc) or pseudo VPN (ssh, et al.)
Unless you know someone on the same ISP, who has a RealIP(tm), who can dnat to you, you'd be pretty much hosed
Proxy Out (Score:5, Interesting)
After a couple hacking incidents and virus outbreaks, my school decided to impose a firewall on everyone which put a stop to gaming with anyone off campus. Anyway, those of us lucky enough to have a cable modem or dsl at home just set up proxys on those boxes and used SocksCap [permeo.com] to make programs using winsock transparently go through and use the proxy instead of trying to get to the net from the firewall.
Sounds like it'd be a good solution for you to do something similar.
Game performance took a hit though, because of all the extra hops that added.
Re:Proxy Out (Score:3, Informative)
It isn't going to help the original poster with INBOUND connections though, which is obviously his primary concern. For that it seems like VPN/SSH will be necessary... I doubt it's fast enough going all the way out to your fr
What the fuck? (Score:5, Insightful)
Re:What the fuck? (Score:2)
Behind a firewall, with 10gig/month at 30$CAN... But you get Uni Access which is blinding fast...
Re:What the fuck? (Score:3, Informative)
Re:What the fuck? (Score:2)
Well, my router has a real IP. I don't think there's anyone in town a lot cheaper than Earthlink, too. I've been very happy with them; he should look into switching, if possible,
Re:What the fuck? (Score:2)
Re:What the fuck? (Score:1)
whois -h whois.pir.org beegle.org
Registrant Name:William Beegle
Registrant Street1:#### Hobart St. Apt. #
Registrant City:Pittsburgh
Registrant State/Province:PA
Registrant Postal Code:#####
Registrant Country:US
Registrant Phone:+1.412#######
Registrant Email:wbeegle+dns@-----.com
You might find him at Carnegie Mellon University Computing Services:
5000 Forbes Avenue
Cyert Hall 285
Pittsburgh PA 15213
Administrative Office Main Number: 412.268.2638
His phone number is: x8-4419.
He may
Mod: -1: The Universe doesn't revolve around you (Score:1, Flamebait)
The alternative is a firewall. Which might make more sense to you, but it's a less reliable solution, and one that creates problems of its own.
Re:Mod: -1: The Universe doesn't revolve around yo (Score:1, Flamebait)
Take solace in the fact that this is slashdot, and those who modded you down probably don't know what NAT means, and are just flexing their mod-muscles in the face of someone who knows better. I agree with you - some ISPs don't want the liability and extra work open IPs cause. I think the stance the company is taking is perfectly understandable. Again, being slashdot, if a company acts in a way that doesn't benefit the /. community in a rapid fashion, there must be something wrong
Re:Mod: -1: The Universe doesn't revolve around yo (Score:2)
Re:Mod: -1: The Universe doesn't revolve around yo (Score:2)
Re:Mod: -1: The Universe doesn't revolve around yo (Score:2)
Re:Mod: -1: The Universe doesn't revolve around yo (Score:3, Interesting)
If they're going to be in the INTERNET SERVICE provider business, they need to provide INTERNET SERVICE. Internet service means they carry IPv4 packets from you to anywhere you want on the internet and back again. *All* of them. If they aren't doing that then they aren't really providing internet service.
Re:Mod: -1: The Universe doesn't revolve around yo (Score:2)
Re:Mod: -1: The Universe doesn't revolve around yo (Score:2)
In common sense. What do you think "internet service" means? carrying just some of your internet traffic? Would that not be partial internet service?
Re:Mod: -1: The Universe doesn't revolve around yo (Score:3, Interesting)
Re:Mod: -1: The Universe doesn't revolve around yo (Score:2)
A grocery store? That analogy made no sense whatsoever. That is not my logic at all. Carrying every conceivable grocery isn't implied in the term "grocery store"
"internet serv
Re:Mod: -1: The Universe doesn't revolve around yo (Score:2)
I could argue you with you point by point, but why should I bother? You're insisting on words that have meanings that suit your arguments. Not a productive discussion.
Re:Mod: -1: The Universe doesn't revolve around yo (Score:2)
Yes - exactly. Or more specificly, carrying every kind of internet packet is implied by "internet service". I don't expect an ISP to carry IPX/SPX frames to my friend's house to play an old video game. Just internet (ipv4) packets.
Imagine signing up for local phone service. Just plain old local phone service. You try to call some 1-800 tech support number, but you hear a message saying "sorry, we don't
I hear its nice.... (Score:1)
I hear its nice in Vancouver....
now all i need is a job in Vancouver...
I know you've discounted it... (Score:4, Informative)
I pay for a dedicated server at a cheap host($29.95/month... there is a catch thou..) and ip address's are cheap there too. You can setup a ppp based vpn that basically lets you act like one of the spare ip address's that you have assigned. (I use a ssh-ppp tunnel myself, and it works great for that.)
There are cheaper VPS hosting optins out there that you could get a spare IP at and vpn throu that to get your web connection too... I'm sure you could find a $5/month cheap-O pleace and set it up, no one would care, it's not like you will be using a terabyte or so per month bandwidth anytime soon(and if you are, that's your problem to solve).
Nice advantages of this approach: one server can be used by multiple people, you have a computer with shell access online, you have a web/mail server and my favourite - VNC desktops that you can use from anywhere!(I never close my apps, my copy of thunderbird has an uptime that rivals most systems, and the latest VNC viewer is really rather feature ritch for low bandwidth usage...)
Anyway...
Enjoy!
ouch, smart ISP though (Score:1)
Most apps including some p2p and games should be ok. But you can forget running a server. You can't even ask your ISP to open certain ports to you (incoming I mean) because then they'll be taking that option away from other customers. Like if they redirect port 21 to you, that means all other customers wouldn't be able to ask for port 21. I j
Re:ouch, smart ISP though (Score:2)
Re:ouch, smart ISP though (Score:2)
I mean it will restrict port 80 as an open server to others if he asks to run a webserver. Stateful packet inspection doesn't apply in that case, and it isn't fair to the other users.
No it won't affect websurfing.
Re:Port mapping (Score:1, Redundant)
Re:Port mapping (Score:2)
Re:Port mapping (Score:1, Funny)
Sure, he could go buy a Linksys router himself, but the $50 for it is a lot of money for something he'd really only use to beat you over the head with.
Re:Port mapping (Score:1)
Yes.
Re:Port mapping (Score:1, Informative)
Comment removed (Score:4, Funny)
Re:Hardware? (Score:5, Informative)
Re:Hardware? (Score:1)
It's implied from the post (which I suggest you actually read) that such a course of action would require moving again. While not impossible, the circumstances surrounding one's residence (local employment, affordability, etc.) are a lot to weigh against having a public IP.
Unless you're suggesting that the poster go with dial-up, though that's not much of an option either...
Re:Hardware? (Score:1)
Go with IP6 (Score:2, Insightful)
Re:Go with IP6 (Score:1)
Do you know how most of those tunnels work?
I think not.
Last time I tried, there were no "publicly" offered tunnels available which would work even over a firewalled Public-IP connection, which is one step less evil than a NAT connection.
Sure, you can use a PPP tunnel and push IPv6 over that, but you could just as easily push IPv4 over that, as previously suggested here. You'd either way need an external machine on the real-Internet and not the fake NAT deal.
This reminds me
Re:Go with IP6 (Score:1)
I know how the tunnel works. The original poster didn't reveal his ISP, so neither you nor I have any idea if he has a facility to tunnel IP6. If you do your homework, you will see that some ISP's provide this to their customers. Hurricane Electric is one that comes up on a Google search.
If his ISP provides this to the customers, then it won't matter if he's NAT or not. He will have a static IP on the IPv6 Internet.
Personally, I'd recommend (Score:2)
Re:Personally, I'd recommend (Score:1)
Re:Personally, I'd recommend (Score:2)
Bug the ISP (Score:5, Informative)
Oh yeah, and tell us who you're ISP is, so we know to avoid them.
Are you sure the NAT is to protect the customers, or are they being cheap by not shelling out for enough IP space?
IP over IP tunnels? (Score:2)
Firefox is an excellent choice. (Score:1, Redundant)
If they will give you a port (Score:3, Interesting)
Re:If they will give you a port (Score:3, Interesting)
Re:If they will give you a port (Score:1)
Go read RFC 1597 [faqs.org] before you continue to wax idiotic.
Depends on what kind of NAT (Score:3, Insightful)
P2P is going to be somewhat of a problem. But only for people trying to connect to you. Some of the modern P2P protocols can work around it (by way of you initiating the outgoing connection). Other than that all the P2P stuff I have used worked (although I'm not a big P2P user).
All in all, NAT isn't that bad and most of the time I don't even notice it's there. It's my NAT box though, so it's a little different. However, I haven't done any special configuration other than allowing the occasional VNC/SSH connection to internal machines.
Same thing happened (i thought) (Score:5, Informative)
WELL! it turns out the DSL Modem had a NAT router built in, and when i was able to configure it, i was able to get a REAL IP address. Of course it changes every few hours, but any Dynamic DNS server can help you there.
Try to point your browser at your "Gateway" and see if it is yours or if it is shared amongst everyone in your neighborhood. The ISPs like to default people to a "Browse Only" environment, but often real internet is only a few keystrokes away.
Re:Your only option is to ... (Score:2)
I would suggest, though, that people who are moving scope out the ISP and broadband provider scene before they settle on a place. At least try to live somewhere where yo
Re:Your only option is to ... (Score:1)
That's common sense, man--you won't last long here posting stuff like that :).
Re:Your only option is to ... (Score:2)
'Course, I could blow all that karma in one fell swoop, and have been known to write vitrolic rants against my former home country (i have, at least temporarily, escaped) of Soviet Canuckistan (which elicit an amusing war of mods between insightful, informative, and flamebait), but somehow I manage to balance political views with technical information.
Then aga
Re:Your only option is to ... (Score:1)
Re:Your only option is to ... (Score:2)
I tried this in 1998. I was moving to a city where PacBell had announced 3 months prior they would roll out DSL, along with all the standard "3 miles away" stuff. I wanted to know roughly where the service areas were, so that as we looked at rentals, one additional consideration would be availability of broadband. So, call customer service.
Drone: "Thank you for being a victi
Re:Your only option is to ... (Score:3, Informative)
That's exactly what I did when I went looking for a house in the Seattle, WA area. When we narrowed down our choices to a few houses, we had our agent approach the seller's agent asking for permission to check if DSL service was available to that current number. In this area it is normal for sellers to be present when buyers view
SSH tunneling (Score:3, Interesting)
SSH Tunnel(s)? (Score:5, Informative)
http://www.linuxlogin.com/linux/admin/sshtunnels.
Works great for me. I have my home box run a cronjob and ssh into public box. It checks every 5 mins and reconnects if needed. Using ssh-keys and ssh-agent it is able to auto-login to the remote host. Then just a quick ssh port forward and everything is up and going. On my remote systems I can then ssh into my home box by doing ssh -p 2222 localhost and it is forwarded right to my home machine. You could of course forward more then one port.
Re:SSH Tunnel(s)? (Score:2)
Re:SSH Tunnel(s)? (Score:1)
http://www.winton.org.uk/zebedee/
How did you confirm this information? (Score:5, Informative)
Re:How did you confirm this information? (Score:2)
Very Likely (Score:2)
Many cable companies don't care what you have for a cable modem. Go get a new one at BestBuy if theirs is closed and see if it works. You might need to register its ID with the cable company. I'm not sure if it's a MAC address or not, if it is MAC spoofing might be easier.
You can then setup port forwarding for the services you wish to use.
State of the art for Microsoft connectivity? (Score:2)
What's the state of the art of Microsoft connectivity from behind a NAT router?
Time was, NT domain controllers couldn't talk to each other if at least one of them was behind a NAT, and I think that was true for at least the early versions of Active Directory.
Nowadays, can you get remote domain controllers [respectively - Active Directory controllers] to talk to each under something like the following?
If not OpenSSL, then insert your favorite encryption
Re:State of the art for Microsoft connectivity? (Score:1)
Dialup (Score:1, Troll)
Commercial Service (Score:1)
Re:Commercial Service (Score:2)
Sigh. A bit more than the $80 I budgeted, but O.K., I'll bite.
They refused to sell me the service even though I was willing to pay for it.
Turns out I got a better de
Re:Commercial Service (Score:1)
Re:Commercial Service (Score:2)
Though, their lowest grade of biz. service did not include QoS guarantees, so it wasn't a question of being on the wrong circuit (connected to redundant equipment, etc.) or anything.
Re:Commercial Service (Score:1)
Re:Commercial Service (Score:3, Insightful)
Consider what is possible if you hack TCP/IP to permit opining an inbound connection with merely a TCP ACK with the right sequence number (which was published on a P2P network when you "open" the non-standard port). The first respondant to connect "wins"
Re:Commercial Service (Score:2)
Generally, if the phone line isn't business rate, they can't put business rate DSL on it.
Similarly, if the phone line isn't residential rate, one can't but residential DSL on it.
OpenVPN (Score:1)
SSH (Score:2)
As far as your VPN (or SSH or whatever you end up using) concerns: unless you're doing a vpn between two old, slow computers, I can't imagine the processing overhead would be more than a blip compared to the relative smallness of a broadband pipe; especially if the 'host' you use is reaso