Is there a possibility, from the internet, to access (by which I mean to download/upload files from/to) a computer that has a NIC with a private ip address (NAT)? Port forwarding from the system which connects this private address to the internet (and therefore has a NIC with a public ip) is not an option.

An ICQ client solves this problem for chat sessions. It regularily checks a public ip adress on the internet (the icq server) for messages, and if so is the case, initiates a download of them.

In the same way, it would be possible to write a small client that runs on the privately addressed computer. This software could, from the private computer, initiate traffic to an outside (public ip) computer running a connecting software in order to monitor whether there are any download/upload requests and take proper actions. Are there any applications of this kind?

To put some reality to my question:

I sit at the uni (same computer and public ip every day) and would like to access my home computer, which is behind an private ip adress provided by an ISP. The ISP is not very keen on port forwarding any ports to my computer, so I have no possibility to access the system in this way. I could, for example, set up rules on my mail server, which scans the mails and then takes action depending how the incoming mail looks like. This solution is however not very neat. I figured that someone already must have written a program/service that could run on my inside computer and monitor any requests from the uni computer. In this case, I could share files between the two systems - even though I'm located at the public ip and not the private.

I've been searching both google and this linuxquestions about threads regarding this issue - but haven't come up with anything relevant.

Please let me know if it is difficult to understand my question.

Thanks a lot in advance!

Try this:

http://www.dyndns.org/services/dyndns/

These guys can set it up so your dynamic IP is always locatable via DNS.

BTW, private IP's are not the same as NAT.

NAT is the process your access device uses to translate your private IP into a public IP when your traffic is heading towards the Internet. Traffic coming back at you gets the reverse treatment; the public IP is translated to your private IP.

You did not metion what type of service you have. DSL, cable, or dialup? I presume you have a router of some type between your machine and the ISP. It would be there that any port forwarding would occur, not at your ISP.

Thanks a lot for Your answer!

My issue doesn't concern any of this. I have no problems with typing ip numbers...



I didn't mean that network address translation is the same as a private ip address, but that this method is used to access internet from a private ip address. This way I was trying to indicate that the computer with the private ip address can access internet (through equipment which provide NAT). Sorry for not being clear on that!

I'm not sure about how my connection type affects the problem, but I am running on something that would be close to some kind of local area network (abbreviated LAN). As I mentioned in the first post, it is my ISP that provides me with a private ip address. I guess that the ISP then uses NAT in order to grant my computer access to internet. A drawback with this method is that it is impossible to directly access my computer from the internet. Port forwarding at the ISP's equipment would solve the problem - but that is beyond my control.

Hope that my question became a little bit more clear!

Could you describe the path from your NIC to the ISP? Do you have a DSL/Cable modem? What type of equipment terminates the other end of your network cable? Do you have a Linksys or Netgear box?

It's not so much that we can't remember IP's, it's that they can change every few hours if the ISP has set them up that way. DYNDNS tracks the changes and ensures that you only need to remember your unchanging (free) domain name to find your server.

It is much better for personal privacy if the public IP's change frequently. My ISP refuses to sell me a fixed IP, but I couldn't help but notice that it hasn't changed in two years. I needed a fixed IP to get through my firewalls at work and they couldn't accomodate that. I guess the never-changing 'dynamic ' IP makes it easier for the FBI , DHS, and Jerry Fallwell to know what I am up to.

I'm not sure about how my internet access (and routes connected to it) affects the general question, which is whether it is possible to remote control (or use file sharing) on a computer sitting on a private ip address. This is supposed to be done without using port forwarding - in the same manner as an ICQ client constantly, from the private ip addressed computer, initiates traffic to a server (or similar) in order to monitor whether new messages have arrived. Is there any, already written, software that does the same, but for file sharing?

Sorry if my question still is unclear - I'd be happy to try to try to explain it further if needed!

Kind regards

Short answer:

Not that I know of. The fact that the computer is on a private ip makes it invisible to your university computer, unless your home computer establishes the connection (eg ICQ). Then your university computer thinks it is actually your ISP's gateway that is establishing the connection, and is none the wiser that it is actually a box behind the ISP NAT.

Long answer:

Your case would be possible, if you could run a listening program on the university computer. I don't know how much control you have over it, but it sounds like you would need to set up a server-type program on the uni computer, but if you were just having a script run on the home computer to connect to the uni computer you wouldn't be able to share specific files, just have the script upload to the uni computer all the files in certain directories.

Another option would be to set up a VPN-like system with the uni computer or another computer that is on the public internet that you have that access to. But hey, you would then run into security risks if that uni computer is shared (like mine) or the other public internet computer is shared.

Your situation is possible. You need to have full control of the univeristy computer or if that is not possible a third system that is either on the univeristy network or not behind your isp.

If you have control of the university computer then you need to install sshd and allow connections from your home (public ip).

From home you need to create a reverse tunnel to the sshd at the university. That's it.

UC = university computer.
HC = Home Computer
ISP = ISP!

UC = 200.10.10.1
HC = 192.168.0.1
ISP (your public IP address) = 65.10.10.1

On HC type:

<localhost># ssh -C -2 -N -g -R 1234:127.0.0.1:22 root@200.10.10.1 -p 22

-C = compression (optional)
-2 = force ssh version 2
-N = used when forwarding ports
-g = allow a remote host to connect to forwarded port (this has to be enabled on the sshd to work)
-R = setup a reverse tunnel

1234:127.0.0.1:22

1234 = port to bind this tunnel to on UC
127.0.0.1 = HC (localhost duh!)
22 = port to bind this tunnel on HC

root@200.10.10.1 -p 22

root = account name. Don't have to be root. Could be any account that is authorized.
200.20.20.1 = UC... where the ssh server is!
-p = port the UC is listening for ssh connections (optional). Defaults to 22.

So if you run an ssh server on your HC... and you have the tunnel pointing at that server as I have above with port then when you are sitting at your UC and point ssh at the 127.0.0.1 and port 1234 guess where it goes. To your ssh server on your HC through the tunnel you made from home.

You can ssh through that for shell control and you can also sftp for file transfers to and from.

This isn't rocket science. Man ssh will give you all you need to know.

You'd only need to allow remote connections to the tunnel if you can't set this up on the UC and need to use a third computer. In that case just ssh to the third computer and the tunnel port and you are in business.

I do this all the time. The only tricky part is to remember to setup heartbeats so the tunnel doesn't die. If it does you can only restart it back at the HC... since your only connection is through the tunnel.. if it dies.. you need physical contact.

Side benifit.. it's all encrypted and authenticated so it's secure.

Hope this helps. Post back if you have trouble and man ssh doesn't help.

-b

Thanks a lot for the answers, bdogg and bignerd!

@bignerd: The remote port forwarding solved my problems completely. Your explanation was great - I now also (start to) understand what actually happens and how to the reverse tunneling works. Thank You!

Spam; reported for user/post deletion.

I seem to notice that spammers in this subforum (Linux-Networking) don't get eradicated?
Maybe the mod for this subforum went AWOL?

Yep. Moderators are listed at the bottom right of the forum page (i.e. the "Linux - Networking" link in the breadcrumbs above) - and the two mods listed both haven't been seen in over a year:

david_ross - Last Activity: 21st Apr 2016 17:56
acid_kewpie - Last Activity: 23rd Apr 2019 13:24

2 members found this post helpful.