[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Addressing a machine behind the router without port forwarding or DMZ

On Apr 3, 2011 8:25 AM, "Dotan Cohen" <dotancohen@gmail.com> wrote:
> Not a Debian-specific question, but I turn to the best brains that I know.
> Assuming a LAN with a router and three machines:
> Router
> Computer1
> Computer2
> Computer3
> The router sits on an outside IP address of There is no
> DMZ or port forwarding assigned on the router to any of the other
> machines.
> Is there any way an individual from outside the LAN could access a
> resource (Apache for instance, or SSH) on Computer1 assuming that he
> knows Computer1's LAN IP address? Would this this be possible if he
> had access to Computer1 and could configure it somehow (without
> configuring the router)?

Short answer: no
Longer answer:
You might look into a 'reverse tunnel' which means you'd have to initiate the tunnel and then they could get in. I mean, you could setup something to trigger initiating that tunnel - email with ip, Twitter, etc. The other bad part is this is like shitty con config that don't work through nats. Which means this probably isn't an option (directly). If you have access to a public server, this still works.
You could also look into piloting around the connection. You'll have to read up for more info but IIRC, its pretty much increasing the ttl, setting the ip and a few other bits and hoping it gets through. This would be more for initiating a connection and is still likely to fail if both nodes are behind nats.

Reply to: