On Apr 3, 2011 8:25 AM, "Dotan Cohen" <dotancohen@gmail.com> wrote:
>
> Not a Debian-specific question, but I turn to the best brains that I know.
>
> Assuming a LAN with a router and three machines:
> 10.0.0.1 Router
> 10.0.0.2 Computer1
> 10.0.0.3 Computer2
> 10.0.0.4 Computer3
>
> The router sits on an outside IP address of 123.45.67.89. There is no
> DMZ or port forwarding assigned on the router to any of the other
> machines.
>
> Is there any way an individual from outside the LAN could access a
> resource (Apache for instance, or SSH) on Computer1 assuming that he
> knows Computer1's LAN IP address? Would this this be possible if he
> had access to Computer1 and could configure it somehow (without
> configuring the router)?
>
Short answer: no
Longer answer:
You might look into a 'reverse tunnel' which means you'd have to initiate the tunnel and then they could get in. I mean, you could setup something to trigger initiating that tunnel - email with ip, Twitter, etc. The other bad part is this is like shitty con config that don't work through nats. Which means this probably isn't an option (directly). If you have access to a public server, this still works.
You could also look into piloting around the connection. You'll have to read up for more info but IIRC, its pretty much increasing the ttl, setting the ip and a few other bits and hoping it gets through. This would be more for initiating a connection and is still likely to fail if both nodes are behind nats.