I actually typed this the other night, but for some reason it didn't post through e-mail. You've probably already got your problem resolved, but for what it's worth, here's what I had to say...
Dynamic DNS was going to be my suggestion. I use it myself. Just make sure your FIL has his current IP configured in his account at www.dyndns.com and you'll be able to access his computer with a domain name, such as fil.homeip.net. Make sure he leaves the power ON on his cable modem at all times so the his router can renew the IP (and keep it) at the DHCP's half-life (whatever that may be). If the modem is powered off for several hours, there is a chance that the router will not get the same IP address when it tries to obtain a DHCP address. This is when it's nice to have a program running on a PC/Mac in the house that automatically updates dyndns.com with whatever the new IP address is. I know there are programs for Windows to do this, but I'm not sure about Macs (probably so). That way, when you go to connect with fil.homeip.net, regardless of whether the IP address changed since last time, you'll still be able to connect without him having to do anything on his end except make sure his mini is powered up and online. Hope this helps. Lonnie. On Sep 4, 4:17 pm, "Andrew Le" <[EMAIL PROTECTED]> wrote: > Thanks for the tip, Bruce. > > -------------------------------------------------- > From: "Bruce Johnson" <[EMAIL PROTECTED]> > Sent: Thursday, September 04, 2008 10:03 AM > To: <[email protected]> > Subject: Re: Remote connection question > > > > > > > On Sep 4, 2008, at 9:00 AM, Andrew Le wrote: > > >> Hi, > > >> I have a similar situation. > > >> Say I have Verizon DSL modem/router. > > >> And I have say two Macs connected to it with internal IPs (192.*.*.*). > > >> The modem itself has an external IP, but don't I need to configure > >> the modem > >> itself so that my two Macs have separate external IPs known to the > >> world so > >> I can access (say SSH into them) from the outside world? > > >> I've not been able to figure this out yet. > > > You can't. You only have one external IP address, what you do is this: > > > Go into your router's NAT setup and forward the SSH port (port 22) to > > one of the intenral IP addresses. To accomplish this, you'll also have > > to assign static internal addresses to the Macs as well, Most of these > > routers support a chunk of their address space as static, see the > > documentation for your router. > > > Once NAT forwarding is set to one of the Macs, you can ssh to it from > > the outside world. > > > THEN you ssh from that mac to the other one. > > > Some suggested ssh hacks enabled by editing /etc/sshd_config > > > change the line > > > Protocol 1,2 > > > to: > > > Protocol 2 > > > This prevents ssh from connecting with an old, vulnerable protocol. > > "Protocol 2" is now the default. > > > And somewhere in there add the line: > > > AllowUsers <usernames of users allowed to log in> > > > If you look in your security log, (viewable in Consol under Var/ > > log>secure.log) you will likely see scads of failed login attempts. > > (these are pretty much all skriptkiddies spamming for vulnerable > > machines, attempting logins under common vulnerable usernames) > > AllowUsers is a belt&suspenders approach to blocking potential > > attackers. > > > If you want a little more security, change the standard port from 22 > > to something else. > > > This discourages the automated attacks. > > > A determined attacker can always scan a system to determine what port > > sshd is answering on, so it's only a mild precaution, but in general > > ssh is pretty tight. By default on a stock install of OS X you're > > battened down quite tightly. > > > The vulnerabilities arise when people start installing their own > > network services and things like PHP on their own, forgetting to > > change default passwords and such like. > > > If you look in secure.log (filter on the string ' error: PAM: > > Authentication failure') you'll see scads of failed logins. I get > > hundreds a day from skriptkiddie attacks. > > > -- > > Bruce Johnson > > University of Arizona > > College of Pharmacy > > Information Technology Group > > > Institutions do not have opinions, merely customs- Hide quoted text - > > - Show quoted text - --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to Low End Mac's iMac List, a group for those using G3, G4, G5, and Intel Core iMacs as well as Apple eMacs. The list FAQ is at http://lowendmac.com/imac/list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/imaclist?hl=en Low End Mac RSS feed at feed://lowendmac.com/feed.xml -~----------~----~----~----~------~----~------~--~---
