begin quoting Gregory K. Ruiz-Ade as of Sat, Mar 25, 2006 at 07:37:50PM -0800: > On Mar 25, 2006, at 5:40 PM, Stewart Stremler wrote: > >The simple way is to run ssh on six different ports, and point each > >incoming port to a different machine. Easy. > > This, to me, smacks of kludge. Then again, we're talking about NAT, > which is itself a kludge.
I'm of the opinion that every solution will seem like a kludge to someone. NAT is /not/ mandatory; if it were, well, my opinion would probably be a bit different. > Strictly speaking, I don't _have_ to use NAT at home, if I want to > pay another $5 or so per IP address per month. I could probably even > still put a very capable firewall in-line between my hosts and the > rest of the network. OpenBSD's pf firewall will allow you do create > a "magic wire" firewall: uses no IP addresses, bridges network > segments and firewalls the two segments to your heart's content. For most folks, that's probably serious overkill. Given an unlimited number of IP address, I'd still NAT half the machines on my network, at least. > Sadly, as much as I bitch and moan about NAT, it's the path of least > resistance. I use it at home. It's built into every damned home > router you can find on the market. It's simple. It works 90% of the time with virtually no effort. The worse-is-better crowd ought to be cheering by now. And if 90% of the time, the solution is to spend another $5, well, that's not bad. Pissing off the use-port-80-for-everything crowd is just a bonus. > And the minute I want to enable SSH into another one of my PCs at > home, I'll be grumbling about it again. "I don't WANT to remember to > go to 10022 for hosta or 10122 for hostb..." And yes, I know the > joys of ~/.ssh/config. :) Start with port 23. You're surely not running telnetd anymore, are you? -- _ |\_ \| -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
