figuring out isp stuff and ssh

English Network/Internet
#1

I just got back from a 2 week trip away, and I want to start trying to
figure out how to make ssh work again.

I will start off by saying that ssh works fine within my internal home
network - I can easily connect my laptop to my desktop and vice versa.

I want to try and get my laptop to connect to my desktop when I am away
from home, through the internet, via ssh. But before I try and do that,
I figure I need to understand some of the networking fundamentals, so
here goes.

First, when I left, my router’s internet ip was 66.249.74.106. Now, when
I have just returned, it is 10.214.55.218. This changes just about every
day, as we have to reset our router 2 or 3 times a day on average, and
we get a new ip address every time. However, my understanding was that
66.x.x.x is an internet rout-able ip address, and 10.x.x.x is not, so I
believe that something has been changed by my isp with how they are
assigning ip addresses in the 2 weeks I was gone. When I had the
66.x.x.x address assigned to my domain name
tribaltrekker.ignorelist.com, I could put “tribaltrekker.ignorelist.com
in the command line of my browser and it would connect to my router
(from inside the network - it never worked outside the network).
However, now with the 10.x.x.x ip address assigned to that domain name,
it doesn’t connect even inside the network.

In any case, I am on a 10.x.x.x network now.

I am trying to figure out what type of network I am on from my isp, and
what the subnet mask might be. I know what the subnet mask is for inside
my home network, just not what it is outside. I figure this will help me
understand what kind of network my isp is providing.

Because my router’s ip address is 10.214.55.218, that means we are on a
subnet controlled by my isp, right? But is that really a “subnet” or is
it called something else?

The “name server” that comes up on the WAN status page of my router is
202.126.40.5. Does that mean that the sub-network I am under provided by
my isp is a class C network? Or is the “name server” something else?

All the google helps for “name server” talk about how a name server is
for translating the human memorable names into a series of numbers,
which seems like a totally different thing than the “name server” listed
on my router’s status page.

Now that my router no longer has an internet rout-able address, how do I
connect my domain name (tribaltrekker.ignorelist.com) to my router? I
assume that is the first step to being able to use ssh from outside my
network. If it is not, is there some other way?


G.O.
Box #1: 12.3 | KDE 4.10 | AMD Phenom IIX4 | 64 | 16GB
Box #2: 12.2 | KDE 4.9.2 | AMD Athlon X3 | 64 | 4GB
Laptop: 12.3 | KDE 4.10 | Core i7-2620M | 64 | 8GB

#2

On 09/17/2013 04:02 AM, grglsn wrote:
> I just got back from a 2 week trip away, and I want to start trying to
> figure out how to make ssh work again.
>
> I will start off by saying that ssh works fine within my internal home
> network - I can easily connect my laptop to my desktop and vice versa.
>
> I want to try and get my laptop to connect to my desktop when I am away
> from home, through the internet, via ssh. But before I try and do that,
> I figure I need to understand some of the networking fundamentals, so
> here goes.

So SSH works. All we have left is to figure out how to route packets from
the Internet to your SSH services.

> First, when I left, my router’s internet ip was 66.249.74.106. Now, when
> I have just returned, it is 10.214.55.218. This changes just about every
> day, as we have to reset our router 2 or 3 times a day on average, and
> we get a new ip address every time. However, my understanding was that
> 66.x.x.x is an internet rout-able ip address, and 10.x.x.x is not, so I
> believe that something has been changed by my isp with how they are
> assigning ip addresses in the 2 weeks I was gone. When I had the
> 66.x.x.x address assigned to my domain name
> tribaltrekker.ignorelist.com, I could put “tribaltrekker.ignorelist.com
> in the command line of my browser and it would connect to my router
> (from inside the network - it never worked outside the network).
> However, now with the 10.x.x.x ip address assigned to that domain name,
> it doesn’t connect even inside the network.
>
> In any case, I am on a 10.x.x.x network now.
>
> I am trying to figure out what type of network I am on from my isp, and
> what the subnet mask might be. I know what the subnet mask is for inside
> my home network, just not what it is outside. I figure this will help me
> understand what kind of network my isp is providing.

Ignore the subnet mask as it really doesn’t matter for what you’re doing.
They are important within a single LAN, but something you do not care
about when it comes to your specific task. If you want to know more about
them then start with Wikipedia and go from there, but the netmasks of
various networks crossed by packets are the problem of the owners of those
networks and not you.

> Because my router’s ip address is 10.214.55.218, that means we are on a
> subnet controlled by my isp, right? But is that really a “subnet” or is
> it called something else?

Subnet, network, whatever. That you’re on your ISP’s network is a given,
though, since you’re paying them to provide access. No matter the address
you have (or the range it is in) you will be on your ISP’s network. If
not, they wouldn’t be giving you a connection to the Internet.

> The “name server” that comes up on the WAN status page of my router is
> 202.126.40.5. Does that mean that the sub-network I am under provided by
> my isp is a class C network? Or is the “name server” something else?

You’re looking for things that do not matter here. The “class” of the
network is irrelevant to anything you’re trying to do, and the IP address
of the DNS server is irrelevant as long as it works for its DNS purpose.
You could replace it, most likely, with Google’s public DNS servers, for
example, and still have similar functionality (8.8.8.8 or 8.8.4.4).

> All the google helps for “name server” talk about how a name server is
> for translating the human memorable names into a series of numbers,
> which seems like a totally different thing than the “name server” listed
> on my router’s status page.

No, it’s the same. Your router is probably being queried directly by your
home systems, and then it in turn is going out to the Internet to find out
IP addresses for things it does not know off the top of its cache. This
may be confusing if you think it is related to “routing” in the networking
sense, because it is not related at all. Your router just happens to be a
router (layer three), a DNS server (layer seven), and is also likely a
switch (has multiple ports for RJ-45 connections at layer two), and may
even be a wireless access point which is probably considered layer one.
It is also likely a DHCP server handing out addresses for your internal
network. These are all individual functions lumped into one device
because otherwise you’d need a bunch of devices.

> Now that my router no longer has an internet rout-able address, how do I
> connect my domain name (tribaltrekker.ignorelist.com) to my router? I
> assume that is the first step to being able to use ssh from outside my
> network. If it is not, is there some other way?

First, go here:

http://whatismyip.com

See if the IP address shown there is something more usable, but chances
are that your ISP has run out of IP addresses and now has you all NAT’d
behind it sown public IP address, so in order to route things from the
outside in you’ll need to either work with them or you’ll need to setup
some kind of tunnel to an outside system that you control, such as a
server at some other site. Either way chances are extremely high that you
cannot get unsolicited packets into your network from the outside world so
you need to find ways around that.

Good luck.

#3

On 09/17/2013 08:22 PM, ab wrote:
> On 09/17/2013 04:02 AM, grglsn wrote:

>
> http://whatismyip.com
>
> See if the IP address shown there is something more usable, but chances
> are that your ISP has run out of IP addresses and now has you all NAT’d
> behind it sown public IP address, so in order to route things from the
> outside in you’ll need to either work with them or you’ll need to setup
> some kind of tunnel to an outside system that you control, such as a
> server at some other site. Either way chances are extremely high that you
> cannot get unsolicited packets into your network from the outside world so
> you need to find ways around that.
>
> Good luck.
>

Thank you for your help. In the last 2 days I have noticed something
quite strange. When I first wrote my original message, my router had an
ip address of 10.x.x.x. Then last night, when I checked using the URL
you provided above, it had an ip address of 180.x.x.x. Then my
modem/router locked up this morning and when I reset it, it acquired an
ip address of 202.x.x.x. Then just now, it locked up again, and when I
reset, again I have an ip address of 10.x.x.x. So, I tried to reset it
again, and it is now back to a 180.x.x.x. All of these addresses I have
verified at whatismyip.com.

So it seems like my ISP is going back and forth between giving out
internet rout-able ip addresses and then giving out only internal
addresses.

Does anyone know why that might be the case? I want to know as much as I
can before I call tech support, because the first line tech support
people already know far less than I know. Last time I spent over an hour
just trying to show them how you don’t need to have a static ip to use
ssh if you are using dynamic dns. I think the tech support people that
are the first people you talk to are only the ones that go through a
checklist, which tells people to reboot the router and see if the
internet will start working again.

I have to be able to get through the first group in order to talk to
someone at my ISP that actually knows what he/she is talking about, and
the more knowledge I have, the faster that will go.


G.O.
Box #1: 12.3 | KDE 4.10 | AMD Phenom IIX4 | 64 | 16GB
Box #2: 12.2 | KDE 4.9.2 | AMD Athlon X3 | 64 | 4GB
Laptop: 12.3 | KDE 4.10 | Core i7-2620M | 64 | 8GB

#4

The IP addresses dished out by an ISP are IPs they control… they could
be routable/publicly-accessible or they could be non-routable, but that’s
not really relevant other than if you want to access those IPs from
outside of their network, which you do. Unless you tell them you want to
be able to access your system from the outside (as you do) they may just
have you setup to get IPs from anything available, routable or not.
Beyond that I’m not sure what is that useful.

And just to be really clear, you do not need dynamic DNS to SSH to a home
system without a static IP address… it just helps sometimes.

Good luck.