SSH on 3G

[cyberbob]

I was wondering, is it possible to be able to SSH into a Linux based system that has 3G running on it?

I have a laptop, with SuSE 9.3 Pro on it, and a 3G card connected. I have set it to the InternetVPN APN, so I do get an external IP, but I simply cannot connect to the machine from outside in any manner.

I'm only trying to get SSH to work, my firewalls are set correctly (still doesn't work even with firewalls turned off completley).

I was under the impression, that by switching to InternetVPN and getting an external IP, that I'd be able to connect. Is it just me having this problem, or does Vodacom firewall you regardless of what APN you are on?

I've got a Novatel card with latest firmware installed.

 

[cyberbob]

doesn't anybody have anything to say???

V3G, do you know anything about Vodacom's firewall "policy" on the InternetVPN APN?

 

[Tazz_Tux]

I was wondering, is it possible to be able to SSH into a Linux based system that has 3G running on it?

How did you get the IP of the machine that you are ssh'ing too ?

My understanding is that this *should* work, unless Vodacom is firewalling those IP's but allow VPN (GRE traffic) as the APN is meant to. Maybe we can request an "un-firewalled" APN ?

Laterz !!!

 

[cyberbob]

well, I got the IP by doing a regular ifconfig ... and also ssh'd into one of our servers at work ... thereby getting the Vodacom DNS name. When I do a reverse lookup on that DNS name, I get the same IP as when I do an ifconfig. So I assume that is in order?

Yet I can't connect to the machine, can't ping, can't port 80, can't SSH, nothing

I think that Vodacom prolly still firewalls you, but you just get given an external IP. Not sure what the real value is of this though

 

[Tazz_Tux]

I think that Vodacom prolly still firewalls you, but you just get given an external IP. Not sure what the real value is of this though

Well - unless they unblock it for us - we gonna have the problem. My solution to it so far has been to ssh into my server and do a remote port forward - something like this:

On the 3G machine run

ssh -Cl root 1.2.3.4 -g -R 2222:127.0.0.1:22

Then you connect to the server

ssh -Cl root 1.2.3.4

Once connected - you can ssh into the 3G machine like this

ssh -Cl root 127.0.0.1 -p 2222

Hope this helps !

Laterz !!!

BTW - I have a little script that run the command on the 3G machine when ever the connection is made - it just keeps running it when SSH dies, unless you wanna send "NULL" packets every couple of mins.

 

[cyberbob]

I'll give that a try ... the ip 1.2.3.4, is that my Vodacom 3G ip?

 

[Tazz_Tux]

I'll give that a try ... the ip 1.2.3.4, is that my Vodacom 3G ip?

That would be a fixed server on the net - static adsl, something like that

 

[vodacom3g]

Tell me what needs to be done (I'm a bit lost here ) and I'll pass it on.

 

[Tazz_Tux]

Tell me what needs to be done (I'm a bit lost here ) and I'll pass it on.

Hey V3G,

Can/is there an APN that allows ALL traffic, IN and OUT to the 3G user with a public IP ?

Laterz !

 

[vodacom3g]

I thought that's how it is? My understanding is we don't block anything...

Give me a shout.

 

[cyberbob]

I thought that's how it is? My understanding is we don't block anything...

Give me a shout.

well, unfortunately, I can send out packets, but not receive any while on the internetvpn APN

don't mind if pings still don't work though

 

[Tazz_Tux]

I thought that's how it is? My understanding is we don't block anything...

I think Vodacom is still caring and has blocked incomming, but allows GRE. The problem with openning it up is that even if you don't want to, you will pay for a connection to your machine. I think Vodacom will have to look into another APN that ships with 1xstd warning - YOUR DATA USAGE CAN BE HUGE SINCE PEOPLE CAN CONNECT TO YOU.

What to open, what to close is the other question. I for one would love to have everything opened, but ICMP (Ping) blocked - normally "hackers" don't worry about an IP that doesn't reply on ping.

V3G - I should still have your details here - I will contact you a tad later, if not I have PM'ed you my numbers (you should have them by now ) just incase I forget

 

[cyberbob]

well, if "everything" was opened on Vodacom's side, but I then closed everything again with my own firewall, could I still suffer from attacks in respect to my b/w being used up???

I would only want to open up the SSH port anyway, the rest would be blocked!

But I like the idea of a seperate APN just for this type of purpose

 

[Tazz_Tux]

well, if "everything" was opened on Vodacom's side, but I then closed everything again with my own firewall, could I still suffer from attacks in respect to my b/w being used up???

Not as badly - but you will (I think) still be charged for the packet that tries to make the connection - V3G ? comments ?

laterz !!!

 

[vodacom3g]

Yes, you're right. Any packets destined for your data card will count to your cap, so if someone port-scan you, you end up paying for it. Thus the blocking of incoming ports.

A possible solution might be an internet-hosting type of APN, where we open up incoming ports. Subs will have to sign some kind of disclaimer.