Not a Debian-specific question, but I turn to the best brains that I know.

Assuming a LAN with a router and three machines:
10.0.0.1 Router
10.0.0.2 Computer1
10.0.0.3 Computer2
10.0.0.4 Computer3

The router sits on an outside IP address of 123.45.67.89. There is no
DMZ or port forwarding assigned on the router to any of the other
machines.

Is there any way an individual from outside the LAN could access a
resource (Apache for instance, or SSH) on Computer1 assuming that he
knows Computer1's LAN IP address? Would this this be possible if he
had access to Computer1 and could configure it somehow (without
configuring the router)?

Thanks.

--
Dotan Cohen

http://gibberish.co.il
http://what-is-what.com


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: BANLkTikem+ca5rE7MTp8OPQv6QWACdfDYA@mail.gmail.com ">http://lists.debian.org/BANLkTikem+ca5rE7MTp8OPQv6QWACdfDYA@mail.gmail.com

On Sun, Apr 3, 2011 at 13:25, Dotan Cohen <dotancohen@gmail.com> wrote:
> Not a Debian-specific question, but I turn to the best brains that I know.
Then OT it.

> Is there any way an individual from outside the LAN could access a
> resource (Apache for instance, or SSH) on Computer1 assuming that he
> knows Computer1's LAN IP address? Would this this be possible if he
> had access to Computer1 and could configure it somehow (without
> configuring the router)?

Without any sort of config, the only apache you could access would be
the router's. There has to be some sort of router config.

STUN is used for this, but i think it just provides an internal client
with the external IP address, for messaging behind firewalls and what
not. Maybe it's tweakable? If your internal client initiates a
connection, maybe you can start from there.

HTH,
Nuno

--
Mars 2 Stay!
http://xkcd.com/801/
/etc


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: BANLkTinO296rJB4rEG+5w_S5uWLPgnuBFw@mail.gmail.com ">http://lists.debian.org/BANLkTinO296rJB4rEG+5w_S5uWLPgnuBFw@mail.gmail.com

On Sun, 2011-04-03 at 15:25 +0300, Dotan Cohen wrote:
> Not a Debian-specific question, but I turn to the best brains that I know.
>
> Assuming a LAN with a router and three machines:
> 10.0.0.1 Router
> 10.0.0.2 Computer1
> 10.0.0.3 Computer2
> 10.0.0.4 Computer3
>
> The router sits on an outside IP address of 123.45.67.89. There is no
> DMZ or port forwarding assigned on the router to any of the other
> machines.
>
> Is there any way an individual from outside the LAN could access a
> resource (Apache for instance, or SSH) on Computer1 assuming that he
> knows Computer1's LAN IP address? Would this this be possible if he
> had access to Computer1 and could configure it somehow (without
> configuring the router)?
>
> Thanks.
>

To my knowledge, no, there is not. Only if the traffic is part of an
existing connection created by one of the machines inside your LAN.

If he wants access to computer 1, your router would need to be
compromised (or computer 1 using some kind of malware, then computer 1
could initiate the traffic itself. The malware could be hosted on an
external website you need to visit).

Kind regards,
Steven

On Sun, Apr 3, 2011 at 15:35, Steven <redalert.commander@gmail.com> wrote:
> To my knowledge, no, there is not. Only if the traffic is part of an
> existing connection created by one of the machines inside your LAN.
>

Thanks, that is what I suspected.

> If he wants access to computer 1, your router would need to be
> compromised (or computer 1 using some kind of malware, then computer 1
> could initiate the traffic itself. The malware could be hosted on an
> external website you need to visit).
>

It doesn't need to be malware, that would fall under the idea of
configuring Computer1. But it would still require Computer1 to
initiate the connection.

My current solution is to have Computer1 cron to check an outside URL
to see if a connection request is pending, and from where.

--
Dotan Cohen

http://gibberish.co.il
http://what-is-what.com


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: BANLkTi=n5LzGSVpqCk9ukTPJRW9NjU9cxg@mail.gmail.com ">http://lists.debian.org/BANLkTi=n5LzGSVpqCk9ukTPJRW9NjU9cxg@mail.gmail.com