Hi All,

I have a home network setup using Netgear MR814 router (wired option).
My network consists of three Windows XP machines and one Linux (Redhat 5) server. Each machine's IP is fixed via router.

I want to be able to access the Linux server from anywhere outside when I am traveling. I tried setting port forwarding in the Netgear router to forward incoming requests to the Linux server at port 22. However, when I try to use puTTY from an external machine (external to my home network), I get 'Network error: Connection refused' message.

If I use puTTY to connect to the Linux server from any of the Windows XP machines on the same network, I am able to connect using port 22. (ssh daemon is running on the Linux server).

How can I make this work?

puTTY version used is 0.60.

Thanks.

Hi,

Firstly, double check you have forwarded the ports correctly. Are your machines on your network on static IP addresses or are they dynamic. If dynamic, it's possible your Linux box has a different IP now compared with when you set up the port forwarding.

Another alternative is that perhaps your Linux box has a firewall that disallows connections from the wider net and only allows connections from its own local network.

Something else to check would be other ports, if you have apache installed on the box, or if you can install apache on the box, then you could forward port 80 to it. That way you should be able to see the apache test page. If you can see the apache test page then this is probably an SSH issue, if you can't see the apache test page then it's probably a routing/firewall issue.

You can use http://www.canyouseeme.org site to find if your port forwarding is correct.

im guessing it's dhcp, you will need to set your internal IP addresses to static and the port forwarding should work.

Linux Archive

1) All machines on my network have static IPs (fixed via router).
2) I have a static IP from my internet service provider.
3) There is no firewall on the Linux server.

According to this site, everything is okay.


"Success: I can see your service on xx.xx.xxx.xxx on port (22)
Your ISP is not blocking port 22"

Is there anything in your sshd log?

Where do I look for sshd log? There are several files under /var/log but I am not sure which one to look at.

Typically /var/log/secure or /var/log/authlog. The command:

sudo grep -l sshd /var/log/*

will tell you.

tcpwrapper maybe ?

edit /etc/hosts.allow
sshd : ALL

Generally, not by default, but should be checked.

"Connection refused" indicates an attempt to connect the socket was positively denied. Things to ensure:

1) router port forward is active and correct
2) sshd is listening on all relevant interfaces/port
3) iptables is not blocking connection attempts
4) SELinux / AppArmor is not interfering
5) tcpwrappers is not restricting access
6) your client is actually on the WAN (and not a LAN client attempting to connect to the WAN IP)