LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 07-18-2012, 09:56 AM   #1
gacanepa
Member
 
Registered: May 2012
Location: San Luis, Argentina
Distribution: Debian
Posts: 182

Rep: Reputation: 24
Question Access server from outside LAN via SSH


Hi all,
I have a home server running Debian Squeeze. This server is behind a router with a static IP.
To access the apache server, in the router I have redirected port 8888 (public) to port 80 (private) so when I type xxx.xxx.xxx.xxx:8888 (where the x's represent the router's static ip address) in a web browser from outside the LAN, it displays a home page. That works just fine.
Now I would like to access the ssh server from outside the LAN. To accomplish this, in the router I redirected port 1982 to the server's (private) port 22, but I keep getting a "Connection timed out" message in Putty while trying to connect to the server.
Some things to consider:
1) the sshd daemon is running on the server.
2) Iptables is not blocking any incoming connections (just to test, it's configured with an ACCEPT ALL policy).
3) The Putty connection is xxx.xxx.xxx.xxx:1982 (where the x's represent the same IP address as above).
4) I already checked this post where a suggestion is given but I am not quite sure as how to implement it.
I hope I have asked this question the smart way. Any suggestions / ideas are more than welcome!
 
Old 07-18-2012, 10:22 AM   #2
schneidz
Senior Member
 
Registered: May 2005
Location: boston, usa
Distribution: fc-15/ fc-20-live-usb/ aix
Posts: 4,143

Rep: Reputation: 638Reputation: 638Reputation: 638Reputation: 638Reputation: 638Reputation: 638
does ssh localhost work ?

are you able to ssh in from within the same network ?
 
Old 07-18-2012, 10:24 AM   #3
gacanepa
Member
 
Registered: May 2012
Location: San Luis, Argentina
Distribution: Debian
Posts: 182

Original Poster
Rep: Reputation: 24
Quote:
Originally Posted by schneidz View Post
does ssh localhost work ?

are you able to ssh in from within the same network ?
Yes, it works like a charm - I forgot to include that details in the things-to-consider list above.
 
Old 07-18-2012, 10:29 AM   #4
sag47
Senior Member
 
Registered: Sep 2009
Location: Philly, PA
Distribution: Kubuntu x64, RHEL, Fedora Core, FreeBSD, Windows x64
Posts: 1,503
Blog Entries: 35

Rep: Reputation: 382Reputation: 382Reputation: 382Reputation: 382
Test to see if the port is even listening and check to see if you get an SSH banner using telnet. Testing from Linux,

Code:
nmap -PN -p 1982 xxx.xxx.xxx.xxx

#You should get an SSH banner using telnet.  Something like this: SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1
telnet xxx.xxx.xxx.xxx 1982
If you're not getting a banner then it indicates either an in between routing problem or a problem with the router port forwarding. I would do a tracert to test further and double check your IP/port settings in the router. If it still doesn't work then try forwarding to another port other than 1982 and test again. Check the router logs to see if there's any errors which pop up when you're doing your testing.

NOTE: If you're inside the LAN and ssh into your Debian server than you can still test against the xxx.xxx.xxx.xxx:1982 address. telnet localhost so that you know what kind of SSH banner you should be expecting.

We'll proceed further once you've taken those testing steps.
 
Old 07-18-2012, 10:40 AM   #5
gacanepa
Member
 
Registered: May 2012
Location: San Luis, Argentina
Distribution: Debian
Posts: 182

Original Poster
Rep: Reputation: 24
Quote:
Originally Posted by sag47 View Post
Test to see if the port is even listening and check to see if you get an SSH banner using telnet. Testing from Linux,

Code:
nmap -PN -p 1982 xxx.xxx.xxx.xxx

#You should get an SSH banner using telnet.  Something like this: SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1
telnet xxx.xxx.xxx.xxx 1982
If you're not getting a banner then it indicates either an in between routing problem or a problem with the router port forwarding. I would do a tracert to test further and double check your IP/port settings in the router. If it still doesn't work then try forwarding to another port other than 1982 and test again. Check the router logs to see if there's any errors which pop up when you're doing your testing.

NOTE: If you're inside the LAN and ssh into your Debian server than you can still test against the xxx.xxx.xxx.xxx:1982 address. telnet localhost so that you know what kind of SSH banner you should be expecting.

We'll proceed further once you've taken those testing steps.
Here's the banner. I tested from outside the LAN with a Debian Squeeze box at work:
Code:
Starting Nmap 5.00 ( http://nmap.org ) at 2012-07-18 11:36 ART
Interesting ports on customer.<ISP>.com.ar (xxx.xxx.xxx.xxx):
PORT     STATE    SERVICE
1982/tcp filtered unknown

Nmap done: 1 IP address (1 host up) scanned in 2.49 seconds
Again, the x's are the public IP address.
 
Old 07-18-2012, 11:00 AM   #6
sag47
Senior Member
 
Registered: Sep 2009
Location: Philly, PA
Distribution: Kubuntu x64, RHEL, Fedora Core, FreeBSD, Windows x64
Posts: 1,503
Blog Entries: 35

Rep: Reputation: 382Reputation: 382Reputation: 382Reputation: 382
Code:
1982/tcp filtered unknown
Means there is no service listening. So it's likely a routing problem or a port forwarding issue on your home router. You said, "Here's the banner," but you didn't post any banner from telnet. The output of nmap is not a banner.

At any rate I would look more closely at your router. If you try all the port forwarding settings you can then perhaps upgrading the routers firmware will fix a known/unknown routing bug.
 
Old 07-19-2012, 09:20 AM   #7
gacanepa
Member
 
Registered: May 2012
Location: San Luis, Argentina
Distribution: Debian
Posts: 182

Original Poster
Rep: Reputation: 24
Thumbs up

Quote:
Originally Posted by sag47 View Post
Code:
1982/tcp filtered unknown
Means there is no service listening. So it's likely a routing problem or a port forwarding issue on your home router. You said, "Here's the banner," but you didn't post any banner from telnet. The output of nmap is not a banner.

At any rate I would look more closely at your router. If you try all the port forwarding settings you can then perhaps upgrading the routers firmware will fix a known/unknown routing bug.
Yesterday when I got home I changed the public port to 22 (which is forwarded by the router to private port 22) and it worked! There must have been something wrong with public port 1982 I guess - it was open in the router but it was not forwarding traffic to the LAN.
Any ideas why? The router is a Dlink-600. Anyway, I'll mark this as solved, but additional insights are always welcome, so feel free to keep 'em coming.
 
Old 07-19-2012, 10:49 AM   #8
sag47
Senior Member
 
Registered: Sep 2009
Location: Philly, PA
Distribution: Kubuntu x64, RHEL, Fedora Core, FreeBSD, Windows x64
Posts: 1,503
Blog Entries: 35

Rep: Reputation: 382Reputation: 382Reputation: 382Reputation: 382
It could be a firmware bug, or possibly something internally used by the router preventing you from using the port (though if that's the case it shouldn't have let you select it to begin with). Since you're running on port 22 then generically run nmap and see what services are running on your router other than 22.

Code:
nmap -PN xxx.xxx.xxx.xxx
Try using a port other than 22 and 1982; for example maybe 2222 and check to see if it still works. If your router keeps having port forwarding problems then I would say it needs a firmware upgrade. D-Link publishes all of their firmware on their support website. Port forwarding is on Layer 3 and is a software issue so there shouldn't be anything physically wrong with your router unless it's bad memory addresses on the router memory.

SAM

Last edited by sag47; 07-19-2012 at 11:00 AM.
 
  


Reply

Tags
access, internet, lan, server, ssh


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
giving SSH access to machines on LAN from internet tkmsr Linux - Server 4 03-09-2011 03:16 AM
access ssh tunneled location trough lan Steviepower Linux - Networking 3 11-09-2010 07:14 AM
any software similar to ajaxterm to access a lan via SSH in a restricted firewall tkmsr Linux - Software 1 05-21-2010 10:30 PM
deny ssh access from lan with iptables NuLLiFiEd Linux - Security 10 12-01-2005 08:11 PM
SSH access from outside the LAN? jdp Linux - Newbie 1 05-02-2004 02:12 PM


All times are GMT -5. The time now is 11:29 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration