Cannot SSH from outside the network

hradtke · 08-30-2006, 01:42 AM

I just moved into a new place and got Verizon DSL. I had my linux box setup at my old place allow me to ssh from the outside, using my Belkin router. However, at my new place it is no longer working.

Relevant info:

Code:

eth0      Link encap:Ethernet  HWaddr 00:16:76:63:8C:6C
          inet addr:192.168.2.8  Bcast:192.168.2.255  Mask:255.255.255.0
          inet6 addr: fe80::216:76ff:fe63:8c6c/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:3413 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3900 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1755655 (1.6 MiB)  TX bytes:717013 (700.2 KiB)
          Interrupt:177 Base address:0xb800

My first step was to make sure ssh works and that I can ssh from within the network:

Code:

[hradtke@localhost ~]$ ssh 192.168.2.8
hradtke@192.168.2.8's password:
Last login: Tue Aug 29 19:54:05 2006
[hradtke@localhost ~]$

An old post I was reading suggested using tcpdump to watch the packets. However, I am not exactly sure what I am looking for.

Code:

22:01:42.009998 IP 192.168.2.8.50618 > pool-71-107-207-6.lsanca.dsl-w.verizon.net.ssh: S 678866255:678866255(0) win 5840 <mss 1460,sackOK,timestamp 7671768 0,nop,wscale 2>
22:01:42.010513 IP 192.168.2.8.32770 > 192.168.2.1.domain:  11384+ PTR? 6.207.107.71.in-addr.arpa. (43)
22:01:42.011874 IP pool-71-107-207-6.lsanca.dsl-w.verizon.net.ssh > 192.168.2.8.50618: R 0:0(0) ack 678866256 win 0
22:01:42.041029 IP 192.168.2.1.domain > 192.168.2.8.32770:  11384 1/0/0 (99)
22:01:42.041270 IP 192.168.2.8.32770 > 192.168.2.1.domain:  40380+ PTR? 8.2.168.192.in-addr.arpa. (42)
22:01:42.069661 IP 192.168.2.1.domain > 192.168.2.8.32770:  40380 NXDomain 0/0/0 (42)
22:01:42.069828 IP 192.168.2.8.32770 > 192.168.2.1.domain:  61305+ PTR? 1.2.168.192.in-addr.arpa. (42)
22:01:42.098382 IP 192.168.2.1.domain > 192.168.2.8.32770:  61305 NXDomain 0/0/0 (42)

This is what relevent information I found when I tried to ssh to 71.107.207.6. It appears to me that the packet is being forwarded, but other than that I cannot tell.

Any suggestions from here?

acid_kewpie · 08-30-2006, 01:49 AM

can't see any evidence of a port forwarding taking place. have you really followed all the advice from portforward.com?

hradtke · 08-30-2006, 01:54 AM

http://www.portforward.com/english/r...4v7.01/SSH.htm

I referenced this page, but did not have to change anything because it was already set up that way. As seen on ifconfig, the IP is 192.168.2.8. I set it up to go 22 on both LAN and public.

acid_kewpie · 08-30-2006, 02:04 AM

well in that case run the tcpdump command for port 22 only (which i guess you saw me mention) and then try to connect to the external address from a remote site. if the router is port forwarding then you will see incoming traffic on port 22

hradtke · 08-30-2006, 02:33 AM

I see now. tcpdump is silent when I try to ssh from the outside. There must be some issue with Westell modem -> Belkin router that I need to fix. Thanks for the help.