[SOLVED] Creating dynamic IP hosting

ethereal1m · 02-23-2018, 06:22 AM

Dear all,
I wanted to setup my box as a host with dynamic ip using no-ip.com service so that I could ssh my box from anywhere outside, however for some reason no-ip said that port 22 wasn't open.

What I did:
1. Create a host at no-ip
2. Install no-ip service in the box to update the dynamic ip
3. Do port forwarding of my box at its router

I do netstat on the box, it said the port 22 was open. So it was according to Nmap scan, but the wizard in no-ip said that port 22 was close. I also try to ssh to my box, I couldn't get in.

What else did I miss?

regards

TenTenths · 02-23-2018, 06:38 AM

Check this again:

Quote:

Originally Posted by ethereal1m

3. Do port forwarding of my box at its router

Depending on your router you may find that 22 may be used for remote management of the router and isn't available for forwarding. Try setting your router up to forward a different port (2222) to port 22 on your inside box and connect to that instead of the normal port 22.

michaelk · 02-23-2018, 07:02 AM

Is ssh running on your box and can you login locally on your LAN?

Did you allow port 22 access in the box's firewall?

Did you configure the box with a static IP address or use a DHCP address reservation in your router?

Did you use the correct IP of your box in router's forwarding rule?

Does your no-ip URL actually resolve to your WAN IP address?

ethereal1m · 02-24-2018, 04:50 AM

Quote:

Originally Posted by michaelk

Is ssh running on your box and can you login locally on your LAN?

Yes. I could ssh from 1 machine to another in LAN.

Quote:

Originally Posted by michaelk

Did you allow port 22 access in the box's firewall?

Yes. I confirmed this by using nmap from my other machine in LAN.

Quote:

Originally Posted by michaelk

Did you configure the box with a static IP address or use a DHCP address reservation in your router?

Yes. It is using DHCP address.

Quote:

Originally Posted by michaelk

Did you use the correct IP of your box in router's forwarding rule?

Yes. I made sure the box address is in the forwarding setup.

Quote:

Originally Posted by michaelk

Does your no-ip URL actually resolve to your WAN IP address?

Yes. I do "whatismyip", it matched with my no-ip host.

But when I test port 22 using this port checking took, it timed out. The no-ip software in the box said that it associated my no-ip address with the box LAN, but how can I make sure that? How I make sure that my router will route the traffic from outside to my box?

ethereal1m · 02-24-2018, 04:51 AM

Quote:

Originally Posted by TenTenths

Check this again:

Depending on your router you may find that 22 may be used for remote management of the router and isn't available for forwarding. Try setting your router up to forward a different port (2222) to port 22 on your inside box and connect to that instead of the normal port 22.

tried that, it didn't work, I must miss something simple but important

ethereal1m · 02-24-2018, 05:40 AM

I'm suspecting my modem is doing the blocking, but how can I check that?

ondoho · 02-24-2018, 06:26 AM

you could try temporarily disabling the firewall.
btw, i often fall into the trap that i
1) open the port on my router
but then forget to
2) open the port on my machine's (not the router's) firewall

michaelk · 02-24-2018, 08:15 AM

You should be able to test ssh through the router using the nmap command from within your network. If that works you can check with your no-ip URL.

nmap WAN_IP_address -p 22

nmap no-ip_URL -p 22

I would add an address reservation in your routers DHCP setup. You might always see the same LAN address anyway but there is no guarantee.

jlinkels · 02-24-2018, 08:28 AM

You did not elaborate on the type of router you have. In some cases you must create a port forwarding rule, but also a rule which actually allows to pass that traffic through this forwarding rule.

Some routers do this implicitely (so you are not aware of it, you don't see it and you cannot change it), some routers do it automatically (like PFSense, and you cannot disable the rule) and some don't do it at all. Like IPtables. Are you sure the traffic is not only forwarded bu also allowed?

During testing, forget about no-ip DNS resolution. Use your IP address and once that works, you can use the name and see if it resolves properly. Likely it does, but exclude unknowns.

jlinkels

ethereal1m · 02-26-2018, 06:39 AM

hello... I ran nmap against the box from my other machine on LAN, and port 22 was open, which means firewall doesn't block the box and the router. However when I scan my WAN, it said port 22 was filtered, so were also other ports. I suspected that my modem did some kind of firewall, but when I disabled its firewall, it port was still filtered.

My router is cisco e1200,I don't know how to confirm if port forwarding works or not. Also my modem is technicolor cwa0101, seemed like this device did some port filtering, but not sure which one.

In my linux box ufw status is inactive and there is no policy in iptables -L.

So how can I pinpoint the cause of filtered port?

michaelk · 02-26-2018, 06:44 AM

Is the Technicolor also a router?

ethereal1m · 02-26-2018, 07:54 AM

Quote:

Originally Posted by michaelk

Is the Technicolor also a router?

it has 2 ports of LAN, 2 different networks, so it must be a router, right?

michaelk · 02-26-2018, 08:08 AM

Not enough information to say either way. A quick search did not pop up anything on that part number.

ethereal1m · 04-23-2018, 07:27 AM

hmm turn out that my ip provider block the port. So I use teamviewer instead....