LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (http://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Help with Port Forwarding for SSH (http://www.linuxquestions.org/questions/linux-networking-3/help-with-port-forwarding-for-ssh-68690/)

mi6 06-28-2003 03:15 PM

Help with Port Forwarding for SSH
 
I am trying to access my home computer via SSH (putty) for remote locations.

I have a redhat 8 box at home with sshd running. I can access it via it's IP Address from other computers on the LAN.

I have a dynu.com domain that points to my wireless router. I am not sure what the lease time my ISP gives me, but I set up dynu utility to refresh every 5 minutes.

Because I am behind a wireless router, I assume I have to enable port 22 (ssh) to forward to my Redhat machine's IP address. I went through my router's config utility and forwarded (persistantly) port 22 to my target boxes IP. I also switched off DHCP on my router, because that would seem to nullify the port forwarding when the lease ran out.

I still cannot get putty to connect via the domain name. I get a connection refused each time.

I am sure that something I am configuring in the router is incorrect.

Here is my router's port forwarding setup:

Type=persistant
description=ssh
inbound port=22
type=tcp
private ip address=192.xxx.x.xx (my computers address)
private port=22 #I am sure this one is wrong

Anyone see where I am going wrong here? Or maybe you can elaborate on what I am misconfiguring?

Thanks

mi6 06-28-2003 04:13 PM

btw, when I ssh from my local lan and run netstat -an on the linux box I see that ports 22 and 1602 are open. Does that mean I need to port forward 1602 as well?

david_ross 06-29-2003 01:50 PM

You may need to open a firewall rule on the router and on the server machine as well.

Robert0380 06-30-2003 01:56 AM

you might wanna see wha is on port 1602, that's no a common port (it could be but nothing i konw about ).

bradut 07-29-2003 01:31 PM

The only way I manage to get this working was by configuring the port redirecttion table (ssh|tcp|22|<i>private ip</i>|22 meaning -> service name|protocolpublic port|private ip|private port).
I have also added made the pc on which I am running sshd a dmz host, with dmz enabled on the router.
I don't know much about the dmz and it could be that just making the pc a dmz host would have work on its own, but that's my setup right now and it works.

penguinz 07-29-2003 01:40 PM

Quote:

Originally posted by bradut

I don't know much about the dmz and it could be that just making the pc a dmz host would have work on its own, but that's my setup right now and it works.

Putting it in the DMZ means it has no protection from the router. Has the same security as if you just put it directly on your inet connection.

david_ross 07-29-2003 01:46 PM

Quote:

Originally posted by penguinz
Putting it in the DMZ means it has no protection from the router. Has the same security as if you just put it directly on your inet connection.
In a word - "No"

You DMZ will usually have less protection than your LAN but more than the WAN. For instance if you want to receive mail from people outside your LAN they will need to be able to access your mail server. You can block access to the mail server ip appart from on port 25 if the connection comes from the WAN. However you may want to let the LAN users access a web based mail system too - in which case you would allow LAN traffic access to port 80 of the server as well.


All times are GMT -5. The time now is 05:36 PM.