LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices



Reply
 
Search this Thread
Old 06-28-2003, 03:15 PM   #1
mi6
Member
 
Registered: Jun 2003
Distribution: Fedora 9 64bit, RHEL 4.6
Posts: 96

Rep: Reputation: 15
Help with Port Forwarding for SSH


I am trying to access my home computer via SSH (putty) for remote locations.

I have a redhat 8 box at home with sshd running. I can access it via it's IP Address from other computers on the LAN.

I have a dynu.com domain that points to my wireless router. I am not sure what the lease time my ISP gives me, but I set up dynu utility to refresh every 5 minutes.

Because I am behind a wireless router, I assume I have to enable port 22 (ssh) to forward to my Redhat machine's IP address. I went through my router's config utility and forwarded (persistantly) port 22 to my target boxes IP. I also switched off DHCP on my router, because that would seem to nullify the port forwarding when the lease ran out.

I still cannot get putty to connect via the domain name. I get a connection refused each time.

I am sure that something I am configuring in the router is incorrect.

Here is my router's port forwarding setup:

Type=persistant
description=ssh
inbound port=22
type=tcp
private ip address=192.xxx.x.xx (my computers address)
private port=22 #I am sure this one is wrong

Anyone see where I am going wrong here? Or maybe you can elaborate on what I am misconfiguring?

Thanks

Last edited by mi6; 06-28-2003 at 03:17 PM.
 
Old 06-28-2003, 04:13 PM   #2
mi6
Member
 
Registered: Jun 2003
Distribution: Fedora 9 64bit, RHEL 4.6
Posts: 96

Original Poster
Rep: Reputation: 15
btw, when I ssh from my local lan and run netstat -an on the linux box I see that ports 22 and 1602 are open. Does that mean I need to port forward 1602 as well?
 
Old 06-29-2003, 01:50 PM   #3
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 65
You may need to open a firewall rule on the router and on the server machine as well.
 
Old 06-30-2003, 01:56 AM   #4
Robert0380
Guru
 
Registered: Apr 2002
Location: Atlanta
Distribution: Gentoo
Posts: 1,280

Rep: Reputation: 47
you might wanna see wha is on port 1602, that's no a common port (it could be but nothing i konw about ).
 
Old 07-29-2003, 01:31 PM   #5
bradut
LQ Newbie
 
Registered: Dec 2001
Location: London
Distribution: Debian Woody
Posts: 17

Rep: Reputation: 0
The only way I manage to get this working was by configuring the port redirecttion table (ssh|tcp|22|<i>private ip</i>|22 meaning -> service name|protocolpublic port|private ip|private port).
I have also added made the pc on which I am running sshd a dmz host, with dmz enabled on the router.
I don't know much about the dmz and it could be that just making the pc a dmz host would have work on its own, but that's my setup right now and it works.
 
Old 07-29-2003, 01:40 PM   #6
penguinz
Member
 
Registered: Feb 2003
Posts: 48

Rep: Reputation: 15
Quote:
Originally posted by bradut

I don't know much about the dmz and it could be that just making the pc a dmz host would have work on its own, but that's my setup right now and it works.
Putting it in the DMZ means it has no protection from the router. Has the same security as if you just put it directly on your inet connection.
 
Old 07-29-2003, 01:46 PM   #7
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 65
Quote:
Originally posted by penguinz
Putting it in the DMZ means it has no protection from the router. Has the same security as if you just put it directly on your inet connection.
In a word - "No"

You DMZ will usually have less protection than your LAN but more than the WAN. For instance if you want to receive mail from people outside your LAN they will need to be able to access your mail server. You can block access to the mail server ip appart from on port 25 if the connection comes from the WAN. However you may want to let the LAN users access a web based mail system too - in which case you would allow LAN traffic access to port 80 of the server as well.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
SSH Port Forwarding wwnexc Linux - Networking 4 09-29-2005 02:26 AM
SSH Port forwarding WRSpithead Linux - Networking 1 04-18-2005 05:09 AM
Port forwarding for ssh Adriaan Linux - Networking 1 03-08-2004 10:11 AM
Ssh port forwarding? J_Szucs Linux - Networking 1 10-29-2003 05:42 AM
SSH port forwarding tarballedtux Linux - Networking 2 05-29-2002 08:16 PM


All times are GMT -5. The time now is 05:51 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration