Port forwarding not allowed when client is inside the LAN

xri · 11-12-2014, 05:37 PM

This router is a Netgear WNDR3700v4, and for now, I keep the default settings.
Inside the LAN, there is my host 'vvv', with this IP:192.168.2.4
In order to connect to this box through ssh from the outside, I have forwarded its port 22 to the router port 8924.
So, from an outside computer, I get:

Quote:

$ ssh -vv -p8924 xri.is-a-geek.com
OpenSSH_6.7p1, OpenSSL 1.0.1j 15 Oct 2014
debug1: Reading configuration data /home/xri/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to xri.is-a-geek.com [97.11.124.79] port 8924.
debug1: Connection established.
debug1: identity file /home/xri/.ssh/id_rsa type 1
etc [it connects without a problem]

When I try the same from another box inside the local network:

Quote:

$ ssh -vv -p8924 xri.is-a-geek.com
OpenSSH_6.7p1, OpenSSL 1.0.1j 15 Oct 2014
debug1: Reading configuration data /home/xri/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to xri.is-a-geek.com [97.11.124.79] port 8924.
debug1: connect to address 97.11.124.79 port 8924: Connection refused
ssh: connect to host xri.is-a-geek.com port 8924: Connection refused

With my previous router I didn't have this problem. I've been looking in the manual, but I do not see any specific setting or solution to allow inside computers use the same ports as outside computers do, for ssh.
Could you give me a hint here? What to read? What to look for?
Thanks for reading this.

suicidaleggroll · 11-12-2014, 07:13 PM

Sounds like a loopback problem. Some routers/modems block loopback connections (connecting to your own WAN IP from inside the LAN). You should check if there's an option to enable/disable this, but if not, you may be out of luck.

BTW - I hope you changed the URL, IP, username, and port numbers in your post, otherwise everybody in the world now knows how to hit the ssh server on your box, AND a valid username to use.

xri · 11-13-2014, 06:40 PM

Thanks for your prompt answer.
I'll keep looking and playing with it.
BTW all my posts are carefully sanitized

descendant_command · 11-13-2014, 08:50 PM

Set an entry to resolve your domain name to the local IP in either your local DNS or your hosts file.

xri · 11-17-2014, 12:35 PM

Thank you, descendant_command.
I followed your advise, and the result is exactly the same

descendant_command · 11-17-2014, 12:51 PM

You'll need to connect to port 22, unless you've set sshd to listen on 8924 as well.

michaelk · 11-17-2014, 01:19 PM

I have a Netgear WNDR3700v3 and can ssh from inside the LAN using my external IP address so unless there is a big difference in firmware there should not be a loopback problem. I forward the same port number but that should not be a problem either.

You have not posted enough information but are you using keys or typing in a password? Is the local and outside computer the same except for "location". If different, have you verified that both are configured the same?

I assume you can ssh from within the LAN i.e. using its local IP address and port 22 from the same box that fails using your external URL.

linuxgurusa · 11-18-2014, 06:24 AM

HI there

You specified the forwarding port in both examples, surely one must be port 22 and the other one 8924 ?
From outside port 22, which then goes inside on port 8924
So when you inside the network, use port 8924

??

xri · 11-18-2014, 10:59 PM

Thank you for the replies.
The line on my original post is part of a script that I use in every case (the client computer is a laptop). It used to work on both locations (inside the LAN and away from it). Now it does not.
@michaelk, the fact that you have no problems using the outside port when you are inside strongly suggests that my issue has to do with the router configs. I will take a further look; I must have missed something...