Hi
I have been getting problems with SSH on my network. Basically:

• I can connect to an SSH server on my Windows computer, but not on Linux
• I can connect to my SSH server running on Ubuntu from my Windows computer (and on Localhost)
• Other people cannot connect to my SSH server from outside my internal network

What happens when I get problems, is it will ask for the password, and after the password is entered, SSH hangs. This happens when I try to SSH into other SSH servers, and when friends try to SSH into my server. If I check /var/log/auth.log I get

So obviously the connection is being made, but it seems to be hanging after the password has been sent. Am I correct in think that after the connection is made, ssh sessions run on a different port to 22 (here I can see port 1493 being used)? I had similar problems with FTP servers before, but only that friends could not ftp into me. However, again FTP servers worked on Windows before. I have had the same problems on all the distro's I have tried. This leads me to believe that these are problems with my router. I have DMZ turned on for my Ubuntu box on my router.

Any suggestions?

Thanks in advance, Tom.

The problem is too big right now. It would help to isolate some factors - i.e. remove the router from the equation. For now just test with computers within your internal network.

It's not clear to me from reading your post what you're even trying to do. Are you trying to ssh from your Windows box to your Ubuntu box? If so, which Windows client are you using?

The client-side port is 1493 (high-numbered, random port). The server-side port is whatever you set it at in the config file. By default that is 22.

I can ssh from my windows box to the linux box on the internal network, using PuTTY. The problems occur when using SSH on my Linux box to connect to something outside my network, or when someone tries to connect to my ssh server on my Linux box.

I agree with that now. You say you can ssh to the Ubuntu box from within your private network with no problems. And you can ssh to the Ubuntu box from external networks (i.e. authentication works), but then you experience a hang.

Make sure you don't have iptables/netfilter rules that could be interfering with the external connections to the Ubuntu box. Specifically, you should be allowing ESTABLISHED,RELATED connections on your INPUT chain for all IPs.

If that is not the problem, then it's time to play around with the ol' router.

No, there are no IP Tables rules that are blocking any traffic on port 22.

Any suggestions for what to set on the router? It seems weird that it is working for the Windows computer, but not for the Linux computer (especially seeing as the router is running Linux). FYI the router is a DLink something or another (I forget the model).

That's not what I meant - have a look at your iptables rules Make sure you have a rule that looks like: for your INPUT chain. If you don't, you'll need it. If Ubuntu uses some custom chains you'll want to take a look at those as well (it may be there).

If you do have that rule, then I'm not sure why your router is working correctly for the Windows box but not the Ubuntu box. Maybe there are some settings per IP that need to be tweaked. I won't be able to help with that - look at your router manual.

That command shows I have no rules in iptables.

How would I go about making that rule you suggested (I have no clue on iptables)?

You have no rules? What are the default policies on your chains? It might be easier if you just posted the output.

The nice thing is if your default policies are all ACCEPT, and there are no other rules, you can at least eliminate iptables/netfilter as a potential cause of the problem. Then it's probably time to look at the router.

iptables -nvL
on my router, the output of iptables -nvL is
(192.168.1.2 is this computer, 192.168.1.3 is the Windows computer)

I believe TCPMSS represents custom rules in your FORWARD chain. Did you create these router firewall rules yourself? (i.e. Can you blow them away and start from scratch, or are these rules important to your setup?)

As an aside, I'm curious as to why you're allowing telnet access.

In the router's configuration page, I set enabled DMZ for 192.168.1.2 (the Ubuntu computer), so I did not create these rules myself. I could create a backup of the firmware and try blowing these rules away.

I have telnet enabled because it only has web and telnet access, but telnet should only be enabled for the ubuntu box

tomj88, I am not sure what else to suggest at this point. Do you have a support contract or some such for that router?

Good luck. I'll be curious to read about if you get it corrected.

I've had the router for a while, so any support is going to cost too much to warrent the hastle, plus I doubt any of the technical support are going to know anything other than how to get dsl working. I might be better off just building a router out of cheap parts. Thanks for your help.