Hello everybody,
I can not connect to my server over ssh from outside of my LAN.
Inside the LAN everything works perfectly. My firewall (iptables) is currently open for testing purposes as least as I can say with my little knowledge, my router is configured for port forwarding of port 22 and I can ping my dyndns hostname from the internet and it gives me the right IP.
Asking my ISP (Kabel BW, Germany) I have been told, no incoming or outgoing port is blocked by them (Can I trust their hotline? Who knows. Maybe we can find out together.)
Also I have similar trouble with a ftp server running on the same server where I can connect locally but not over the external address. Seems to me there is a general network config problem. But which?
I am at the end of what I can do or look into and need another pair of eyes on this.
This is my configuration (WAN stuff anonymized a little bit):
Debian Server (192.168.178.53, OpenSSH on port 22) => Router (Fritz!Box, 192.168.178.1, XXXXX.selfhost.me as dyndns hostname) => DSL Cable Modem (Provider is Kabel BW, ip is currently 95.208.xxx.xxx)
Client ip is 192.168.178.151 assigned with DHCP also hanging on the fritz!box over WLAN. The firewall of the client has also been shut down for the tests.
Following are some relevant outputs I get - If you miss anything helpful, just tell me:
ssh connects perfectly from inside the LAN:
Code:
# ssh me@192.168.178.53
Enter passphrase for key '/home/me/.ssh/id_rsa':
Linux [myserverhostname] 2.6.32-5-686 #1 SMP Sun May 6 04:01:19 UTC 2012 i686
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
You have new mail.
Last login: Wed Jul 4 14:48:52 2012 from [myclienthostname]
.. but from the outside:
Code:
# ssh -vvv XXXXX.selfhost.me
OpenSSH_5.5p1, OpenSSL 0.9.8o 01 Jun 2010
debug1: Reading configuration data /home/me/.ssh/config
debug2: ssh_connect: needpriv 0
debug1: Connecting to XXXXX.selfhost.me [95.208.xxx.xxx] port 22.
debug1: connect to address 95.208.xxx.xxx port 22: Connection timed out
ssh: connect to host XXXXX.selfhost.me port 22: Connection timed out
This is the client ssh config:
Code:
Host [myserverhostname]
HostName XXXXX.selfhost.me
User me
Port 22
ForwardAgent yes
ForwardX11 yes
The port forwarding config of my router (yes, I know TCP should do it for ssh):
Code:
Aktiv Caption Protokoll Port to IP-Address to Port
SSH TCP TCP 22 192.168.178.53 22
SSH UDP UDP 22 192.168.178.53 22
The server has only one network adapter eth0:
Code:
# ifconfig
eth0 Link encap:Ethernet Hardware Adresse 00:90:XX:XX:XX:XX
inet Adresse:192.168.178.53 Bcast:192.168.178.255 Maske:255.255.255.0
and the hosts files look correct to me:
Code:
#cat /etc/hosts.allow
ALL: LOCAL, .de, .ch, .me
the hosts.deny file is empty.
nmap gives me:
Code:
#nmap 192.168.178.53 -p22
Starting Nmap 5.21 ( http://nmap.org ) at 2012-07-04 20:12 Mitteleuropõische Som
merzeit
Nmap scan report for 192.168.178.53
Host is up (0.0046s latency).
PORT STATE SERVICE
22/tcp open ssh
MAC Address: 00:90:XX:XX:XX:XX
Nmap done: 1 IP address (1 host up) scanned in 1.09 seconds
#nmap XXXXX.selfhost.me -p22
Starting Nmap 5.21 ( http://nmap.org ) at 2012-07-04 20:14 Mitteleuropõische Sommerzeit
Nmap scan report for XXXXX.selfhost.me (95.208.xxx.xxx)
Host is up (0.0055s latency).
rDNS record for 95.208.xxx.xxx: HSI-KBW-095-208-xxx-xxx.hsi5.kabel-badenwuerttemberg.de
PORT STATE SERVICE
22/tcp filtered ssh
Nmap done: 1 IP address (1 host up) scanned in 1.20 seconds
but my firewall should be open:
Code:
# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp
ACCEPT tcp -- anywhere anywhere tcp
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp
ACCEPT udp -- anywhere anywhere udp
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp
ACCEPT udp -- anywhere anywhere udp
the route command output (I have not enough knowledge to interpret this):
Code:
# route -n
Kernel-IP-Routentabelle
Ziel Router Genmask Flags Metric Ref Use Iface
192.168.178.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
0.0.0.0 192.168.178.1 0.0.0.0 UG 0 0 0 eth0