LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 04-30-2015, 09:16 AM   #16
dunnery
Member
 
Registered: May 2010
Location: East Stroudsburg
Distribution: Debian Jessie
Posts: 222

Original Poster
Rep: Reputation: 8

So first of all thank you for sticking with me on this. This is definitely an education....... And quickly becoming an obsession.
I installed the gufw and set it to allow incoming and outgoing. So in theory my computers firewall should be fine.

I'm going to write down the settings on my apple router and if you see anything weird can you please tell me.

The router is an AirPort Extreme
There is an option to 'allow set up over WAN which I don't have selected.
I'm connecting using DHCP
there is a subnet mask, an IPv4 address and a router address. ( what is a router address for?)

Router mode is - DHCP and NAT
DHCP range
DHCP reservations has nothing in it. It's blank.
Enable access control is unchecked ( when I check this it opens up a time limit to log in called timed access control)

Port settings
Description - remote login - ssh
Public TCP ports - 22
Private IP address - 10. Etc
Private TCP ports - 22
Firewall entry type - IPv4 port mapping (but it's greyed out)

Network options
DCHP lease - 1 day
IPv4 range 10. To 200
Enable NAT port mapping protocol is enabled
Enable default host at .... Is not checked

So these are the settings on the apple router. Is there anything weird that you can see on it?
Thanks guys
 
Old 04-30-2015, 09:18 AM   #17
dunnery
Member
 
Registered: May 2010
Location: East Stroudsburg
Distribution: Debian Jessie
Posts: 222

Original Poster
Rep: Reputation: 8
Btw. Both My musician friend in the UK and myself are using ubuntu studio.
 
Old 04-30-2015, 09:53 AM   #18
strick1226
Member
 
Registered: Feb 2005
Distribution: Arch, CentOS, Fedora, OS X, SLES, Ubuntu
Posts: 327

Rep: Reputation: 63
Quote:
Originally Posted by dunnery View Post
So first of all thank you for sticking with me on this. This is definitely an education....... And quickly becoming an obsession.
I installed the gufw and set it to allow incoming and outgoing. So in theory my computers firewall should be fine.
Great! At least we have that out of the way. One less thing to worry about...

Quote:
Originally Posted by dunnery View Post
There is an option to 'allow set up over WAN which I don't have selected.
Good, you don't need to enable that; it's really only useful if you were to trying to remotely connect to a Time Capsule (Airport Extreme w/integrated hard drive) or an external hard drive connected to a regular AE back at your house etc.

Quote:
Originally Posted by dunnery View Post
I'm connecting using DHCP
there is a subnet mask, an IPv4 address and a router address. ( what is a router address for?)
The router address is the actual "gateway" address your AE uses with the ISP.

Quote:
Originally Posted by dunnery View Post
Router mode is - DHCP and NAT
DHCP range
DHCP reservations has nothing in it. It's blank.
Enable access control is unchecked ( when I check this it opens up a time limit to log in called timed access control)
Again, these settings look OK. The only potential issue with not having a DHCP reservation for your laptop's Wifi adapter is that it may change over time--and if it does, the rule you configure to forward the SSH traffic will break, since it's no longer connecting to the correct IP address.
(For the time being, though, let's just see if we can get this functional, even just initially! )

Quote:
Originally Posted by dunnery View Post
Port settings
Description - remote login - ssh
Public TCP ports - 22
Private IP address - 10. Etc
Private TCP ports - 22
Firewall entry type - IPv4 port mapping (but it's greyed out)
Looks good here, provided the Private IP Address field contains the correct IP of your intended laptop (to verify: at a terminal on the laptop type "ifconfig wlan0" -- just to make sure nothing has changed there...)

Quote:
Originally Posted by dunnery View Post
Network options
DCHP lease - 1 day
IPv4 range 10. To 200
Enable NAT port mapping protocol is enabled
Enable default host at .... Is not checked
Again, I can't find any issues here.

The other possibility, then, is that your ISP may very well be blocking port 22 traffic (it happens).
To overcome this, you would need to try changing the incoming rule for port forwarding to receive it on a different port, and your friend in the UK will have to change the port he attempts to connect to your box to the same.

For instance, let's say you want to try TCP (not UDP) 222 instead of 22. In that case, return to the ACU and modify your existing "Remote Login - SSH" rule so that the Public TCP Ports is changed to 222. However, do NOT change the Private TCP ports setting--only the Public one, as your local laptop is still waiting to hear on the original port.

Once you've updated the rule and the AE applies the settings, your mate in Blighty would specify using port 222 instead of 22 on whatever client he's using when attempting to connect to your computer. If he's using a terminal in Ubuntu Studio then he would type "ssh -p 222 your.public.ip.address" to try connecting again.

Hopefully this makes sense? If not, let us know...


strick
 
1 members found this post helpful.
Old 04-30-2015, 01:14 PM   #19
dunnery
Member
 
Registered: May 2010
Location: East Stroudsburg
Distribution: Debian Jessie
Posts: 222

Original Poster
Rep: Reputation: 8
i reversed the situation and tried to log into his account in the uk. i got this. what does it mean
ssh: connect to host 192.168.1.91 port 22: No route to host
 
Old 04-30-2015, 01:22 PM   #20
strick1226
Member
 
Registered: Feb 2005
Distribution: Arch, CentOS, Fedora, OS X, SLES, Ubuntu
Posts: 327

Rep: Reputation: 63
The 192. network is a private one; it's nonroutable, so you can't just ssh to his private address.

He would need to set up things similarly on his end i.e. open his router and/or firewall to accept incoming SSH traffic on tcp/22, have it port-forwarded to his computer, and then you would try to connect to his computer not using his private 192.x address but, instead, his public one i.e. 5.57.x.x or whatever.
 
Old 04-30-2015, 01:39 PM   #21
EDDY1
LQ Addict
 
Registered: Mar 2010
Location: Oakland,Ca
Distribution: wins7, Debian wheezy
Posts: 6,838

Rep: Reputation: 649Reputation: 649Reputation: 649Reputation: 649Reputation: 649Reputation: 649
Wrong type of address, that would be local to the router. You need another you may be able to use I think it was whatsmyip.
 
Old 04-30-2015, 02:12 PM   #22
dunnery
Member
 
Registered: May 2010
Location: East Stroudsburg
Distribution: Debian Jessie
Posts: 222

Original Poster
Rep: Reputation: 8
is there a website that will test my incoming only? that way i wouldnt have to concern myself with his set up and at least find out if my router is allowing access to my persona;l ip

my isp didnt know if they were blocking port 22

im going to change my port to 222 and see if that works. the guy at the isp said he didnt know if they were blocking port 22. its worth a try

what is a website i can use to try and trace my ip and see whaere the trail ends?
 
Old 04-30-2015, 02:26 PM   #23
strick1226
Member
 
Registered: Feb 2005
Distribution: Arch, CentOS, Fedora, OS X, SLES, Ubuntu
Posts: 327

Rep: Reputation: 63
As EDDY1 said, you could try https://www.whatismyip.com/ ; that will tell you what your "public" IP address is -- and should be the one your friend is using to ssh to you.
 
Old 04-30-2015, 02:33 PM   #24
suicidaleggroll
LQ Guru
 
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 5,465

Rep: Reputation: 2069Reputation: 2069Reputation: 2069Reputation: 2069Reputation: 2069Reputation: 2069Reputation: 2069Reputation: 2069Reputation: 2069Reputation: 2069Reputation: 2069
FYI all - this is basically the same thread as the other one he created:
http://www.linuxquestions.org/questi...nd-4175540869/

At this point both threads are addressing the same problem. Merging them is probably a better idea than keeping them separate.
 
Old 04-30-2015, 02:38 PM   #25
strick1226
Member
 
Registered: Feb 2005
Distribution: Arch, CentOS, Fedora, OS X, SLES, Ubuntu
Posts: 327

Rep: Reputation: 63
I hadn't seen that thread -- thanks

Are we sure the ssh daemon is running on this target laptop? That's a biggie.
 
Old 04-30-2015, 02:49 PM   #26
dunnery
Member
 
Registered: May 2010
Location: East Stroudsburg
Distribution: Debian Jessie
Posts: 222

Original Poster
Rep: Reputation: 8
ok guys, i just had a huge breakthrough.
i changed the incoming port to 222 and i did a search on canyouseeme.org and for the first time I got SUCCESS!!!!!!!!!
my troubleshooting is not over but at least i have discovered that port 22 was blocked by my isp. when i type in port 22 it comes up as an error.

i have sent an email off to my friend in the uk so he can change his port to 222 and ill see if we can log in after that.
phew! this linux network ssh thing is some deep stuff.
i thank all of you for your selfless support. i will write as soon as i get in to the next batch of tests which hopefully will end in success.

one quick question.... if i have an account on my computer for him, in order for him to connect to his account on my computer he types friend@my.public.ip.address and then the password i gave him.

is this correct? because i dont want to make a mistake this far down the road. I believe thats what it is but can someone confirm it please. thank you.
 
Old 04-30-2015, 02:51 PM   #27
strick1226
Member
 
Registered: Feb 2005
Distribution: Arch, CentOS, Fedora, OS X, SLES, Ubuntu
Posts: 327

Rep: Reputation: 63
Awesome update! Glad to hear you're making some progress!!

Yes, that's correct: at a linux terminal he would type

Code:
england01:~$ ssh -p 222 friendsusername@your.public.ip.address
Don't let him forget that part that includes specifying a port other than the default, or he definitely won't be able to reach you.

Last edited by strick1226; 04-30-2015 at 02:54 PM. Reason: Partial success / no longer needed long-winded instructions
 
Old 04-30-2015, 02:51 PM   #28
dunnery
Member
 
Registered: May 2010
Location: East Stroudsburg
Distribution: Debian Jessie
Posts: 222

Original Poster
Rep: Reputation: 8
The other possibility, then, is that your ISP may very well be blocking port 22 traffic (it happens).
To overcome this, you would need to try changing the incoming rule for port forwarding to receive it on a different port, and your friend in the UK will have to change the port he attempts to connect to your box to the same.

strick did tell me!!!!!!!
 
Old 04-30-2015, 03:25 PM   #29
suicidaleggroll
LQ Guru
 
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 5,465

Rep: Reputation: 2069Reputation: 2069Reputation: 2069Reputation: 2069Reputation: 2069Reputation: 2069Reputation: 2069Reputation: 2069Reputation: 2069Reputation: 2069Reputation: 2069
FYI - You should probably not be using port 222. Ports 0-1023 are reserved for system services, and there's a pretty high chance of running into conflicts if you pick something in that range. User ports should be 1024 or higher. You can go all the way up to 65535, so there is plenty of room to pick something unique.
 
Old 04-30-2015, 03:30 PM   #30
suicidaleggroll
LQ Guru
 
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 5,465

Rep: Reputation: 2069Reputation: 2069Reputation: 2069Reputation: 2069Reputation: 2069Reputation: 2069Reputation: 2069Reputation: 2069Reputation: 2069Reputation: 2069Reputation: 2069
Quote:
Originally Posted by dunnery View Post
this linux network ssh thing is some deep stuff.
The funny thing is, very little of what you've been dealing with here has anything at all to do with Linux. You'd be running into the exact same set of issues if you were trying to expose literally any service to the web (FTP, HTTP, etc.), whether your server was running Linux, Windows, OS/X, or anything else.

All of the internal/external private/public IP confusion and port forwarding business is completely independent of what operating system you're using or what service you're trying to make public. The only Linux/SSH specific part of this setup has been which port you were trying to make public (SSH is 22, FTP is 21, HTTP is 80, and so on), and making sure your sshd daemon was running, which it has been from the start.

For example, say you wanted to allow remote desktop access to your Windows computer from outside your local network. Remote desktop uses port 3389, so you'd have to go into your router and add a new port forwarding rule to push any incoming connections on port 3389 to your Windows computer's private IP, and then from outside your network you would use a remote desktop client to connect to your public IP. You may run into ISP filtering there too, in which case you'd need to pick your own custom port, modify the port forwarding rule, etc.

Welcome to the wonderful world of computer networking

Last edited by suicidaleggroll; 04-30-2015 at 03:34 PM.
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How to username password and sort by weakest password rhbegin Programming 8 11-07-2012 08:39 AM
atheros AR9285 Router username and password information dwallace Linux - Newbie 3 07-07-2011 07:28 AM
username and password a7mlinux Linux - Security 14 08-11-2009 10:27 AM
Username/Password Help FindingWaldo763 Linux - Newbie 7 12-18-2005 07:15 PM
No username and password Tec1 Linux - Software 1 08-10-2003 09:38 AM


All times are GMT -5. The time now is 12:27 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration