LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 04-09-2005, 07:52 PM   #1
jumbled
LQ Newbie
 
Registered: Apr 2005
Posts: 3

Rep: Reputation: 0
ssh firewall


I want to ssh to a machine that is behind a firewall. I have port forwarding enabled on the firewall for port 22, and I can reach on the local network, but not from anywhere. I am sure there is an easy fix any help would be appreciated. I ssh 1**.***.***.184:192.168.0.101
 
Old 04-09-2005, 08:49 PM   #2
macemoneta
Senior Member
 
Registered: Jan 2005
Location: Manalapan, NJ
Distribution: Fedora x86 and x86_64, Debian PPC and ARM, Android
Posts: 4,593
Blog Entries: 2

Rep: Reputation: 326Reputation: 326Reputation: 326Reputation: 326
Does your system have its own firewall that needs SSH permitted? Your ssh syntax isn't correct; you just want

ssh 1**.***.***.184

The internal address will be taken care of by the port forwarding (that is, you should have port forwarded port 22 to 192.168.0.101).
 
Old 04-09-2005, 09:43 PM   #3
jumbled
LQ Newbie
 
Registered: Apr 2005
Posts: 3

Original Poster
Rep: Reputation: 0
It is an external netgear router. The port forwarding just means that the router wont block or interfer with communication on that port, but not necessarilly only send it to that device. How do you specify which address downstream of the router will get the signal.
 
Old 04-09-2005, 10:26 PM   #4
stutterbug
LQ Newbie
 
Registered: Dec 2004
Location: Osaka, Japan
Distribution: RedHat 8.0
Posts: 20

Rep: Reputation: 1
I can't speak for NetGear, but for most hardware NAT routers, 'port forwarding' usually means passing on requests on specific ports to specific IPs on the LAN (compare http://en.wikipedia.org/wiki/Port_forwarding and http://en.wikipedia.org/wiki/Network...ss_translation). I have a LinkSys router and the port forwarding is in their web interface under "Applications and Gaming", though it used to be somewhere else. If your router doesn't offer that now, check to see if there is a firmware upgrade that will allow it. This does mean, though, that if you have two computers running services on the same port (BitTorrent is the most frequent example), only one of them will get the inbound traffic. It also means that if you use DHCP, you will have to reset the IP in your NetGear control interface every time the IPs change or you will have to adopt static IPs for the machines being forwarded to (which is what I do).
 
Old 04-09-2005, 10:27 PM   #5
macemoneta
Senior Member
 
Registered: Jan 2005
Location: Manalapan, NJ
Distribution: Fedora x86 and x86_64, Debian PPC and ARM, Android
Posts: 4,593
Blog Entries: 2

Rep: Reputation: 326Reputation: 326Reputation: 326Reputation: 326
Port forwarding sends data, directed to a given port, only to a specified PC (by definition). In the Netgear router, you need to specify the IP address of the internal PC that will receive traffic directed to port 22.

You will also need to disable DHCP (if enabled), and statically assign IP addresses on your PCs. Since you can only port forward to a specific IP, DHCP is incompatible with port forwarding (since it dynamically assigns IP addressess).

The configuration specifics for accomplishing these tasks should be in the manual that came with your router.
 
Old 04-10-2005, 03:02 AM   #6
jumbled
LQ Newbie
 
Registered: Apr 2005
Posts: 3

Original Poster
Rep: Reputation: 0
Thank you. I set it up so it should work, but it isn't. I have port forwarding for port 22 to that computer and I checked its ip before I left. When I get back in town I'll assign it a static ip and see if that helps. Thank you.
 
Old 04-11-2005, 09:01 AM   #7
paul_dundee
Member
 
Registered: Mar 2005
Location: Scotland
Distribution: FC3
Posts: 39

Rep: Reputation: 15
another wise move would be to change the port number sshd listens on. Make sure it is an unused port.

If you check your /etc/ssh/sshd_config you should find a segment of code that looks like:
Code:
#Port 22
#Protocol 2,1
#ListenAddress 0.0.0.0
#ListenAddress ::
Uncomment the first line, select a different port number. give your box a static ip and set your router to forward traffic on your chosen port to that ip address.

After that, you will need to restart sshd, in my distro it is
Code:
/etc/rc.d/init.d/sshd restart
 
  


Reply

Tags
ssh


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
SSH behind firewall kamransoomro84 Linux - General 9 06-22-2009 11:32 PM
ssh firewall sanjibgupta Linux - Security 1 09-23-2005 09:59 AM
SSH through a firewall 09kevin77 Linux - Security 13 06-04-2005 08:21 AM
Ssh behind a firewall muneebs Linux - Newbie 3 02-03-2005 07:36 PM
SSH behind a firewall fedenini Linux - Networking 4 08-26-2004 11:57 AM


All times are GMT -5. The time now is 07:51 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration