Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
 |
GNU/Linux Basic Guide
This 255-page guide will provide you with the keys to understand the philosophy of free software, teach you how to use and handle it, and give you the tools required to move easily in the world of GNU/Linux. Many users and administrators will be taking their first steps with this GNU/Linux Basic guide and it will show you how to approach and solve the problems you encounter.
Click Here to receive this Complete Guide absolutely free. |
|
 |
04-09-2005, 07:52 PM
|
#1
|
|
LQ Newbie
Registered: Apr 2005
Posts: 3
Rep: 
|
ssh firewall
I want to ssh to a machine that is behind a firewall. I have port forwarding enabled on the firewall for port 22, and I can reach on the local network, but not from anywhere. I am sure there is an easy fix any help would be appreciated. I ssh 1**.***.***.184:192.168.0.101
|
|
|
|
|
04-09-2005, 08:49 PM
|
#2
|
|
Senior Member
Registered: Jan 2005
Location: Manalapan, NJ
Distribution: Fedora x86 and x86_64, Debian PPC and ARM, Android
Posts: 4,591
|
Does your system have its own firewall that needs SSH permitted? Your ssh syntax isn't correct; you just want
ssh 1**.***.***.184
The internal address will be taken care of by the port forwarding (that is, you should have port forwarded port 22 to 192.168.0.101).
|
|
|
|
|
04-09-2005, 09:43 PM
|
#3
|
|
LQ Newbie
Registered: Apr 2005
Posts: 3
Original Poster
Rep:
|
It is an external netgear router. The port forwarding just means that the router wont block or interfer with communication on that port, but not necessarilly only send it to that device. How do you specify which address downstream of the router will get the signal.
|
|
|
|
|
04-09-2005, 10:26 PM
|
#4
|
|
LQ Newbie
Registered: Dec 2004
Location: Osaka, Japan
Distribution: RedHat 8.0
Posts: 20
Rep: 
|
I can't speak for NetGear, but for most hardware NAT routers, 'port forwarding' usually means passing on requests on specific ports to specific IPs on the LAN (compare http://en.wikipedia.org/wiki/Port_forwarding and http://en.wikipedia.org/wiki/Network...ss_translation). I have a LinkSys router and the port forwarding is in their web interface under "Applications and Gaming", though it used to be somewhere else. If your router doesn't offer that now, check to see if there is a firmware upgrade that will allow it. This does mean, though, that if you have two computers running services on the same port (BitTorrent is the most frequent example), only one of them will get the inbound traffic. It also means that if you use DHCP, you will have to reset the IP in your NetGear control interface every time the IPs change or you will have to adopt static IPs for the machines being forwarded to (which is what I do). |
|
|
|
|
04-09-2005, 10:27 PM
|
#5
|
|
Senior Member
Registered: Jan 2005
Location: Manalapan, NJ
Distribution: Fedora x86 and x86_64, Debian PPC and ARM, Android
Posts: 4,591
|
Port forwarding sends data, directed to a given port, only to a specified PC (by definition). In the Netgear router, you need to specify the IP address of the internal PC that will receive traffic directed to port 22.
You will also need to disable DHCP (if enabled), and statically assign IP addresses on your PCs. Since you can only port forward to a specific IP, DHCP is incompatible with port forwarding (since it dynamically assigns IP addressess).
The configuration specifics for accomplishing these tasks should be in the manual that came with your router.
|
|
|
|
|
04-10-2005, 03:02 AM
|
#6
|
|
LQ Newbie
Registered: Apr 2005
Posts: 3
Original Poster
Rep:
|
Thank you. I set it up so it should work, but it isn't. I have port forwarding for port 22 to that computer and I checked its ip before I left. When I get back in town I'll assign it a static ip and see if that helps. Thank you.
|
|
|
|
|
04-11-2005, 09:01 AM
|
#7
|
|
Member
Registered: Mar 2005
Location: Scotland
Distribution: FC3
Posts: 39
Rep:
|
another wise move would be to change the port number sshd listens on. Make sure it is an unused port.
If you check your /etc/ssh/sshd_config you should find a segment of code that looks like:
Code:
#Port 22
#Protocol 2,1
#ListenAddress 0.0.0.0
#ListenAddress ::
Uncomment the first line, select a different port number. give your box a static ip and set your router to forward traffic on your chosen port to that ip address.
After that, you will need to restart sshd, in my distro it is
Code:
/etc/rc.d/init.d/sshd restart
|
|
|
|
| Thread Tools |
Search this Thread |
|
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT -5. The time now is 03:26 AM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
