LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Suse/Novell (http://www.linuxquestions.org/questions/suse-novell-60/)
-   -   Allowing SSH from Internet via router port forward. (http://www.linuxquestions.org/questions/suse-novell-60/allowing-ssh-from-internet-via-router-port-forward-440099/)

gboutwel 04-29-2006 03:56 PM

Allowing SSH from Internet via router port forward.
 
I'm trying to allow SSH from the internet on an OpenSuSE 10.x box that sits behind an router/firewall. The router/firewall has been configured to port forward port 22 to the static ip configured on the OpenSuSE box. Now I need to know how best to configure the firewall so that it doesn't drop packets from the Internet. Here's the problem. I've added SSH as an Allowed port to the Interface for the External Zone. However, the External Zone as far as OpenSuSE is concerned is my private network. As a result I can SSH into it while I'm on my network, but when I try to SSH into it from the Internet, it drops, blocks or other ways the packets (it seems the router/firewall is literally forwarding the packets, not NATing them in any way). So how do I get OpenSuSE 10.x to allow these Internet connections?

It would be bad to disable the firewall all together. How can I re-define the External Zone to be the Internet, without messing up the network setting on that machine? Any direction, or help with using the YaST firewall configuration for this would be greatly appreciated.

Thanks,

Brian1 04-29-2006 04:24 PM

So you can get to the ssh server from another machine within your lan network correct?
But you cannot connect to it from the outside with port forwarding enabled on a store bought firewall/router correct?
First question is who is your internet provider?
It is possible that they block common ports so users cannot run servers unless you pay for the access. o test this goto http://www.hackerwatch.org/probe/ and see if it sees open ports on the router. If no ssh port 22 then it is not configured or is being block by provider. Either way set the external port to say 10022 to port forward to internal machine on port 22. No changes need to be made to ssh server just to the router. Then connect to port 10020 instaed of port 22 on the outside.

Brian1

gboutwel 05-08-2006 10:42 PM

Quote:

Originally Posted by Brian1
So you can get to the ssh server from another machine within your lan network correct?
But you cannot connect to it from the outside with port forwarding enabled on a store bought firewall/router correct?
First question is who is your internet provider?
It is possible that they block common ports so users cannot run servers unless you pay for the access. o test this goto http://www.hackerwatch.org/probe/ and see if it sees open ports on the router. If no ssh port 22 then it is not configured or is being block by provider. Either way set the external port to say 10022 to port forward to internal machine on port 22. No changes need to be made to ssh server just to the router. Then connect to port 10020 instaed of port 22 on the outside.

It's not the internet provider blocking... On an debian box connected at a different location I'm able to ssh to and from it regularly.

George

ronban 05-08-2006 11:17 PM

you can solve this one by handling the iptables manually. be it opensuse or any other distro's firewall or any other product everybody uses iptables. I bet you must have used the inbuilt feature of open suse firewall and set your box in the DMZ..(de militarized zone). So i can look into how configure open suse firewall to a much granular extent else you can try installing a simpler firewall like firestarter which accesses the same iptables of the system to get a clearer view of what is being dropped and you can just right click it and say allow. That should do it.. lastly u can take help iptable command line help and accept all conection with destination port 22.

ronban 05-08-2006 11:19 PM

maybe you can post tail -f var log messages while you try to connect to your system.. That will give a better explanation of whats happening inside

crazibri 05-09-2006 10:59 PM

Check "netstat -ntap" for your Suse box. Then you can see what program is listening on what port... just to make sure you see 22 (or whatever port you configured) open.

Does your firewall have UDP and TCP blocked?

Also if you have a router (NAT) then I'd make sure you dont have multiple packets being forwarded to multiple IPs; some routers seem to have a problem with it.

Have you tried changing the port on SSHD to something different and configure the firewall and port forwarding w/ the new port? It may help.


All times are GMT -5. The time now is 05:35 AM.