LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Suse/Novell
User Name
Password
Suse/Novell This Forum is for the discussion of Suse Linux.

Notices

Reply
 
Search this Thread
Old 04-29-2006, 03:56 PM   #1
gboutwel
Member
 
Registered: May 2001
Location: Norton, KS
Distribution: Mandrake, Xandros, and Debian 3.0 (Woody) as a proxy
Posts: 103

Rep: Reputation: 15
Question Allowing SSH from Internet via router port forward.


I'm trying to allow SSH from the internet on an OpenSuSE 10.x box that sits behind an router/firewall. The router/firewall has been configured to port forward port 22 to the static ip configured on the OpenSuSE box. Now I need to know how best to configure the firewall so that it doesn't drop packets from the Internet. Here's the problem. I've added SSH as an Allowed port to the Interface for the External Zone. However, the External Zone as far as OpenSuSE is concerned is my private network. As a result I can SSH into it while I'm on my network, but when I try to SSH into it from the Internet, it drops, blocks or other ways the packets (it seems the router/firewall is literally forwarding the packets, not NATing them in any way). So how do I get OpenSuSE 10.x to allow these Internet connections?

It would be bad to disable the firewall all together. How can I re-define the External Zone to be the Internet, without messing up the network setting on that machine? Any direction, or help with using the YaST firewall configuration for this would be greatly appreciated.

Thanks,
 
Old 04-29-2006, 04:24 PM   #2
Brian1
Guru
 
Registered: Jan 2003
Location: Seymour, Indiana
Distribution: Distribution: RHEL 5 with Pieces of this and that. Kernel 2.6.23.1, KDE 3.5.8 and KDE 4.0 beta, Plu
Posts: 5,700

Rep: Reputation: 61
So you can get to the ssh server from another machine within your lan network correct?
But you cannot connect to it from the outside with port forwarding enabled on a store bought firewall/router correct?
First question is who is your internet provider?
It is possible that they block common ports so users cannot run servers unless you pay for the access. o test this goto http://www.hackerwatch.org/probe/ and see if it sees open ports on the router. If no ssh port 22 then it is not configured or is being block by provider. Either way set the external port to say 10022 to port forward to internal machine on port 22. No changes need to be made to ssh server just to the router. Then connect to port 10020 instaed of port 22 on the outside.

Brian1
 
Old 05-08-2006, 10:42 PM   #3
gboutwel
Member
 
Registered: May 2001
Location: Norton, KS
Distribution: Mandrake, Xandros, and Debian 3.0 (Woody) as a proxy
Posts: 103

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by Brian1
So you can get to the ssh server from another machine within your lan network correct?
But you cannot connect to it from the outside with port forwarding enabled on a store bought firewall/router correct?
First question is who is your internet provider?
It is possible that they block common ports so users cannot run servers unless you pay for the access. o test this goto http://www.hackerwatch.org/probe/ and see if it sees open ports on the router. If no ssh port 22 then it is not configured or is being block by provider. Either way set the external port to say 10022 to port forward to internal machine on port 22. No changes need to be made to ssh server just to the router. Then connect to port 10020 instaed of port 22 on the outside.
It's not the internet provider blocking... On an debian box connected at a different location I'm able to ssh to and from it regularly.

George
 
Old 05-08-2006, 11:17 PM   #4
ronban
Member
 
Registered: Aug 2005
Location: India
Distribution: Gentoo
Posts: 43

Rep: Reputation: 15
you can solve this one by handling the iptables manually. be it opensuse or any other distro's firewall or any other product everybody uses iptables. I bet you must have used the inbuilt feature of open suse firewall and set your box in the DMZ..(de militarized zone). So i can look into how configure open suse firewall to a much granular extent else you can try installing a simpler firewall like firestarter which accesses the same iptables of the system to get a clearer view of what is being dropped and you can just right click it and say allow. That should do it.. lastly u can take help iptable command line help and accept all conection with destination port 22.
 
Old 05-08-2006, 11:19 PM   #5
ronban
Member
 
Registered: Aug 2005
Location: India
Distribution: Gentoo
Posts: 43

Rep: Reputation: 15
maybe you can post tail -f var log messages while you try to connect to your system.. That will give a better explanation of whats happening inside
 
Old 05-09-2006, 10:59 PM   #6
crazibri
Member
 
Registered: Mar 2004
Location: Orange County, CA
Distribution: OS X, SuSE, RH, Debian, XP
Posts: 377

Rep: Reputation: 31
Check "netstat -ntap" for your Suse box. Then you can see what program is listening on what port... just to make sure you see 22 (or whatever port you configured) open.

Does your firewall have UDP and TCP blocked?

Also if you have a router (NAT) then I'd make sure you dont have multiple packets being forwarded to multiple IPs; some routers seem to have a problem with it.

Have you tried changing the port on SSHD to something different and configure the firewall and port forwarding w/ the new port? It may help.
 
  


Reply

Tags
firewall, forwarding, opensuse, port, ssh, yast


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
SSH port forward problem idsdown Linux - Networking 2 11-25-2005 12:47 AM
mp3 stream through ssh port forward??? nixmeister Linux - Networking 3 01-06-2005 11:48 AM
ssh port forward failure harmster Linux - Networking 2 03-08-2004 06:46 AM
apache, port-forward and router on same box quickbeam Linux - Networking 2 05-14-2002 08:54 AM
port forward over ssh bedwardj Linux - Security 1 06-26-2001 04:07 PM


All times are GMT -5. The time now is 07:52 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration