Help with Port Forwarding for SSH
I am trying to access my home computer via SSH (putty) for remote locations.
I have a redhat 8 box at home with sshd running. I can access it via it's IP Address from other computers on the LAN. I have a dynu.com domain that points to my wireless router. I am not sure what the lease time my ISP gives me, but I set up dynu utility to refresh every 5 minutes. Because I am behind a wireless router, I assume I have to enable port 22 (ssh) to forward to my Redhat machine's IP address. I went through my router's config utility and forwarded (persistantly) port 22 to my target boxes IP. I also switched off DHCP on my router, because that would seem to nullify the port forwarding when the lease ran out. I still cannot get putty to connect via the domain name. I get a connection refused each time. I am sure that something I am configuring in the router is incorrect. Here is my router's port forwarding setup: Type=persistant description=ssh inbound port=22 type=tcp private ip address=192.xxx.x.xx (my computers address) private port=22 #I am sure this one is wrong Anyone see where I am going wrong here? Or maybe you can elaborate on what I am misconfiguring? Thanks |
btw, when I ssh from my local lan and run netstat -an on the linux box I see that ports 22 and 1602 are open. Does that mean I need to port forward 1602 as well?
|
You may need to open a firewall rule on the router and on the server machine as well.
|
you might wanna see wha is on port 1602, that's no a common port (it could be but nothing i konw about ).
|
The only way I manage to get this working was by configuring the port redirecttion table (ssh|tcp|22|<i>private ip</i>|22 meaning -> service name|protocolpublic port|private ip|private port).
I have also added made the pc on which I am running sshd a dmz host, with dmz enabled on the router. I don't know much about the dmz and it could be that just making the pc a dmz host would have work on its own, but that's my setup right now and it works. |
Quote:
|
Quote:
You DMZ will usually have less protection than your LAN but more than the WAN. For instance if you want to receive mail from people outside your LAN they will need to be able to access your mail server. You can block access to the mail server ip appart from on port 25 if the connection comes from the WAN. However you may want to let the LAN users access a web based mail system too - in which case you would allow LAN traffic access to port 80 of the server as well. |
All times are GMT -5. The time now is 05:27 AM. |