Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
09-15-2015, 04:25 PM
|
#1
|
LQ Newbie
Registered: Mar 2015
Location: Flagstaff, AZ
Distribution: Ubuntu 14.04 (as of 3/26/2015)
Posts: 5
Rep:
|
Port forwarding SSH (from outside my home network to one of the boxes inside my net)
I want to be able to SSH to my home computers when I am away from home. I have a Cisco/Linksys E4200. When I am away from home and issue a "ssh -p XXXXX john@XXX.XXX.XXX.XXX"(with the Xs replaced with the actual numbers, of course), I get a long pause followed by "ssh: connect to host XXX.XXX.XXX.XXX port XXXXX: Connection timed out"
I have set up a port-forward in the E4200 to forward from the external IP ortnumber to port 22 of the internal machine to which I'm interested in connecting.
I'm not even sure how to begin troubleshooting. I thought it would just work...
TIA for your help!
JC
|
|
|
09-15-2015, 04:38 PM
|
#2
|
Member
Registered: Jul 2013
Posts: 749
Rep:
|
Why are you specifying a different port? SSH by default uses port 22, and you say you forwarded port 22 to the target machine. Try it without specifying a different port, it should work as long as any firewall on the target allows ssh traffic.
If you are trying to have the router use a different external port than internal port, double-check your router port forwarding settings for internal/external port settings. Not all routers support port translation.
Last edited by Doug G; 09-15-2015 at 04:40 PM.
|
|
|
09-16-2015, 03:37 AM
|
#3
|
LQ Guru
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 7,528
|
Can you connect from another machine on the same LAN? That would be the first thing to check.
Then are you trying to connect to the external IP from within the LAN or outside it? Not all routers support "hair pinning", so you may have to do your testing from another network outside the LAN if your model doesn't. Something to check.
|
|
|
09-16-2015, 08:16 AM
|
#4
|
LQ Newbie
Registered: Mar 2015
Location: Flagstaff, AZ
Distribution: Ubuntu 14.04 (as of 3/26/2015)
Posts: 5
Original Poster
Rep:
|
Quote:
Originally Posted by Doug G
Why are you specifying a different port? SSH by default uses port 22, and you say you forwarded port 22 to the target machine. Try it without specifying a different port, it should work as long as any firewall on the target allows ssh traffic.
If you are trying to have the router use a different external port than internal port, double-check your router port forwarding settings for internal/external port settings. Not all routers support port translation.
|
I want to assign individual ports (on the outside) that forward to individual machines inside. As an alternative, I figured I would not do port translation, routing all port 22 traffic to just one machine inside, and then SSH to the other machines from there...but I thought if I could get this working it would be a more elegant solution.
Yes, my router supports port translation. Well, at least the interface implies that it supports it; giving me fields into which I can specify the external port to be translated and internal port to which it should be translated.
Last edited by johncroc; 09-16-2015 at 08:25 AM.
|
|
|
09-16-2015, 08:20 AM
|
#5
|
LQ Newbie
Registered: Mar 2015
Location: Flagstaff, AZ
Distribution: Ubuntu 14.04 (as of 3/26/2015)
Posts: 5
Original Poster
Rep:
|
Quote:
Originally Posted by Turbocapitalist
Can you connect from another machine on the same LAN? That would be the first thing to check.
Then are you trying to connect to the external IP from within the LAN or outside it? Not all routers support "hair pinning", so you may have to do your testing from another network outside the LAN if your model doesn't. Something to check.
|
Yes, I can SSH to the machine from inside my network.
Yes, when I get the error message, I am trying to connect to my router's external IP from outside my LAN.
The question you haven't asked: Yes, I have verified that port 22 is not blocked on the external LAN from which I'm trying to connect (I can make other SSH connections from that LAN).
|
|
|
09-16-2015, 09:17 AM
|
#6
|
LQ Guru
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 7,528
|
Quote:
Originally Posted by johncroc
The question you haven't asked: Yes, I have verified that port 22 is not blocked on the external LAN from which I'm trying to connect (I can make other SSH connections from that LAN).
|
What about the incoming connections from the Internet to your router? Those are the ones that matter in this case. You can try looking with http://canyouseeme.org/ for an initial check. Some ISPs cause trouble and in those cases you'd need to pick some arbitrary high port and forward that to port 22 on your server.
|
|
|
09-24-2015, 11:58 AM
|
#7
|
Member
Registered: Aug 2004
Location: pune
Distribution: Slackware
Posts: 364
Rep:
|
Just a shot in the dark here, since you are trying to access via ip, you dont need dns ,try setting the "UseDNS" parameter to no in the /etc/ssh/sshd_config file of your ssh box and restart the ssh service. Additionally you may have to disable some authentication methods to test (like disable RSAAuthentication, RHostsAuthentication etc).
Last edited by pingu_penguin; 09-24-2015 at 12:05 PM.
|
|
|
09-24-2015, 01:25 PM
|
#8
|
LQ Addict
Registered: Dec 2011
Location: UK
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
|
Have you confirmed that the port is open on your router (that, for example, you haven't missed a tick-box somewhere) by going to somewhere like GRC's Shields UP! site and seeing whether it is open? That always helps me. Additionally it will let you know the external IP address if your network in case that's changed since you set it up or similar.
I forward a high port to port 22 on my Pi through my Virgin Media provided router and I've done it on Linksys and Belkin ones in the past to various machines so it can definitely be done.
When SSH is mentioned I always point out I would always run SSH on a non-standard high port if at all possible because I really don't like reading pages of logs looking for intrusion attempts which is what you get if you open a standard port to the internet. Using a non-standard port means it's only the bad guys who know a little that you have to watch out for not every two-bit script kiddy in the world.
|
|
|
09-25-2015, 05:41 PM
|
#9
|
LQ Guru
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 5,573
|
Which port did you use? I don't really care about the actual number, but you didn't happen to pick something that's used by another service, did you? Or one that your ISP blocks?
You could try disabling the port translation and just using 22, or modifying the sshd_config on your machine to listen to connections on both 22 and your high port and just forwarding the high port straight through on the router. That would eliminate any bugs in the router's port translation.
Have you checked your router's or your computer's security logs to see if a firewall config is blocking the connection attempts?
Last edited by suicidaleggroll; 09-25-2015 at 05:43 PM.
|
|
|
09-26-2015, 10:51 AM
|
#10
|
LQ Newbie
Registered: Mar 2015
Location: Flagstaff, AZ
Distribution: Ubuntu 14.04 (as of 3/26/2015)
Posts: 5
Original Poster
Rep:
|
I finally figured it out...I think. I still need to test sometime when I'm away from my house.
I use a VPN. In fact, all of my servers are set up to auto-connect when they light up. My theory (and I'm darn near certain now that it's occurred to me) is that this machine's IP (for purposes of connecting to it from the outside world) is not what I think it is, it's the IP assigned by my VPN.
I'm going to disable the VPN and try again, and I'm betting everything will work as expected.
SMH. (I feel kinda stupid for forgetting that.) :-)
|
|
|
09-26-2015, 11:02 AM
|
#11
|
LQ Guru
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 5,573
|
VPN screws up a LOT of networking things like this, I tend to avoid it whenever possible.
|
|
|
09-26-2015, 07:47 PM
|
#12
|
Member
Registered: Sep 2004
Location: Japan
Distribution: CentOS 7.1
Posts: 735
Rep:
|
In the case of connecting with vpn first. I find it easiest to set vpn on a completely different subnet. You then must make sure to push route to your normal network to vpn clients as well as gateway etc, dns etc. Trying to run the two on the same subnet is a nightmare.
|
|
|
All times are GMT -5. The time now is 02:19 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|