LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 09-15-2015, 04:25 PM   #1
johncroc
LQ Newbie
 
Registered: Mar 2015
Location: Flagstaff, AZ
Distribution: Ubuntu 14.04 (as of 3/26/2015)
Posts: 5

Rep: Reputation: Disabled
Port forwarding SSH (from outside my home network to one of the boxes inside my net)


I want to be able to SSH to my home computers when I am away from home. I have a Cisco/Linksys E4200. When I am away from home and issue a "ssh -p XXXXX john@XXX.XXX.XXX.XXX"(with the Xs replaced with the actual numbers, of course), I get a long pause followed by "ssh: connect to host XXX.XXX.XXX.XXX port XXXXX: Connection timed out"

I have set up a port-forward in the E4200 to forward from the external IPortnumber to port 22 of the internal machine to which I'm interested in connecting.

I'm not even sure how to begin troubleshooting. I thought it would just work...

TIA for your help!

JC
 
Old 09-15-2015, 04:38 PM   #2
Doug G
Member
 
Registered: Jul 2013
Posts: 749

Rep: Reputation: Disabled
Why are you specifying a different port? SSH by default uses port 22, and you say you forwarded port 22 to the target machine. Try it without specifying a different port, it should work as long as any firewall on the target allows ssh traffic.

If you are trying to have the router use a different external port than internal port, double-check your router port forwarding settings for internal/external port settings. Not all routers support port translation.

Last edited by Doug G; 09-15-2015 at 04:40 PM.
 
Old 09-16-2015, 03:37 AM   #3
Turbocapitalist
LQ Guru
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 7,528
Blog Entries: 4

Rep: Reputation: 3832Reputation: 3832Reputation: 3832Reputation: 3832Reputation: 3832Reputation: 3832Reputation: 3832Reputation: 3832Reputation: 3832Reputation: 3832Reputation: 3832
Can you connect from another machine on the same LAN? That would be the first thing to check.

Then are you trying to connect to the external IP from within the LAN or outside it? Not all routers support "hair pinning", so you may have to do your testing from another network outside the LAN if your model doesn't. Something to check.
 
Old 09-16-2015, 08:16 AM   #4
johncroc
LQ Newbie
 
Registered: Mar 2015
Location: Flagstaff, AZ
Distribution: Ubuntu 14.04 (as of 3/26/2015)
Posts: 5

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by Doug G View Post
Why are you specifying a different port? SSH by default uses port 22, and you say you forwarded port 22 to the target machine. Try it without specifying a different port, it should work as long as any firewall on the target allows ssh traffic.

If you are trying to have the router use a different external port than internal port, double-check your router port forwarding settings for internal/external port settings. Not all routers support port translation.
I want to assign individual ports (on the outside) that forward to individual machines inside. As an alternative, I figured I would not do port translation, routing all port 22 traffic to just one machine inside, and then SSH to the other machines from there...but I thought if I could get this working it would be a more elegant solution.

Yes, my router supports port translation. Well, at least the interface implies that it supports it; giving me fields into which I can specify the external port to be translated and internal port to which it should be translated.

Last edited by johncroc; 09-16-2015 at 08:25 AM.
 
Old 09-16-2015, 08:20 AM   #5
johncroc
LQ Newbie
 
Registered: Mar 2015
Location: Flagstaff, AZ
Distribution: Ubuntu 14.04 (as of 3/26/2015)
Posts: 5

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by Turbocapitalist View Post
Can you connect from another machine on the same LAN? That would be the first thing to check.

Then are you trying to connect to the external IP from within the LAN or outside it? Not all routers support "hair pinning", so you may have to do your testing from another network outside the LAN if your model doesn't. Something to check.
Yes, I can SSH to the machine from inside my network.

Yes, when I get the error message, I am trying to connect to my router's external IP from outside my LAN.

The question you haven't asked: Yes, I have verified that port 22 is not blocked on the external LAN from which I'm trying to connect (I can make other SSH connections from that LAN).
 
Old 09-16-2015, 09:17 AM   #6
Turbocapitalist
LQ Guru
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 7,528
Blog Entries: 4

Rep: Reputation: 3832Reputation: 3832Reputation: 3832Reputation: 3832Reputation: 3832Reputation: 3832Reputation: 3832Reputation: 3832Reputation: 3832Reputation: 3832Reputation: 3832
Quote:
Originally Posted by johncroc View Post
The question you haven't asked: Yes, I have verified that port 22 is not blocked on the external LAN from which I'm trying to connect (I can make other SSH connections from that LAN).
What about the incoming connections from the Internet to your router? Those are the ones that matter in this case. You can try looking with http://canyouseeme.org/ for an initial check. Some ISPs cause trouble and in those cases you'd need to pick some arbitrary high port and forward that to port 22 on your server.
 
Old 09-24-2015, 11:58 AM   #7
pingu_penguin
Member
 
Registered: Aug 2004
Location: pune
Distribution: Slackware
Posts: 364

Rep: Reputation: 61
Just a shot in the dark here, since you are trying to access via ip, you dont need dns ,try setting the "UseDNS" parameter to no in the /etc/ssh/sshd_config file of your ssh box and restart the ssh service. Additionally you may have to disable some authentication methods to test (like disable RSAAuthentication, RHostsAuthentication etc).

Last edited by pingu_penguin; 09-24-2015 at 12:05 PM.
 
Old 09-24-2015, 01:25 PM   #8
273
LQ Addict
 
Registered: Dec 2011
Location: UK
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680

Rep: Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373
Have you confirmed that the port is open on your router (that, for example, you haven't missed a tick-box somewhere) by going to somewhere like GRC's Shields UP! site and seeing whether it is open? That always helps me. Additionally it will let you know the external IP address if your network in case that's changed since you set it up or similar.
I forward a high port to port 22 on my Pi through my Virgin Media provided router and I've done it on Linksys and Belkin ones in the past to various machines so it can definitely be done.
When SSH is mentioned I always point out I would always run SSH on a non-standard high port if at all possible because I really don't like reading pages of logs looking for intrusion attempts which is what you get if you open a standard port to the internet. Using a non-standard port means it's only the bad guys who know a little that you have to watch out for not every two-bit script kiddy in the world.
 
Old 09-25-2015, 05:41 PM   #9
suicidaleggroll
LQ Guru
 
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 5,573

Rep: Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142
Which port did you use? I don't really care about the actual number, but you didn't happen to pick something that's used by another service, did you? Or one that your ISP blocks?

You could try disabling the port translation and just using 22, or modifying the sshd_config on your machine to listen to connections on both 22 and your high port and just forwarding the high port straight through on the router. That would eliminate any bugs in the router's port translation.

Have you checked your router's or your computer's security logs to see if a firewall config is blocking the connection attempts?

Last edited by suicidaleggroll; 09-25-2015 at 05:43 PM.
 
Old 09-26-2015, 10:51 AM   #10
johncroc
LQ Newbie
 
Registered: Mar 2015
Location: Flagstaff, AZ
Distribution: Ubuntu 14.04 (as of 3/26/2015)
Posts: 5

Original Poster
Rep: Reputation: Disabled
I finally figured it out...I think. I still need to test sometime when I'm away from my house.

I use a VPN. In fact, all of my servers are set up to auto-connect when they light up. My theory (and I'm darn near certain now that it's occurred to me) is that this machine's IP (for purposes of connecting to it from the outside world) is not what I think it is, it's the IP assigned by my VPN.

I'm going to disable the VPN and try again, and I'm betting everything will work as expected.

SMH. (I feel kinda stupid for forgetting that.) :-)
 
Old 09-26-2015, 11:02 AM   #11
suicidaleggroll
LQ Guru
 
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 5,573

Rep: Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142
VPN screws up a LOT of networking things like this, I tend to avoid it whenever possible.
 
Old 09-26-2015, 07:47 PM   #12
ericson007
Member
 
Registered: Sep 2004
Location: Japan
Distribution: CentOS 7.1
Posts: 735

Rep: Reputation: 154Reputation: 154
In the case of connecting with vpn first. I find it easiest to set vpn on a completely different subnet. You then must make sure to push route to your normal network to vpn clients as well as gateway etc, dns etc. Trying to run the two on the same subnet is a nightmare.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Iptables Port forwarding from inside also Cidi Rome Linux - Networking 8 03-25-2014 06:51 PM
2 linux boxes, proxy and ssh tunnel forwarding eddsstudio Linux - Newbie 3 05-25-2011 07:18 AM
how to SSH to work computer behind a firewall from home port forwarding not possible tkmsr Linux - Server 3 05-05-2010 12:20 PM
Connect from home to a computer inside an "external" LAN using port forwarding horacioemilio Linux - Networking 1 03-07-2008 03:36 AM
Testing Port Forwarding from inside network? humbletech99 Linux - Networking 2 07-08-2006 02:37 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 02:19 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration