ssh acces problem may be ipv6?
 

I have centos 5.5 in my lan behind the adsl modem/router I can acces sshd from lan but when i try to access from outside of lan i cannot.I have configured my router properly and tested it.I can acces vnc on xp machine on the same lan from outside of lan so there is no nat or port forwarding problem.when I netstat -nlp I get
tcp 0 0 0.0.0.0:5801 0.0.0.0:* LISTEN 3559/Xvnc
tcp 0 0 0.0.0.0:5901 0.0.0.0:* LISTEN 3559/Xvnc
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 3132/portmap
tcp 0 0 0.0.0.0:6001 0.0.0.0:* LISTEN 3559/Xvnc
tcp 0 0 0.0.0.0:817 0.0.0.0:* LISTEN 3179/rpc.statd
tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN 3848/dnsmasq
tcp 0 0 10.0.0.1:53 0.0.0.0:* LISTEN 3759/dnsmasq
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 3431/cupsd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 3463/sendmail: acce
tcp 0 0 :::6001 :::* LISTEN 3559/Xvnc
tcp 0 0 :::22 :::* LISTEN 3422/sshd
udp 0 0 0.0.0.0:811 0.0.0.0:* 3179/rpc.statd
udp 0 0 0.0.0.0:814 0.0.0.0:* 3179/rpc.statd
udp 0 0 192.168.122.1:53 0.0.0.0:* 3848/dnsmasq
udp 0 0 10.0.0.1:53 0.0.0.0:* 3759/dnsmasq
udp 0 0 0.0.0.0:67 0.0.0.0:* 3848/dnsmasq
udp 0 0 0.0.0.0:67 0.0.0.0:* 3759/dnsmasq
udp 0 0 0.0.0.0:68 0.0.0.0:* 4760/dhclient
udp 0 0 0.0.0.0:60381 0.0.0.0:* 3637/avahi-daemon:
udp 0 0 0.0.0.0:5353 0.0.0.0:* 3637/avahi-daemon:
udp 0 0 0.0.0.0:111 0.0.0.0:* 3132/portmap
udp 0 0 0.0.0.0:631 0.0.0.0:* 3431/cupsd
udp 0 0 :::5353 :::* 3637/avahi-daemon:
udp 0 0 :::37483 :::* 3637/avahi-daemon:



What is the meaning of :::* is is ipv6 ?If so How can i close it
Thanks

The standard port for ssh is 22. I don't see that in your listing.

Have a look at /etc/ssh/ssh_config. In that file the port can be defined. You do not have to use port 22, if you are not using port 22, you need to forward what ever port you are using, and make it match in the ssh config file.

As far as port forwarding in your router, have you got a rule set for your linux server pointing to the linux systems IP address? Is the linux IP address static?

As far as I know, for ipv6, :::* indicates all fields of 0's, repeated.

[solved]
 

I have solved my problem.I have disabled ipv6 modules and corrected gateway in the network configuration.Thanks

What ":::*" means in that context is "any address + any port". The initial "::" means the address. So "tcp 0 0 :::22 :::* LISTEN 3422/sshd" means listening on any address in IPv6 on port 22, and accept from any address in IPv6 from any port.

By default, a listen on "::" also listens on 0.0.0.0, so both IPv4 and IPv6 can be listened for on one socket, which is convenient for simple programs that are going to block in an accept() call. This can be seen by an attempt by ssh when doing port forwarding to listen to both "::" and 0.0.0.0 and getting a bind failure for the 0.0.0.0 because the port is busy with "::" on the same port. You can turn this behavior off with "echo 1 > /proc/sys/net/ipv6/bindv6only", in which case for a program to listen on both IPv6 and IPv4, it has to bind separate sockets to each, and do the appropriate blocking I/O on both sockets to wait for incoming connections on either.

Since I do see a listen on port 22, it's another issue. Your solution mentioned a gateway setting. If that was wrong, it should break a lot more than just ssh, relative to the internet. As for the IPv6 modules, I don't see how that would impact things if ssh was successfully bound to port 22 and listening (as your on-LAN connections worked with).

BTW, I recommend using a different port than 22, at least at the router side facing the internet. There are lots of crackpots scanning for weak passwords via ssh. Even if all your passwords are strong, this still makes for lots of noisy messages in logs, discouraging you from looking for legitimate breakins. Pick a different port not well known for any common service and use that for your ssh service facing the internet.