[SOLVED] ssh connection timeout when trying to go through router
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
ssh connection timeout when trying to go through router
I am trying to set up an ssh server on my Debian squeeze box so that I can access it remotely when I'm not at home. I connect to the internet through an at&t 2wire modem/router. First off, I *can* ssh into the machine from inside the local network, e.g.
Code:
ssh 192.168.1.64
Also, I have configured the router to forward port 22 to my box. I checked that this works using a simple online port scanner (http://www.t1shopper.com/tools/port-scan/). Given all this, trying to ssh to the outside internet address gives
Code:
$ssh 99.*.*.*
ssh: connect to host 99.*.*.* port 22: Operation timed out
I read about this for hours now and I can't seem to find a solution. I am beginning to suspect it is a problem with my router/isp. One last thing that I tried, that I cannot interpret, is to run nmap on my external address:
Code:
$ nmap -PN -p 22 99.*.*.*
Starting Nmap 5.00 ( http://nmap.org ) at 2011-05-06 21:13 CDT
Interesting ports on 99.*.*.*.lightspeed.cicril.sbcglobal.net (99.*.*.*):
PORT STATE SERVICE
22/tcp filtered ssh
Nmap done: 1 IP address (1 host up) scanned in 2.12 seconds
Playing around with Nmap, I also found that it only sees port 50001 as open.
Looking at "getent services 5001", the service mentioned is complex-link.
That doesn't necessarily mean anything. It seems to be used by various instant messaging clients.
Quote:
Given all this, trying to ssh to the outside internet address gives
I take it you tried to ssh to your public IP from inside your lan.
This won't work from your current location. Go to a restaurant with free wifi and try to get in from a netbook or other wireless device to test it.
Also check if your modem blocks some outgoing ports as well. Some modems do.
I take it you tried to ssh to your public IP from inside your lan.
This won't work from your current location. Go to a restaurant with free wifi and try to get in from a netbook or other wireless device to test it.
I thought of this, so I got onto a neighbor's network and tried from there. Same behavior, so no dice.
The modem has a DMZ feature where it lets ALL traffic to one of the network computers. I tried that with my box and it seems to work, but it hardly seems like an ideal solution.
Quote:
Also check if your modem blocks some outgoing ports as well.
There are no settings for this, I have no idea how I could check. This *does* sound like what might be going on.
The modem setup will indicate if it does block outgoing connections. Another user quoted what his modem said, and it indicated that it was blocking outgoing connections as well as incoming.
Make sure that you haven't stopped the ssh service since you tested it on the LAN. I was going to suggest checking your computer's firewall, but if you can ssh from another computer on your LAN, the port is open. If you tested it from the same computer, it used localhost, and you could still have your firewall blocking the port.
You don't want to utilize the DMZ port. That will effectively be eliminating the NAT's firewall protection, and the other ports aren't as isolated from the LAN as they should be.
You might try using traceroute with the `-p 22' option from a remote location.
Some ISPs do their own NATing to share IP addresses, and so their customers can't utilize any incoming ports. This is more common with DSL providers and sometimes the customer even has an IP address in the 192.168 range.
---
When trying an ssh connection, use the -vv option. If you see any debug2 messages, they are from the target server, and it isn't a connection problem.
Try using the telnet client to test the connection. If you see something like:
Trying 192.168.1.106...
Connected to elite.
Escape character is '^]'.
SSH-2.0-OpenSSH_5.8
I finally gave up on using that crappy modem/router and did this: I attached an old router that I had to the Ethernet port of the modem, assigned it the DMZ port on the modem, and then connected my linux box to this router, on which port forwarding seems to work well. Thanks for your replies!
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.