Hi all.

I've got a dlink DI-614+ router that has port forwarded ("virtual server") port 22 so I can use ssh. Now, I can ssh into other computers on the router via 192.168.x.x, however, I cannot ssh into any computer outside of the network using an ip given to me via whatismyipaddress or dsnstuff about you. Any help would be appreciated.

So are you trying to SSH from the LAN to the EXTERNAL IP address of a NAT router? If so, that will never work for reasons inherent in the design of TCP.

Actually, I just tried that and, as I expected, it worked. My NATing router forwards incoming port 22 connections to my workstation. SSHing to the public IP address of that router results in an SSH connection to my own workstation from my own workstation.

But you don't need to setup forwarding of incoming connections in order to SSH out to an SSH server on the Internet. The plain old NAT that a consumer grade router does by default should enable that to work.

Could it be that the original poster has a firewall in place that is blocking outgoing SSH connections to non-local hosts?

Or could it be that the SSH server to which he is attempting to connect is itself behind a NATing router that is not configured to forward new connections to the box behind the router that is running sshd?

emmet: do you have multiple NAT routers? In most cases, you end up with a tcp reset, unless your router examines packets after doing the NAT. (Most examine incoming packets for forwarding BEFORE NAT, leaving the internal IP being passed to the port-forwarded connection)

No, just one router, a DLink. The model number escapes me and I'm not home, but it was the wireless gateway that was on the shelf that day in Radio Shack.

I have no idea who's network stack this particular DLink model uses, but I do know that on a Linux box engaged in forwarding packets (routing) and employing IPFILTER to do DNAT, the address translation is done on the PREROUTING chain of the nat table, which presumably occurs prior to routing.

Yes, for DNAT it is, but most Linux boxes doing home routing just do a MASQUERADE in the POSTROUTING chain, which poses the problem.

darkjeffro,

Make sure that the linux box is using the ip address of the D-Link router as it's default gateway, or that it has the IP address of the D-Link router as a default route in the routing table. If neither of these two conditions exist, your session will hit the box and then go nowhere because the linux box will have no route back to the source.

Also, what IP Address are you trying to connect to specifically?

Sorry for the delay

I'm trying to connect to a computer behind the NAT router via ssh. I use the ip given to me by any computer connected on the internet through the router. With that ip, I try to connect, but it doesn't quite work. Sometimes I can connect to the machine, sometimes I can't and I really don't know enough about networking to get around it. The address the computer that I want to connect to on the network is a generic 192.168.x.x number. Anything else would help. Thanks.

Oookay. Let's try a different approach.

To help out here, please answer the following in order:

#1 Can the linux box surf the net or ping something like www.google.com ?

#2 I am not sure I got this correctly, but you are saying that sometimes it works and other times
it doesn't?

#3 Are you trying to connect via the internet to 192.168.x.x where 'x' equals some numeric value?
If the answer to this question is "yes" this will NEVER work over the internet.

Yes to the first two questions. However, I'm trying to connect to machine behind the router from a different computer that is not on the router via ssh. I'm trying to use the IP I get for the router, not the 192.168.x.x number. Hope that helps.

I can't think of anything that would be preventing this from working then, especially intermittently except an issue with DNSSTUFF and Whatismyipaddress returning the wrong IP to you. Unless you have some hardware issue, like a flaky NIC or router, this should work like a charm.

Yeah, it stumps me too. It's weird how sometimes it will work, and other times I will get a connection refused, or connection timed out in PuTTY. Sometimes I can also get it to work if I change the firewall rules on my router to allow port 22, however, it seems like the router resets those rules whenever sshd is ran again or when there is a failed attempt to ssh into the machine, or when it has been successfully sshed into. Is there something about the DI-614+ that I don't know about that someone can help me with, or is there something in the sshd configuration file that will allow me to do this? Thanks for the help so far.

Okay, based on what you just described there, I'd really bet money on that router being the problem. Unless you can see a pattern as to when it will and won't let you connect, the logical answer is that the router is messing up. sshd configuration is static as is the list of firewall rules. There is nothing you can really do to either that is going to say "okay work now" and then later say "okay don't work". If you configure it to work, it works. Simple as that. There is no maybe, it's either on or off. If you are saying that the behavior you see occurs, then you change the router config and it works again for a while, then the router is definitely the key.
My recommendations at this point would be:
1) Borrow a friend's router if you can and try that
2) Call D-Link and have yours replaced
3) Buy a new one if need be. Most places let you return stuff in 30 days, so if that's not the problem you should be able to take it back.