[SOLVED] ssh stopped accepting connections after port change

HogFather · 12-20-2012, 02:39 PM

Hello all,

I have the following issue - after i changed my port of ssh to 2222, it stopped accepting connections from the outside world

Before that it was OK on port 22, but i'm recieving a lot of brute force attacks, so i decide to minimize the automatic attacks by changing the port. Now i can ssh only from my internal network. Here is some info:

Server Slackware 13.37
running L.A.M.P.; Nagios, ftp, ssh, simple firewall(currently stopped)
The server is then connected to a router and has a firewall with masquarade

sshd_config:

Code:

Port 2222
#AddressFamily any  
#ListenAddress 0.0.0.0
#ListenAddress ::

# The default requires explicit activation of protocol 1
Protocol 2

netstat:

Code:

netstat -ntlp | grep 2222
tcp        0      0 0.0.0.0:2222            0.0.0.0:*               LISTEN      1592/sshd           
tcp        0      0 :::2222                 :::*                    LISTEN      1592/sshd

firewall-stat:

Code:

Chain POSTROUTING (policy ACCEPT 36 packets, 3413 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1    16358 1200K MASQUERADE  all  --  *      eth0    0.0.0.0/0            0.0.0.0/0 

iptables.filter:
Chain INPUT (policy ACCEPT 20855 packets, 2090K bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1       15  1083 fail2ban-BadBots  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           multiport dports 80,443 
2      228 16770 fail2ban-SSH  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:2222

nmap:

Code:

Nmap scan report for MyServer (ip-of-server)
Host is up.
PORT     STATE    SERVICE
2222/tcp filtered EtherNet/IP-1

I tried banner grabbing with telnet, but i didn't get results (i guess because it's filtered

)

i know i'm missing something, just don't see what is it

Any help is appreciated.
regards

heinblöd · 12-21-2012, 03:11 AM

Just a guess, but what about the router ? Maybe you need a NAT rule for port 2222 for it ?

jschiwal · 12-21-2012, 03:48 AM

Is the router connected to only the server (or routes all internet traffic to the server)? Or does it forward port 2222 traffic to the server? Is port 2222 open on the router?

Quote:

The server is then connected to a router and has a firewall with masquarade

Which has the firewall you are describing, the server or the router? I read it as the server.

It appears that Internet traffic is handled the same as LAN traffic. Since ssh on port 2222 works from LAN hosts, I suspect that Internet traffic on port 2222 isn't reaching the server.

So my advice is the same as heinblod's, but I wanted to add that a default ACCEPT policy for the INPUT chain isn't a good idea.

HogFather · 12-21-2012, 04:02 AM

Quote:

Originally Posted by jschiwal

Is the router connected to only the server or do you forward port 2222 traffic to the server? Is port 2222 open on the router?

The rouoter is after the server. So when i ssh, i ssh directly to the server. I have a laptob that is connected to router and i have no trouble connecting to the server from the internal network.
I could change the connection setting and put the router in fron of the network, but it's an old router and i prefer the server to be the firs

HogFather · 12-21-2012, 05:38 AM

Hi guys,

Turns out the the office network was filtering the non-standart ports. I tried from different network and it works

I guess i had to do some putty tunneling now

Thanks and sorry for wasting your time

Happy Holidays