Connection Blocked to Kubuntu Server Outside Network
Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Connection Blocked to Kubuntu Server Outside Network
Hello:
I've recently turned an older PC into a linux box for the purpose of creating an online server with ftp and ssh capability and file sharing. I've installed Kubuntu 9.10 and I'm trying to ssh to the computer from outside the network.
I've install the openssh-client and openssh-server and I've created a static ip address, which works fine. I cannot ssh to the machine from outside the isp using either the direct ip address or hostname. The machine is connected to the internet via a Linksys Wireless G router, and I've edited the configuration settings to keep port 22 open for connect in the port server utility.
I've checked the ssh_config and sshd_config settings and port 22 is the default connection port, which is supposed to be open. I've run ifconfig and everything looks fine. I can connect to the computer using a machine connected to the same router, but other computers cannot access it. I want it to be visible to everyone.
Just to be sure, you are using the ip address assigned to you by the ISP, right? If so how are you testing? You need to test from another system not connected to your router, like the next door neighbor's system or a system at the library. Also are you sure the system that you are using to connect doesn't have port 22 blocked? Often public computers will block most ports including port 22. Is this a DSL or cable connection? Is the modem bridged? Or is it doing the PPPoE? If the modem is doing the PPPoE, do you have it configured to route traffic from your public IP address to the router IP address?
Probably other questions will become obvious once you answer those.
No, I'm using the ip address that I assigned to my server connected to my router. It works because I can connect to it using another computer linked to my router. Obviously I've used computers not connected to my router or using another ISP, and that doesn't work; hence, this is my problem that I'm trying to solve.
I'm using PuTTY to try to ssh to my server on my router using the computer NOT connected to my router and it fails. The default port is 22 using PuTTY and I'm able to connect to other machines using this port. I'm fairly certain that port 22 is open for my server (I added it in the port exclusion using my router) and it is set up this way in my ssh_config and sshd_config.
The connection is cable. I don't know if its bridged or PPPoE (I don't need to enter a password to access my connections).
Q: If the modem is doing the PPPoE, do you have it configured to route traffic from your public IP address to the router IP address?
A: I'm not sure... Is there a way to check this? I'll dig around and see what's up. My gut is that it has something to do with the router settings because I can connect to the machine doing ssh username@localhost or username@ipaddress with my computer on the same router. Do you agree? The issue is narrowing down the cause and finding a fix for it =[ Easier said then done.
Do you have any more suggestions? I would greatly appreciate them!
I was able to connect to my server using my router's ip address, but not the static ip address created in /etc/network/interfaces. I registered the router ip address with a hostname through dyndns, and wrote a perl script which updates the dynamic ip address hourly.
Now I have a new problem... it seems that since the hostname is linked to my router ip address, my other computer on my router cannot connect to it. The problem is that my static ip address on my server in /etc/network/interfaces is not visible outside the network, and the only way for others to connect to it is to use the router ip address, but this causes the computers on the router to be unable to connect to the server because it is already on the router.
You cannot get to the public IP address from inside your network, most likely. I've never understood this but that's the way it works. If you want to connect to your server from inside the network use the lan address.
For instance on my server, I have the local address as 192.168.2.50 and the public IP address is 208.65.90.2. So from a system on the 192.168.2 network I have to use 192.168.2.50, however if I'm on the internet from outside of this network I have to use 208.65.90.2.
If you want to avoid using the numbers you could always add an entry to your hosts table, for instance
192.168.2.50 myserver.com
That way you could ssh myserver.com. Otherwise you could set up a bind server locally.
This raises another question though: Suppose you have two servers connected to the same router that you want visible outside of your network. If you connect to the router ip address, how does it know which server to connect to? Furthermore, how would you go about setting this up so each server can be found outside of the network since the internal static ips are not visible?
It depends on how the router is configured. On my Linksys router I have port 80 assigned to port 80 on 192.168.2.50 and port 8180 assigned to .90. There is no way to have a second machine on the same port since it wouldn't know which one you wanted to connect to, as you suggested. If you want to run two servers you must put them on different ports. Since different services, ssh, http, https, ftp, etc. run on different ports, it's not uncommon to see a separate system for different services. If you want to run ssh to another system on your lan, change the port to something else like 9234 in /etc/ssh/sshd.conf on the other system. Of course you could always get to the second system by first ssh'ing to the routed system and ssh to the other one from there. If you're going to be doing a lot of working within your lan from the outside consider using VPN.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.