Linux - Server This forum is for the discussion of Linux Software used in a server related context. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
12-23-2010, 05:31 AM
|
#1
|
LQ Newbie
Registered: Jul 2008
Distribution: Debian GNU/Linux
Posts: 8
Rep:
|
SSH - Not working on WAN
Hello,
I have an issue with ssh. Assume the following situation.
We have a LAN with 2 active PCs. One of them is running Windows and the other is running Debian Lenny 5.0.7 with ssh installed.
Using putty, i am able to connect with SSH to Debian from Windows using the local IP Address of Debian.
Also, i have the ability to ping Debian from any PC outside of the LAN network.
But, i cannot connect with SSH to Debian from any PC outside of the LAN network.
I port forward the port 22 to Debian from router's panel. I disabled the SPI. We have a BaudTec, model TW263R4-B2.
I have a similar router in my house and Debian Lenny installed, and i successfully connected with SSH from a PC outside of my local network.
If you have any clue on why this is happening, please reply.
Thanks in advance,
TzaB
|
|
|
12-23-2010, 05:43 AM
|
#2
|
Senior Member
Registered: Jul 2007
Distribution: Gentoo
Posts: 2,125
|
When you try to establish a connection, what error message are you getting? In your server's log, especially auth.log is it showing any sort of connection attempt and if so what is the result (error)? Try to telnet into the server on port 22. Do you get an SSH banner? Are you certain that when you 'ping' the internal host that you are not getting a response from the router instead?
|
|
|
12-23-2010, 06:49 AM
|
#3
|
LQ Newbie
Registered: Jul 2008
Distribution: Debian GNU/Linux
Posts: 8
Original Poster
Rep:
|
When i use the WAN IP to connect to Debian using putty from Windows, i get the error "Network error: Connection timed out".
I haven't any errors in /var/log/auth.log about this event.
When i use the LAN IP to connect to Debian using putty from Windows, i get the SSH Banner and i can log in successfully.
The content of auth.log about this event is the following:
Code:
debian sshd[2255]: Server listening on :: port 22
debian sshd[2255]: Server listening on 0.0.0.0 port 22
debian login[2806]: pam_unix(login:session): session opened for user root by LOGIN(uid=0)
debian login[2829]: ROOT LOGIN on `tty1`
debian sshd[2248]: Received signal 15; terminating.
debian sshd[2255]: Server listening on :: port 22
debian sshd[2255]: Server listening on 0.0.0.0 port 22
debian sshd[2926]: Accepted password for root from 192.168.1. port 3688 ssh2
pam_unix(sshd:session): session opened for user root by (uid=0)
When i tried to connect with telnet on port 22, putty opened up the console and after 30 seconds, made an error sound and disappeared.
About the ping thing, i don't know if i got the response from the router or from Debian. Can you tell me how i achieve this?
|
|
|
12-23-2010, 08:51 AM
|
#4
|
Senior Member
Registered: Jul 2007
Distribution: Gentoo
Posts: 2,125
|
It really looks like you are running into a firewall where the traffic is not going through to your server. The fact that your telnet fails and that your auth.log doesn't show a connection attempt further indicates that traffic can't make a connection on this port. It may be your local router, it may be a configuration in a managed switch, or it may even be something upstream in your ISP.
I am not sure that you can tell that you are getting a ping response from a machine behind a router. It will depend on the settings of your router and whether or not it passes on ICMP traffic. You stated that you had the ability to ping this machine, which is why I asked. You could try pinging it and then disconnecting the machine and pinging it again and see if you get a response the first time but not the second.
If you want to rule out your local router, I would temporarily bypass it and place the Debian machine directly on your Internet Connection or whatever is your next closest point to it.
|
|
|
12-23-2010, 09:04 AM
|
#5
|
Member
Registered: Feb 2010
Location: Raleigh, NC
Posts: 83
Rep:
|
While connecting from outside the LAN what is the output of: ssh -vvv <username>@<ip address>
|
|
|
12-24-2010, 05:46 AM
|
#6
|
LQ 5k Club
Registered: May 2001
Location: Belgium
Distribution: Arch
Posts: 8,529
|
Verify if your ISP doesn't block port 22
You can use nmap or
http://nmap-online.com/
to verify if port 22 is open and listening or not.
Quote:
About the ping thing, i don't know if i got the response from the router or from Debian. Can you tell me how i achieve this?
|
try traceroute
@Noway2, how will this help?
Kind regards
|
|
|
12-28-2010, 03:04 PM
|
#7
|
LQ Newbie
Registered: Jul 2008
Distribution: Debian GNU/Linux
Posts: 8
Original Poster
Rep:
|
As Noway2 and repo mentioned, the root of all evil is my ISP. I searched and i found that it blocks a number of ports for the security of its customers. When i disabled this service, i was able to connect through ssh to my Debian server.
I did the test in another network but with the same situation (same ISP in both networks). When i will have physical access to the network that i have the actual server, the one that i started this thread and the solution is the one that i wrote above, then i will mark this thread as solved
Thank you very much for your help!
|
|
|
12-28-2010, 09:44 PM
|
#8
|
Senior Member
Registered: Jul 2007
Distribution: Gentoo
Posts: 2,125
|
Quote:
(From Repo's post) try traceroute ... @Noway2, how will this help?
|
I am not entirely certain that it would and even when I initially suggested it, I was thinking it might be a bit of a long shot. The original post indicated that it was possible to successfully ping the server and my intent was to rule out wether or not it was the router responding to the public IP or if it were in fact the server responding. My thinking was that traceroute might show one of two things: a) that traffic is being stopped upstream somewhere in ISP land, b) that it might show the a hop through TzaB's router or show the traffic stopping at the router. In other words, helping to confirm whether or not traffic was getting all the way to the end server.
|
|
|
All times are GMT -5. The time now is 10:04 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|