LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 12-23-2010, 05:31 AM   #1
TzaB
LQ Newbie
 
Registered: Jul 2008
Distribution: Debian GNU/Linux
Posts: 8

Rep: Reputation: 0
SSH - Not working on WAN


Hello,

I have an issue with ssh. Assume the following situation.
We have a LAN with 2 active PCs. One of them is running Windows and the other is running Debian Lenny 5.0.7 with ssh installed.

Using putty, i am able to connect with SSH to Debian from Windows using the local IP Address of Debian.
Also, i have the ability to ping Debian from any PC outside of the LAN network.
But, i cannot connect with SSH to Debian from any PC outside of the LAN network.

I port forward the port 22 to Debian from router's panel. I disabled the SPI. We have a BaudTec, model TW263R4-B2.

I have a similar router in my house and Debian Lenny installed, and i successfully connected with SSH from a PC outside of my local network.

If you have any clue on why this is happening, please reply.

Thanks in advance,
TzaB
 
Old 12-23-2010, 05:43 AM   #2
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Gentoo
Posts: 2,125

Rep: Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781
When you try to establish a connection, what error message are you getting? In your server's log, especially auth.log is it showing any sort of connection attempt and if so what is the result (error)? Try to telnet into the server on port 22. Do you get an SSH banner? Are you certain that when you 'ping' the internal host that you are not getting a response from the router instead?
 
Old 12-23-2010, 06:49 AM   #3
TzaB
LQ Newbie
 
Registered: Jul 2008
Distribution: Debian GNU/Linux
Posts: 8

Original Poster
Rep: Reputation: 0
When i use the WAN IP to connect to Debian using putty from Windows, i get the error "Network error: Connection timed out".
I haven't any errors in /var/log/auth.log about this event.

When i use the LAN IP to connect to Debian using putty from Windows, i get the SSH Banner and i can log in successfully.
The content of auth.log about this event is the following:
Code:
debian sshd[2255]: Server listening on :: port 22
debian sshd[2255]: Server listening on 0.0.0.0 port 22
debian login[2806]: pam_unix(login:session): session opened for user root by LOGIN(uid=0)
debian login[2829]: ROOT LOGIN on `tty1`
debian sshd[2248]: Received signal 15; terminating.
debian sshd[2255]: Server listening on :: port 22
debian sshd[2255]: Server listening on 0.0.0.0 port 22
debian sshd[2926]: Accepted password for root from 192.168.1. port 3688 ssh2
pam_unix(sshd:session): session opened for user root by (uid=0)
When i tried to connect with telnet on port 22, putty opened up the console and after 30 seconds, made an error sound and disappeared.

About the ping thing, i don't know if i got the response from the router or from Debian. Can you tell me how i achieve this?
 
Old 12-23-2010, 08:51 AM   #4
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Gentoo
Posts: 2,125

Rep: Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781
It really looks like you are running into a firewall where the traffic is not going through to your server. The fact that your telnet fails and that your auth.log doesn't show a connection attempt further indicates that traffic can't make a connection on this port. It may be your local router, it may be a configuration in a managed switch, or it may even be something upstream in your ISP.

I am not sure that you can tell that you are getting a ping response from a machine behind a router. It will depend on the settings of your router and whether or not it passes on ICMP traffic. You stated that you had the ability to ping this machine, which is why I asked. You could try pinging it and then disconnecting the machine and pinging it again and see if you get a response the first time but not the second.

If you want to rule out your local router, I would temporarily bypass it and place the Debian machine directly on your Internet Connection or whatever is your next closest point to it.
 
Old 12-23-2010, 09:04 AM   #5
jwl17330536
Member
 
Registered: Feb 2010
Location: Raleigh, NC
Posts: 83

Rep: Reputation: 22
While connecting from outside the LAN what is the output of: ssh -vvv <username>@<ip address>
 
Old 12-24-2010, 05:46 AM   #6
repo
LQ 5k Club
 
Registered: May 2001
Location: Belgium
Distribution: Arch
Posts: 8,529

Rep: Reputation: 899Reputation: 899Reputation: 899Reputation: 899Reputation: 899Reputation: 899Reputation: 899
Verify if your ISP doesn't block port 22
You can use nmap or
http://nmap-online.com/
to verify if port 22 is open and listening or not.
Quote:
About the ping thing, i don't know if i got the response from the router or from Debian. Can you tell me how i achieve this?
try traceroute

@Noway2, how will this help?

Kind regards
 
Old 12-28-2010, 03:04 PM   #7
TzaB
LQ Newbie
 
Registered: Jul 2008
Distribution: Debian GNU/Linux
Posts: 8

Original Poster
Rep: Reputation: 0
As Noway2 and repo mentioned, the root of all evil is my ISP. I searched and i found that it blocks a number of ports for the security of its customers. When i disabled this service, i was able to connect through ssh to my Debian server.

I did the test in another network but with the same situation (same ISP in both networks). When i will have physical access to the network that i have the actual server, the one that i started this thread and the solution is the one that i wrote above, then i will mark this thread as solved

Thank you very much for your help!
 
Old 12-28-2010, 09:44 PM   #8
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Gentoo
Posts: 2,125

Rep: Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781
Quote:
(From Repo's post) try traceroute ... @Noway2, how will this help?
I am not entirely certain that it would and even when I initially suggested it, I was thinking it might be a bit of a long shot. The original post indicated that it was possible to successfully ping the server and my intent was to rule out wether or not it was the router responding to the public IP or if it were in fact the server responding. My thinking was that traceroute might show one of two things: a) that traffic is being stopped upstream somewhere in ISP land, b) that it might show the a hop through TzaB's router or show the traffic stopping at the router. In other words, helping to confirm whether or not traffic was getting all the way to the end server.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
can't ssh from WAN baikonur Linux - Networking 6 07-24-2009 04:06 PM
ssh from LAN ok but not from WAN loanstocker Linux - Server 1 02-04-2009 04:44 AM
can't access ssh on wan wazilian Linux - Networking 0 06-02-2005 03:12 PM
FreeS/Wan Vs. OpenS/Wan Vs. StrongS/Wan bkankur Linux - Security 1 03-01-2005 10:27 AM
Cannot ssh from WAN to Mandrake 9.2 FatOldSun Linux - Newbie 2 02-12-2004 06:12 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 10:04 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration