SUSE / openSUSE This Forum is for the discussion of Suse Linux. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
04-29-2006, 03:56 PM
|
#1
|
Member
Registered: May 2001
Location: Norton, KS
Distribution: Mandrake, Xandros, and Debian 3.0 (Woody) as a proxy
Posts: 103
Rep:
|
Allowing SSH from Internet via router port forward.
I'm trying to allow SSH from the internet on an OpenSuSE 10.x box that sits behind an router/firewall. The router/firewall has been configured to port forward port 22 to the static ip configured on the OpenSuSE box. Now I need to know how best to configure the firewall so that it doesn't drop packets from the Internet. Here's the problem. I've added SSH as an Allowed port to the Interface for the External Zone. However, the External Zone as far as OpenSuSE is concerned is my private network. As a result I can SSH into it while I'm on my network, but when I try to SSH into it from the Internet, it drops, blocks or other ways the packets (it seems the router/firewall is literally forwarding the packets, not NATing them in any way). So how do I get OpenSuSE 10.x to allow these Internet connections?
It would be bad to disable the firewall all together. How can I re-define the External Zone to be the Internet, without messing up the network setting on that machine? Any direction, or help with using the YaST firewall configuration for this would be greatly appreciated.
Thanks,
|
|
|
04-29-2006, 04:24 PM
|
#2
|
LQ Guru
Registered: Jan 2003
Location: Seymour, Indiana
Distribution: Distribution: RHEL 5 with Pieces of this and that.
Kernel 2.6.23.1, KDE 3.5.8 and KDE 4.0 beta, Plu
Posts: 5,700
Rep:
|
So you can get to the ssh server from another machine within your lan network correct?
But you cannot connect to it from the outside with port forwarding enabled on a store bought firewall/router correct?
First question is who is your internet provider?
It is possible that they block common ports so users cannot run servers unless you pay for the access. o test this goto http://www.hackerwatch.org/probe/ and see if it sees open ports on the router. If no ssh port 22 then it is not configured or is being block by provider. Either way set the external port to say 10022 to port forward to internal machine on port 22. No changes need to be made to ssh server just to the router. Then connect to port 10020 instaed of port 22 on the outside.
Brian1
|
|
|
05-08-2006, 10:42 PM
|
#3
|
Member
Registered: May 2001
Location: Norton, KS
Distribution: Mandrake, Xandros, and Debian 3.0 (Woody) as a proxy
Posts: 103
Original Poster
Rep:
|
Quote:
Originally Posted by Brian1
So you can get to the ssh server from another machine within your lan network correct?
But you cannot connect to it from the outside with port forwarding enabled on a store bought firewall/router correct?
First question is who is your internet provider?
It is possible that they block common ports so users cannot run servers unless you pay for the access. o test this goto http://www.hackerwatch.org/probe/ and see if it sees open ports on the router. If no ssh port 22 then it is not configured or is being block by provider. Either way set the external port to say 10022 to port forward to internal machine on port 22. No changes need to be made to ssh server just to the router. Then connect to port 10020 instaed of port 22 on the outside.
|
It's not the internet provider blocking... On an debian box connected at a different location I'm able to ssh to and from it regularly.
George
|
|
|
05-08-2006, 11:17 PM
|
#4
|
Member
Registered: Aug 2005
Location: India
Distribution: Gentoo
Posts: 43
Rep:
|
you can solve this one by handling the iptables manually. be it opensuse or any other distro's firewall or any other product everybody uses iptables. I bet you must have used the inbuilt feature of open suse firewall and set your box in the DMZ..(de militarized zone). So i can look into how configure open suse firewall to a much granular extent else you can try installing a simpler firewall like firestarter which accesses the same iptables of the system to get a clearer view of what is being dropped and you can just right click it and say allow. That should do it.. lastly u can take help iptable command line help and accept all conection with destination port 22.
|
|
|
05-08-2006, 11:19 PM
|
#5
|
Member
Registered: Aug 2005
Location: India
Distribution: Gentoo
Posts: 43
Rep:
|
maybe you can post tail -f var log messages while you try to connect to your system.. That will give a better explanation of whats happening inside
|
|
|
05-09-2006, 10:59 PM
|
#6
|
Member
Registered: Mar 2004
Location: Orange County, CA
Distribution: OS X, SuSE, RH, Debian, XP
Posts: 377
Rep:
|
Check "netstat -ntap" for your Suse box. Then you can see what program is listening on what port... just to make sure you see 22 (or whatever port you configured) open.
Does your firewall have UDP and TCP blocked?
Also if you have a router (NAT) then I'd make sure you dont have multiple packets being forwarded to multiple IPs; some routers seem to have a problem with it.
Have you tried changing the port on SSHD to something different and configure the firewall and port forwarding w/ the new port? It may help.
|
|
|
All times are GMT -5. The time now is 07:27 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|