I cannot ssh from wan/lan to my pc behind a home server

To: debian-firewall@lists.debian.org
Subject: I cannot ssh from wan/lan to my pc behind a home server
From: Aldo Maggi <sentiniate@virgilio.it>
Date: Wed, 7 Feb 2018 20:41:49 +0100
Message-id: <[🔎] 20180207204149.631e230c@paperino>

I'm having problems with ssh from the Wan while contacting my Pc in the
Lan.

It worked when I just had to go through the Router provided by the ISP
but problems arose when I've decided to use a small server which I want
to use as file server for our family Pc's, Laptops and smartphone + for
transferring there the webserver where I have my blog. My home lan
(limiting it to my Pc) is as follows:


    WAN
     |
----------
| Router |
----------
        | 192.168.1.1
        | 
   eno1 | 192.168.1.120
----------------
|              |
| File Server  |
|              |
----------------
   eno2 | 192.168.3.1
        |
 enp2s0 | 192.168.3.100
----------------
|              |
|   My Pc      |
|              |
----------------

From the File Server I can ssh my pc on port 2222
From the lan (which is in 192.168.1.0) it is not possible to ssh my pc
which is in the 192.168.3.0 net


File Server:
(in "ufw status" output I have left only what I have thought to be of
interest) 
root@Casa-mia-1:~# ufw status
Status: active

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW       Anywhere                  
OpenSSH                    ALLOW       Anywhere                  
SSH                        ALLOW       Anywhere                  
Anywhere                   ALLOW       192.168.3.100             
Anywhere                   ALLOW       192.168.3.0/24            
2222/tcp                   ALLOW       Anywhere                  
22/tcp (v6)                ALLOW       Anywhere (v6)             
OpenSSH (v6)               ALLOW       Anywhere (v6)             
SSH (v6)                   ALLOW       Anywhere (v6)             
2222/tcp (v6)              ALLOW       Anywhere (v6)   


root@Casa-mia-1:~# iptables -t nat -L -n -v
Chain PREROUTING (policy ACCEPT 1081 packets, 70666 bytes)
 pkts bytes target     prot opt in     out     source
destination 0     0 DNAT       tcp  --  eno1   *
0.0.0.0/0            192.168.1.120        tcp dpt:2222
to:192.168.3.1:2222

Chain INPUT (policy ACCEPT 21 packets, 2919 bytes)
 pkts bytes target     prot opt in     out     source
destination         

Chain OUTPUT (policy ACCEPT 125 packets, 8738 bytes)
 pkts bytes target     prot opt in     out     source
destination         

Chain POSTROUTING (policy ACCEPT 125 packets, 8738 bytes)
 pkts bytes target     prot opt in     out     source
destination 885 56073 MASQUERADE  all  --  *      eno1
192.168.3.0/24       0.0.0.0/0   

root@Casa-mia-1:~# cat /etc/ufw/sysctl.conf |grep -i ip_forward
net/ipv4/ip_forward=1

My Pc:

root@aldomaggi:~# iptables -t nat -L -n
-v Chain PREROUTING (policy ACCEPT 0 packets, 0
bytes) pkts bytes target     prot opt in     out
source
destination 
Chain INPUT (policy ACCEPT 0 packets, 0
bytes) pkts bytes target     prot opt in     out
source
destination 
Chain OUTPUT (policy ACCEPT 0 packets, 0
bytes) pkts bytes target     prot opt in     out
source
destination 
Chain POSTROUTING (policy ACCEPT 0 packets, 0
bytes) pkts bytes target     prot opt in     out
source destination  

root@aldomaggi:~# cat /etc/ssh/sshd_config |grep -i port
#Porta non standard 2222
Port 2222

I thank you in advance for any help you can give me!

Aldo :-)

Reply to:

Follow-Ups:
- Re: I cannot ssh from wan/lan to my pc behind a home server
  - From: Luis <luislopez72@gmail.com>

Next by Date: Re: I cannot ssh from wan/lan to my pc behind a home server
Next by thread: Re: I cannot ssh from wan/lan to my pc behind a home server
Index(es):
- Date
- Thread