Re: I cannot ssh from wan/lan to my pc behind a home server

To: Aldo Maggi <sentiniate@virgilio.it>, debian-firewall@lists.debian.org
Subject: Re: I cannot ssh from wan/lan to my pc behind a home server
From: Gerdriaan Mulder <naairdreg@gmail.com>
Date: Thu, 8 Feb 2018 07:46:46 +0100
Message-id: <[🔎] CA+bgFZqNuoc=1D83593w0rwaQtLX1WzKWB8xX4y0_Dj2GTC-Vw@mail.gmail.com>
In-reply-to: <20180207232210.6c305bb3@paperino>
References: <[🔎] 20180207204149.631e230c@paperino> <[🔎] 4113c0c2-44e5-f687-6815-abd0e3b35c3d@gmail.com> <[🔎] 20180207220258.11a647b8@paperino> <[🔎] CA+bgFZqs27uy6wE=h0tHBUH8Z5bs-rPGCUF4avzyOJ1VhaEMKA@mail.gmail.com> <20180207232210.6c305bb3@paperino>

Hi Aldo,

Please also reply to the list, so the other members can read along.
I've redacted your MAC addresses in the quote below, because I think
they are not needed.

On 7 February 2018 at 23:22, Aldo Maggi <sentiniate@virgilio.it> wrote:
> I switched the level of logging of ufw to "full" and in "kern.log" I
> have found the following:
> root@Casa-mia-1:~# cat  /var/log/kern.log |grep -i DPT=2222
> Feb  7 23:00:12 Casa-mia-1 kernel: [14311.741791] [UFW AUDIT] IN=eno1
> OUT= MAC=<> SRC=192.168.1.1
> DST=192.168.3.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=27675 DF PROTO=TCP
> SPT=45892 DPT=2222 WINDOW=65535 RES=0x00 SYN URGP=0
>
> Feb  7 23:08:48 Casa-mia-1 kernel: [14827.858458] [UFW AUDIT] IN=eno1 OUT=
> MAC=<> SRC=192.168.1.1
> DST=192.168.3.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=45177 DF PROTO=TCP
> SPT=42165 DPT=2222 WINDOW=65535 RES=0x00 SYN URGP=0
>
> Feb  7 23:09:50 Casa-mia-1 kernel: [14890.104629] [UFW AUDIT] IN=eno1 OUT=
> MAC=<> SRC=192.168.1.1
> DST=192.168.3.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=53838 DF PROTO=TCP
> SPT=58074 DPT=2222 WINDOW=65535 RES=0x00 SYN URGP=0

So a connection with destination port 2222 has a destination IP
address of 192.168.3.1 in these logs. Your PC has 192.168.3.100, so I
think you need to edit the NAT rule that forwards 2222 to point to
192.168.3.100 instead of 192.168.3.1.

~ Gerdriaan

> these were three attempt to connect to 192.168.1.120 via ssh on port
> 2222 from my smartphone with Ip 192.168.1.4 in fact its Mac
> (<>) is included inside "MAC="
>
> Thanks for your help!
>
> Aldo :-)
>
>
>
> Il giorno Wed, 7 Feb 2018 22:27:51 +0100
> Gerdriaan Mulder <naairdreg@gmail.com> ha scritto:
>
>> Can you check whether you can access your home pc from the
>> 192.168.1.0/24 network? So, connect a device to your router on the LAN
>> side, acquire an IP lease in the 192.168.1.0/24 network, and connect
>> to 192.168.1.120 on port 2222.
>>
>> If that doesn't work, can you insert extra logging rules in ufw?
>> Packets that would be dropped then appear in /var/log/kern.log, which
>> helps debugging your problem.
>>
>> ~ Gerdriaan
>>

Reply to:

Follow-Ups:
- Re: I cannot ssh from wan/lan to my pc behind a home server
  - From: Aldo Maggi <sentiniate@virgilio.it>

References:
- I cannot ssh from wan/lan to my pc behind a home server
  - From: Aldo Maggi <sentiniate@virgilio.it>
- Re: I cannot ssh from wan/lan to my pc behind a home server
  - From: Luis <luislopez72@gmail.com>
- Re: I cannot ssh from wan/lan to my pc behind a home server
  - From: Aldo Maggi <sentiniate@virgilio.it>
- Re: I cannot ssh from wan/lan to my pc behind a home server
  - From: Gerdriaan Mulder <naairdreg@gmail.com>

Prev by Date: Re: I cannot ssh from wan/lan to my pc behind a home server
Next by Date: Re: I cannot ssh from wan/lan to my pc behind a home server
Previous by thread: Re: I cannot ssh from wan/lan to my pc behind a home server
Next by thread: Re: I cannot ssh from wan/lan to my pc behind a home server
Index(es):
- Date
- Thread