Re: I cannot ssh from wan/lan to my pc behind a home server
Thank you Gerdriaan, your suggestion has solved the problem .... which
actually I had tried before with no success, this means that I was
wrong in something else. Your help has been decisive!
A minor issue: I've applied a similar rule to port 5900 and obviously
I've launched "systemctl -restart ufw" but now when I run "iptables -t
nat -L -n -v" I get the following:
......
Chain PREROUTING (policy ACCEPT 6 packets, 362 bytes)
pkts bytes target prot opt in out source
destination 6 360 DNAT tcp -- eno1 *
0.0.0.0/0 192.168.1.120 tcp dpt:2222
to:192.168.3.100:2222 0 0 DNAT tcp -- eno1 *
0.0.0.0/0 192.168.1.120 tcp dpt:2222
to:192.168.3.100:2222 0 0 DNAT tcp -- eno1 *
0.0.0.0/0 192.168.1.120 tcp dpts:5900:5910 to:192.168.3.100
......
i.e. there are two lines (which are the same) referring to ssh and port
2222
I've tried with "iptables -F && ufw reload" and iptables -F ; ufw
reload" but I lose control on the Server (i use Xephyr from my pc to
drive it), I cannot anymore ssh it and the only way is to restart the
Server (which, I admit, is not very professional :-D ).
Anyway, it is my Home Server so, if someone has a solution, many
thanks for it, otherwise I'll keep on going on the unprofessional
way! :-D
Thanks to all,
Aldo :-)
Il giorno Thu, 8 Feb 2018 07:46:46 +0100
Gerdriaan Mulder <naairdreg@gmail.com> ha scritto:
> Hi Aldo,
>
> Please also reply to the list, so the other members can read along.
> I've redacted your MAC addresses in the quote below, because I think
> they are not needed.
>
> On 7 February 2018 at 23:22, Aldo Maggi <sentiniate@virgilio.it>
> wrote:
> > I switched the level of logging of ufw to "full" and in "kern.log" I
> > have found the following:
> > root@Casa-mia-1:~# cat /var/log/kern.log |grep -i DPT=2222
> > Feb 7 23:00:12 Casa-mia-1 kernel: [14311.741791] [UFW AUDIT]
> > IN=eno1 OUT= MAC=<> SRC=192.168.1.1
> > DST=192.168.3.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=27675 DF
> > PROTO=TCP SPT=45892 DPT=2222 WINDOW=65535 RES=0x00 SYN URGP=0
> >
> > Feb 7 23:08:48 Casa-mia-1 kernel: [14827.858458] [UFW AUDIT]
> > IN=eno1 OUT= MAC=<> SRC=192.168.1.1
> > DST=192.168.3.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=45177 DF
> > PROTO=TCP SPT=42165 DPT=2222 WINDOW=65535 RES=0x00 SYN URGP=0
> >
> > Feb 7 23:09:50 Casa-mia-1 kernel: [14890.104629] [UFW AUDIT]
> > IN=eno1 OUT= MAC=<> SRC=192.168.1.1
> > DST=192.168.3.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=53838 DF
> > PROTO=TCP SPT=58074 DPT=2222 WINDOW=65535 RES=0x00 SYN URGP=0
>
> So a connection with destination port 2222 has a destination IP
> address of 192.168.3.1 in these logs. Your PC has 192.168.3.100, so I
> think you need to edit the NAT rule that forwards 2222 to point to
> 192.168.3.100 instead of 192.168.3.1.
>
> ~ Gerdriaan
>
> > these were three attempt to connect to 192.168.1.120 via ssh on port
> > 2222 from my smartphone with Ip 192.168.1.4 in fact its Mac
> > (<>) is included inside "MAC="
> >
> > Thanks for your help!
> >
> > Aldo :-)
> >
> >
> >
> > Il giorno Wed, 7 Feb 2018 22:27:51 +0100
> > Gerdriaan Mulder <naairdreg@gmail.com> ha scritto:
> >
> >> Can you check whether you can access your home pc from the
> >> 192.168.1.0/24 network? So, connect a device to your router on the
> >> LAN side, acquire an IP lease in the 192.168.1.0/24 network, and
> >> connect to 192.168.1.120 on port 2222.
> >>
> >> If that doesn't work, can you insert extra logging rules in ufw?
> >> Packets that would be dropped then appear in /var/log/kern.log,
> >> which helps debugging your problem.
> >>
> >> ~ Gerdriaan
> >>
>
Reply to: