Trouble w/ ssh server behind speedstream 2602 router

To: debian-user@lists.debian.org
Subject: Trouble w/ ssh server behind speedstream 2602 router
From: Lazycode <lazycode@linuxkungfu.org>
Date: Fri, 10 Jan 2003 17:32:11 -0700
Message-id: <[🔎] 20030110173211.0129ac55.lazycode@linuxkungfu.org>

Hello,
  I've got a Debian Stable 3.0 machine (ip 192.168.x.y)
with an SSH server behind a speedstream 2602 router
(ip a.b.c.d). The router has been instructed to foward
port 22 to 192.168.x.y .

  (A) On 192.168.x.y, if I do
    (1) ssh 192.168.x.y  -- I get the ssh prompt
    (2) ssh a.b.c.d -- I get nothing; ssh just hangs
      The session eventually times out.
    (3) ssh -v a.b.c.d -- I get:

    --- BEGIN SNIP ---
    OpenSSH_3.4p1 Debian 1:3.4p1-1, SSH protocols 1.5/2.0, OpenSSL 0x0090603f
    debug1: Reading configuration data /home/blah/.ssh/config
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: Rhosts Authentication disabled, originating port will not be trusted.
    debug1: ssh_connect: needpriv 0
    debug1: Connecting to a.b.c.d [a.b.c.d] port 22.
    --- END SNIP ---

    Now, if I have iptraf running, I see that there are two connections

    --- BEGIN SNIP ---
    |-192.168.x.y:32931
    |-a.b.c.d:ssh
    
    |-192.168.x.y:32931
    |-192.168.x.y:ssh
    --- END SNIP ---

    If I do (as root) "cat /var/log/auth.log |
    grep sshd" I only get old messages (I do have
    "LogLevel Debug" and "SyslogFacility AUTH").

  (B) From another machine on the local LAN,
      I can also ssh into 192.168.x.y without any problems.
  (C) From an outside machine, with SSH installed, and
      capable of connecting to another server, if I try to
      "ssh a.b.c.d", the session also hangs.
  (D) If I change the port forwarding from
      "a.b.c.d 22" -> "192.168.x.y 22"
            to
      "a.b.c.d 12345" -> "192.168.x.y 22"
            then
      (1) "ssh a.b.c.d" gets "Connection Refused"
      (2) "ssh a.b.c.d -p 12345" hangs

>From the above, I theorize that
  (1) The ssh server is configed properly (default config)
      since an machine on local LAN connect to it.
  (2) The router is trying to foward the port (as the port
      hangs instead of returning "Connection Refused")
    .... thus ....
  (3) The packet is being dropped somewhere between the router
      and 192.168.x.y

BTW, I _have_ upgraded my router to the newest available 
  "firmware", and searches on google have resulted in certain
  users having trouble fowarding port 80.

Any help, with config or info on the hardware, would be greatly
apperciated.

Thanks in advance,
--tk

Reply to:

Prev by Date: usefull iptables links (not a question, just info)
Next by Date: Re: I do not have Super Cow Powers
Previous by thread: usefull iptables links (not a question, just info)
Next by thread: iptables and dynamic ip
Index(es):
- Date
- Thread