Re: SSH Connection Behind A Router/Firewall

To: debian-user@lists.debian.org
Subject: Re: SSH Connection Behind A Router/Firewall
From: Tim McDonough <tmcdonough@gmail.com>
Date: Thu, 8 Sep 2016 18:47:43 -0500
Message-id: <[🔎] 2ccd0b3e-a077-db63-e925-0a71606de130@gmail.com>
In-reply-to: <[🔎] 20160908194207.17e94b9a@jresid.jretrading.com>
References: <[🔎] 0e44569d-051f-09aa-c7a2-93458125aa46@gmail.com> <[🔎] 20160908194207.17e94b9a@jresid.jretrading.com>

On 9/8/2016 1:42 PM, Joe wrote:

On Thu, 8 Sep 2016 12:49:56 -0500
Tim McDonough <tmcdonough@gmail.com> wrote:

I have a very straightforward Debian Jessie machine on my network.
For SSH it uses the standard/default Port 22 and accessing it via ssh
works just fine from anywhere on the local network.

I also have a NetGear router configured so that a connection from the
outside world using Port 1024 gets forwarded to the local IP and Port
22 on the LAN. My problem is when I attempt a connection from the
outside world the connection is refused.

Is there another setting on the Debian Jessie system I need to
configure or do you believe this is a router configuration problem?
If I just allow the forwarding (externally) to forward on Port 22
things work as expected.

No, that should work. As far as the server is concerned, it's a
standard port 22 job.

That was my thought as well.

If a router has the option of setting the destination port in a
forwarding rule, that really ought to work. I've done it in two stages,
forwarding port A on the public IP, to port B on my firewall/server,
then to port 22 on an internal machine, no trouble.

I have a NetGear WNDR3800. I have the port forwarding setup as youdescribe.

Sorry to ask this, but... your ssh client does know it's using 1024,
doesn't it? Not just the software client, but is there an outgoing
firewall that also needs to know this? On a modern Windows machine, you
need to explicitly set up an outgoing rule, it's not just a simple
stateful firewall any more.

Don't apologize for asking, I'd be perfectly happy if I'd overlookedsomething simple. I'm using a Windows 10 machine to access it and evenwith the firewall in the Win10 box turned off I get the same results.

Quick check from your network: use Shields Up!! on https://grc.com and
ask for a check on your specific external port. If the router isn't
forwarding, or the server isn't responding, the port will show as
closed. If it shows open, and Mr Gibson lectures you about security,
then you have a problem at the client end.

The port shows as open.

I initially used PuTTY to test and when I first got the error I alsotried making an sftp connection with Filezilla. A forwarded port is ano-go with either of them.


Thanks for the suggestions,

Tim

Reply to:

References:
- SSH Connection Behind A Router/Firewall
  - From: Tim McDonough <tmcdonough@gmail.com>
- Re: SSH Connection Behind A Router/Firewall
  - From: Joe <joe@jretrading.com>

Prev by Date: Problems communicating with and between servers after upgrade
Next by Date: Re: Using serial console as a poor mans IP kvm?
Previous by thread: Re: SSH Connection Behind A Router/Firewall
Next by thread: Re: SSH Connection Behind A Router/Firewall
Index(es):
- Date
- Thread