Re: SSH Connection Behind A Router/Firewall

[Joe <joe@jretrading.com>]

On Thu, 8 Sep 2016 12:49:56 -0500
Tim McDonough <tmcdonough@gmail.com> wrote:

> I have a very straightforward Debian Jessie machine on my network.
> For SSH it uses the standard/default Port 22 and accessing it via ssh
> works just fine from anywhere on the local network.
> 
> I also have a NetGear router configured so that a connection from the 
> outside world using Port 1024 gets forwarded to the local IP and Port
> 22 on the LAN. My problem is when I attempt a connection from the
> outside world the connection is refused.
> 
> Is there another setting on the Debian Jessie system I need to
> configure or do you believe this is a router configuration problem?
> If I just allow the forwarding (externally) to forward on Port 22
> things work as expected.
> 

No, that should work. As far as the server is concerned, it's a
standard port 22 job.

If a router has the option of setting the destination port in a
forwarding rule, that really ought to work. I've done it in two stages,
forwarding port A on the public IP, to port B on my firewall/server,
then to port 22 on an internal machine, no trouble.

Sorry to ask this, but... your ssh client does know it's using 1024,
doesn't it? Not just the software client, but is there an outgoing
firewall that also needs to know this? On a modern Windows machine, you
need to explicitly set up an outgoing rule, it's not just a simple
stateful firewall any more.

Quick check from your network: use Shields Up!! on https://grc.com and
ask for a check on your specific external port. If the router isn't
forwarding, or the server isn't responding, the port will show as
closed. If it shows open, and Mr Gibson lectures you about security,
then you have a problem at the client end.

-- 
Joe