[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ssh tunnelling testing [solved]

On 2020-12-07 14:23, john doe wrote:
On 12/7/2020 8:11 PM, Gary Dale wrote:
On 2020-12-07 14:03, john doe wrote:
On 12/7/2020 7:54 PM, Gary Dale wrote:
On 2020-12-07 13:24, john doe wrote:
On 12/7/2020 6:38 PM, Gary Dale wrote:

(actually through the /etc/hosts file using the server's name).

I've set up port forwarding on both my routers (I have an inner
and an outer one, using the outer network for devices I don't really
control). I can access my Apache2 server on the inner network by
forwarding port 80 on the outer network to the WAN address of the
router and forwarding that to my server. Pointing my browser to the
external IP address of the outer router brings up the default page -
which I can change so I know it's the actual local page > However,
when I try to ssh to the same address, it just times out.

I've compared the sshd.conf file on my local server to one on a remote
server and they are identical. The only uncommented lines are:

PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM yes
X11Forwarding yes
PrintMotd no
AcceptEnv LANG LC_*
Subsystem       sftp    /usr/lib/openssh/sftp-server

Any ideas on what's going wrong?

- This looks like your port forwarding is not working...
- What are the logs saying?
- Is the SSH server allowing access from the outside?

Note that it is unclear to me how you can test outside access from the

Your first point is what I am complaining about. The outer router
doesn't have a log function and an ssh attempt never shows up on the
inner router. As I explained in the initial post, I've set up the port
forwarding to allow it and the sshd.conf file is identical to one that
allows access from the outside.

I can test outside access from the inside by trying to connect to the
external address. As with my browser example, the request goes to the
device that has the particular IP address being sought. That is the
external port on the outer router. I can also ssh to the external port
on the inner router (which I can't think of a reason to do except for
testing). Interestingly, this works but doesn't get logged.

Sorry, I'm lost at your setup, the only thing that I can say is that
something looks to be  rong with regard to your firewall config.

The thing is the forwarding setup is the same for port 22 as it is for
port 80. I know that the port 80 forwarding is working so why isn't the
port 22 forwarding?

I still don't know the answer to that one, but when I changed the
external port to something else (on the outer router), it started

Something is rong if it works that way.

You did not use the same rule for both port 80 and 22, if yes, this
would mean that port 22 and 80 are redirected to port 80, which is not
what you want.

In other words, you need one rule per redirect port.

I didn't say I used the same rule. I said the setup is the same. Any external traffic on that port is directed to the same port on the inner router. It's kind of difficult to get that wrong.

I suspect that my ISP is using port 22 for their own purposes but didn't bother excluding it in the router's programming.

Now I just have to remember to set the -p option in ssh to

To avoid the -p option:

$ cat ~/.ssh/config
Host sshserver
    HostName <FQDN-TO-USE>
    Port <PORT-TO-USE>

$ ssh sshserver

I could, but it's not something I'm using often. If I forget, I'll be reminded when it fails to connect.

Reply to: