Port 22 Forwarding on Eircom F2000

mpaton

Has anyone successfully SSH'd in to a system behind a F2000 modem?

I've set the port forwarding of port 22 to port 22 on my local system
and also put the local system on the DMZ (didn't think I needed to do this).

The Gibson Research Shields Up site now shows I have Port 22 open,
but when I try to ssh in from an outside system, I don't see any activity on my
local system logs, nor do I see any likely looking packets with Wireshark.

Logging in to the same local system via SSH works fine from another system on the LAN.

Modem firewall is set to Medium. I suppose I should try disabling it. Tried that, no difference.

mgirod

I failed as well. Tried DMZ and disabling firewall.
Set my box as Static-<mac address>_Ethernet
Reserved an address
Registered my DynDNS account, and checked it synched correctly
Also checked I can connect with ssh within the LAN
Enabled both tcp and udp for 22

I get nothing in the logs...

jd

Try forwarding a different external port to internal 22?

mgirod

You mean, adding a port mapping from ext:22222 to int:22, and trying to connect with: ssh -p 22222 <fqdn>
I tried: no success.
Thanks for the suggestion

mgirod

In fact, nobody answered mpaton...
Can we conclude that there is a bug in F2000, and it does not support Port forwarding at least for SSH?

mass_debater

mgirod wrote: »

In fact, nobody answered mpaton...
Can we conclude that there is a bug in F2000, and it does not support Port forwarding at least for SSH?

Bridge it and add a better router

Kensington

Port 22 is hard coded into the f2000 as are ports 80 and 443 (amongst a few others) for remote access and management by eircom.

Bridging is the only way to overcome.

mgirod

But I configured my sshd to use 1022, checked that I could use it from the LAN, added a port forward 1022->1022, and failed to connect.

What does 'bridging' mean here?

mgirod

What I understand is: add a device between the Eir router (connected to the line) and the host.
But if the packets on port 22 are not sent to the host, they won't be sent to the bridge either, so this cannot work!?

Kensington

Is it still establishing initial connection or port 22?
Have you updated the port forward from port 22 (you mentioned trying earlier) to port 1022?

Bridging means your router does all the routing, the f2000 only does the vdsl comms.
The router still sits behind the eircom f2000.

At the moment the eircom f2000 does all the routing. It is configured with internal port maps to hold 22, 69, 80, 443 so you can't pass through any of these ports from the WAN side.

mgirod

Sorry, I don't understand your first question. I restored the default sshd use of port 22 on my host.
I can connect to it from another host in the LAN using the internal address.
But I have never been able to connect from the WAN (using the external address).

I have still both port forwarding setups: 1022 ->22, and 22 -> 22 -- Neither of which works.

I try to rephrase to check I understand:
- ports 22, 69, 80, and 443 are blocked and hardcoded
- but I can forward 1022 to 1022, and have a second router ('configured as a bridge') to forward 1022 to 22

Apart that I did try to forward ext:1022 to int:1022 and have sshd listen to 1022, and this failed.

So, I am sorry, but I still don't get it.
In fact, I do have 2 other routers, my old ZyXEL (with which I used to forward 22 for years), and even another F2000.
Both have the Eircom configuration.

Kensington

mgirod wrote: »

Sorry, I don't understand your first question. I restored the default sshd use of port 22 on my host.
I can connect to it from another host in the LAN using the internal address.
But I have never been able to connect from the WAN (using the external address).

I have still both port forwarding setups: 1022 ->22, and 22 -> 22 -- Neither of which works.

I try to rephrase to check I understand:
- ports 22, 69, 80, and 443 are blocked and hardcoded
- but I can forward 1022 to 1022, and have a second router ('configured as a bridge') to forward 1022 to 22

Apart that I did try to forward ext:1022 to int:1022 and have sshd listen to 1022, and this failed.

So, I am sorry, but I still don't get it.
In fact, I do have 2 other routers, my old ZyXEL (with which I used to forward 22 for years), and even another F2000.
Both have the Eircom configuration.

Ah, ok, you want to use Port 1022 from internet mapped to 22 inside - got it

Don't have an F2000 in front of me so not really sure of layout/steps of the menu but what is the firewall setting on the F2000? Can you turn it off or set to Lowest possible setting and try it again?

mgirod

Well, using 1022 would be a work around, but as I said, it doesn't work.
Now, in the F2000 GUI, there is a Layer2Bridging menu, with two predefined bridges:
- br0: with all WAN interfaces selected on the one side, and the 4 LAN ones on the other (but none of the 4 SSID ones -- 1 and 5 checked but greyed!?)
- br1: nothing selected (but SSID 2 and 6 checked/greyed)

No real explanations, but maybe I could define one more bridge, and select only the LAN4 interface where I have my host?

grimeire

Kensington wrote: »

Port 22 is hard coded into the f2000 as are ports 80 and 443 (amongst a few others) for remote access and management by eircom.

Bridging is the only way to overcome.

thanks just came across this post as i was having trouble accessing my webserver. port 80 and 443 must be blocked as im getting just the router menu.

ssh is working for me with the firewall off and without adding the sever to the dmz they must of changed the setting since the firmware you are on