Advertisement
Help Keep Boards Alive. Support us by going ad free today. See here: https://subscriptions.boards.ie/.
If we do not hit our goal we will be forced to close the site.

Current status: https://keepboardsalive.com/

Annual subs are best for most impact. If you are still undecided on going Ad Free - you can also donate using the Paypal Donate option. All contribution helps. Thank you.
https://www.boards.ie/group/1878-subscribers-forum

Private Group for paid up members of Boards.ie. Join the club.

SSH and port forwarding problem

  • 01-11-2019 05:51PM
    #1
    deadl0ck
    Registered Users, Registered Users 2 Posts: 4,127 ✭✭✭


    Hi all,
    I recently had my router upgraded by Imagine (in the middle of nowhere so Imagine is my only option) and I can't get port forwarding to my SSH box working.

    When I try and connect from an external box it just times out.

    I have also tried to forward 2230->22 in case the port is reserved but no luck.

    FTP and my security cams are working fine but not SSH.

    I can SSH internally no problem and I've checked the gateway on the SSH box is correct.

    I enabled a HTTP server briefly on the SSH box on 8080 and forwarded that and I could connect to it externally, so I know the path is correct.

    Any ideas ??


Comments

  • #2
    The high horse brigade
    Closed Accounts Posts: 4,456 ✭✭✭The high horse brigade


    Are your sure you have a unique ipv4 address and are not behind local NAT?


  • #3
    ED E
    Registered Users, Registered Users 2 Posts: 36,094 ✭✭✭✭ED E


    Yep, you're forwarding from the routers internal range, not your public which the antenna leases. You have to call imagine, they dont provide access to users.


  • #4
    tsue921i8wljb3
    Closed Accounts Posts: 5,013 ✭✭✭tsue921i8wljb3


    Try changing the SSH server box port away from 22 perhaps? So use a non-standard external and internal port for SSH. That is just a guess on my part though.


  • #5
    deadl0ck
    Registered Users, Registered Users 2 Posts: 4,127 ✭✭✭deadl0ck


    The high horse brigade wrote: »
    Are your sure you have a unique ipv4 address and are not behind local NAT?

    Yeah - getting to the webserver I ran temporarily from an external connection means the route from the outside in to the server is OK


  • #6
    deadl0ck
    Registered Users, Registered Users 2 Posts: 4,127 ✭✭✭deadl0ck


    ED E wrote: »
    Yep, you're forwarding from the routers internal range, not your public which the antenna leases. You have to call imagine, they dont provide access to users.

    I asked about this - they said the new gear for the 5g connection is completely managed from the router and there is no firewall etc on the antenna.


  • Advertisement
  • #7
    deadl0ck
    Registered Users, Registered Users 2 Posts: 4,127 ✭✭✭deadl0ck


    Actually - seeing as 8080 worked for the webserver I forwarded that to 22 and ran ssh in verbose mode and it's kind of connecting:
    ssh XXXXX@YYYY -p 8080 -v
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to YYYY [A.B.C.D] port 8080.
debug1: Connection established.
debug1: identity file /home/nnnn/.ssh/identity type -1
debug1: identity file /home/nnnn/.ssh/identity-cert type -1
debug1: identity file /home/nnnn/.ssh/id_rsa type 1
debug1: identity file /home/nnnn/.ssh/id_rsa-cert type -1
debug1: identity file /home/nnnn/.ssh/id_dsa type -1
debug1: identity file /home/nnnn/.ssh/id_dsa-cert type -1
debug1: identity file /home/nnnn/.ssh/id_ecdsa type -1
debug1: identity file /home/nnnn/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.2
debug1: match: OpenSSH_5.2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug1: SSH2_MSG_KEXINIT sent

Read from socket failed: Connection reset by peer


  • #8
    deadl0ck
    Registered Users, Registered Users 2 Posts: 4,127 ✭✭✭deadl0ck


    So I got it working if I run sshd on a different port - the router must be blocking on something to do with 22.....


  • #9
    tsue921i8wljb3
    Closed Accounts Posts: 5,013 ✭✭✭tsue921i8wljb3


    deadl0ck wrote: »
    So I got it working if I run sshd on a different port - the router must be blocking on something to do with 22.....

    You're welcome :rolleyes:


  • #10
    deadl0ck
    Registered Users, Registered Users 2 Posts: 4,127 ✭✭✭deadl0ck


    Reese Quiet Hog wrote: »
    You're welcome :rolleyes:

    Sorry Navi - just did a quick update while still working on the box - thanks for the suggestion !!


  • #11
    tsue921i8wljb3
    Closed Accounts Posts: 5,013 ✭✭✭tsue921i8wljb3


    deadl0ck wrote: »
    Sorry Navi - just did a quick update while still working on the box - thanks for the suggestion !!

    No problem. Glad you got it working. The frustration was stemming from helping others that can't even be bothered to say thanks.


  • Advertisement
  • #12
    ED E
    Registered Users, Registered Users 2 Posts: 36,094 ✭✭✭✭ED E


    deadl0ck wrote: »
    So I got it working if I run sshd on a different port - the router must be blocking on something to do with 22.....

    Some ISPs block Telnet/SSH/SMB net wide to protect idiots from themselves. I thought it was going out of fashion but not impossible this is what Imagine are at.


  • #13
    deadl0ck
    Registered Users, Registered Users 2 Posts: 4,127 ✭✭✭deadl0ck


    ED E wrote: »
    Some ISPs block Telnet/SSH/SMB net wide to protect idiots from themselves. I thought it was going out of fashion but not impossible this is what Imagine are at.
    Well the tech guys I spoke to were adamant they didn't block 22, and it worked fine on the old router - so I reckon it could be this particular router


Advertisement