On Mon, 7 Dec 2020 20:23:28 +0100 john doe <johndoe65...@mail.com> wrote:
> On 12/7/2020 8:11 PM, Gary Dale wrote: > > On 2020-12-07 14:03, john doe wrote: > >> On 12/7/2020 7:54 PM, Gary Dale wrote: > >>> On 2020-12-07 13:24, john doe wrote: > >>>> On 12/7/2020 6:38 PM, Gary Dale wrote: > >>> > >>>> > >>>>> (actually through the /etc/hosts file using the server's name). > >>>>> > >>>>> I've set up port forwarding on both my routers (I have an inner > >>>>> network > >>>>> and an outer one, using the outer network for devices I don't > >>>>> really control). I can access my Apache2 server on the inner > >>>>> network by forwarding port 80 on the outer network to the WAN > >>>>> address of the inner > >>>>> router and forwarding that to my server. Pointing my browser to > >>>>> the external IP address of the outer router brings up the > >>>>> default page - which I can change so I know it's the actual > >>>>> local page > However, when I try to ssh to the same address, it > >>>>> just times out. > >>>>> > >>>>> I've compared the sshd.conf file on my local server to one on a > >>>>> remote server and they are identical. The only uncommented > >>>>> lines are: > >>>>> > >>>>> PasswordAuthentication no > >>>>> ChallengeResponseAuthentication no > >>>>> UsePAM yes > >>>>> X11Forwarding yes > >>>>> PrintMotd no > >>>>> AcceptEnv LANG LC_* > >>>>> Subsystem sftp /usr/lib/openssh/sftp-server > >>>>> > >>>>> > >>>>> Any ideas on what's going wrong? > >>>> > >>>> - This looks like your port forwarding is not working... > >>>> - What are the logs saying? > >>>> - Is the SSH server allowing access from the outside? > >>>> > >>>> > >>>> Note that it is unclear to me how you can test outside access > >>>> from the inside. > >>>> > >>> Your first point is what I am complaining about. The outer router > >>> doesn't have a log function and an ssh attempt never shows up on > >>> the inner router. As I explained in the initial post, I've set up > >>> the port forwarding to allow it and the sshd.conf file is > >>> identical to one that allows access from the outside. > >>> > >>> I can test outside access from the inside by trying to connect to > >>> the external address. As with my browser example, the request > >>> goes to the device that has the particular IP address being > >>> sought. That is the external port on the outer router. I can also > >>> ssh to the external port on the inner router (which I can't think > >>> of a reason to do except for testing). Interestingly, this works > >>> but doesn't get logged. > >>> > >>> > >>> > >> > >> Sorry, I'm lost at your setup, the only thing that I can say is > >> that something looks to be rong with regard to your firewall > >> config. > > > > The thing is the forwarding setup is the same for port 22 as it is > > for port 80. I know that the port 80 forwarding is working so why > > isn't the port 22 forwarding? > > > > I still don't know the answer to that one, but when I changed the > > external port to something else (on the outer router), it started > > working. > > Something is rong if it works that way. > > You did not use the same rule for both port 80 and 22, if yes, this > would mean that port 22 and 80 are redirected to port 80, which is not > what you want. > > In other words, you need one rule per redirect port. > > > Now I just have to remember to set the -p option in ssh to > > connect. > > > > > > To avoid the -p option: > > $ cat ~/.ssh/config > Host sshserver > HostName <FQDN-TO-USE> > Port <PORT-TO-USE> > > $ ssh sshserver > > You can also put all the TCP port tunneling rules there, along with the path to the key (you are using keys, are you not?). -- Joe
