Routing SSH

arachnoid

arachnoid

arachnoid

Associate
Joined
18 Oct 2002
Posts
121
Location
Middle of nowhere
I've got a machine running Debian on my home LAN and I can connect to it from the other machines on my LAN using putty.

I've set up a route on my firewall that should redirect Port 22 to the linux box but I don't seem tobe able to connect. I copied the settings for this route on my firewall, changed the port to 80 and started apache and there was no problem; I could view a sample page just fine.

Is there a config setting I need to set to allow routed ssh?

Thanks

Russell
 
Maybe the ISP is blocking port 22. Either run the SSH server on a different port, or an easier option is to map a different port on the firewall to port 22 on your linux box - e.g. a firewall rule remapping port 222 to port 22 on the local box, and then SSH to your home IP:222
 
Cheers for the responses.

It's correct then that it should just work assuming that the ports are forwarded correctly? I thought maybe there was some clever setting in SSH that might deny WAN connections.

Sorry Growse, whe i said Firewall I meant the firewall on the router. Just didn't make myself clear.
 
Anything blocking access in /etc/hosts.deny? Adding
Code: 
SSHD: re.mo.te.ip :ALLOW
into /etc/hosts.allow would override that. I think root access via ssh is disabled by default, so if you're not trying with a normal user account it might be worth it. Anything obvious in any debug output (-vvv option in Linux, not sure about putty)?
 
I have a rule on my router that forwards wan port 26 to my lan 22, so I use putty on port 26 to connect to home with no worries about firewalls etc.

One of the other good things about changing your external facing ssh port is that you won't get endless scans on port 22 :rolleyes:
 
that sounds like a cool plan, i like the idea of exposing a port other than 22. I'm sure i'm forwarding port 22 correctly to the machine insinde the netowrk. Maybe i'll try playing with hosts.allow again and see if i can get things to work.

Riddler,

I'm sure i remember that name, were you a poster before the big hack of 2002?

Russ
 
I mentioned the firewall because it's normally separate from the routing part. On my router (Cisco 837) if I want to forward a port, I have to both a) tell the router to actually do the routing and b) add a firewall rule that allows packets incoming on the port I specify.

I've had random drunken moments where I've spent an hour trying to figure out why a port forward didn't work and discovered that the firewall was merrily blocking everything.
 
My version of the firmware for my router sees a route as creating an opening in the firewall. My g/fs router(same hardware newer firmware) doesn't let me do routing. I wonder if that's the problem there? Maybe they've fixed the way i normally do it between versions.

Thanks

Russ
 
arachnoid said:
that sounds like a cool plan, i like the idea of exposing a port other than 22. I'm sure i'm forwarding port 22 correctly to the machine insinde the netowrk. Maybe i'll try playing with hosts.allow again and see if i can get things to work.

Riddler,

I'm sure i remember that name, were you a poster before the big hack of 2002?

Russ
Click to expand...
lol yes I was, one of the original OcUK members and Mod of the Dist.Comp forums.. :p Back when Werewolf and I got some of the first Durons to come into the country and Oranjeboom overclocked his slot A Athlon to >1GHz with a goldfinger device.. aah, great days :p
 
riddlermarc said:
lol yes I was, one of the original OcUK members and Mod of the Dist.Comp forums.. :p Back when Werewolf and I got some of the first Durons to come into the country and Oranjeboom overclocked his slot A Athlon to >1GHz with a goldfinger device.. aah, great days :p
Click to expand...

I remember the hordes of people trying to hit 1 GHz before the millenium arrived. I'm sure all the people i remember doing it at the time had used cyo cooling to get the score. I do remember some great SETI battles and many parps back in those days.

These days i pay my own electricity bill and don't have a DotCom's IT resources backing me so the distributed computing has all but disappeared from my life. It used to be great fun though. I guess priorities change.
 
You must log in or register to reply here.
Back
Top Bottom