SSH problems

Nefarious

Nefarious

Nefarious

Associate
Joined
1 Aug 2003
Posts
1,053
I have a linux server which I need to administrate remotely from time to time so have setup a firewall service to allow SSH access. I have done this for years and not had any major problems. Recently I bought a Netgear Stora NAS and have been experiencing problems.

On the intranet I can access both devices through SSH normally with no problems, but when trying to access the server from the internet it is redirected to the Stora. I can not understand what is going on and why the router which is redirecting to the stora rather than the server is behaving like this.

Does anyone have any experience with similar problems?
 
Yep, sounds like your firewall rule is pointing at the NAS instead of the server.

I'd just add a second firewall rule forwarding another port, say 43524 (as a completely random example), to port 22 on the server, in addition to the current rule, so if you need to go to the server instead of the NAS then you just SSH via that port instead.
 
Okay, I'll rephrase - the routing to the server works fine... till the NAS is turned on. No other service on the router is set pointing to the NAS - NAS on, the router decides to send SSH to it, NAS off, it sends to where it is actually supposed to go, the server.

Both IPs are static and do not change during this process.

It would seem that despite the service on the router being set to point to the server, whenever the NAS is turned on the router immediately falls hopelessly in love with it and forwards SSH traffic to it.

It seems strange, I'll grant you which is why I've thrown it to the forums.
 
So normally you have

you -> firewall -> server where you SSH in to a port on the firewall which is forwarded through to port 22 on the server.

And if you turn on the NAS then this becomes

you -> firewall -> NAS where you SSH to the same port on the firewall but now the traffic is sent to port 22 on the NAS?

If so then the issue must be something to do with the way the rule is set up on the firewall, (assuming it isn't something silly like the Server and NAS are on the same IP address ... which is mention in the firewall rule (*)). Clutching at straws it's not something like UPNP updating the firewall rule?

(*) thought: the systems involved haven't got multiple IP addresses have they? I have seen cases where people have configured 192.168.x.x address and use them fine internally but the had forgotten that the devices had also been configured with secondary 10.x.x.x addresses ... these were conflicting, (both hosts on 10.0.0.2 for instance) and the firewall rule pointed at that not the 192.168 addresses).
 
Are you port triggering or forwarding?


Sound weird, but this is what I would do to try to diagnose the problem.

If you have no use for SSH on NAS, turn it off! -- alternatively:

in your triggering or forwarding, use different outbound, i.e. 2222 -> 22 (server)
in your triggering or forwarding, use inbound port other than 22, i.e 2222 and outbound 2222, i.e. 2222 -> 2222 (server) [this means changing the ssh listening port on the server from 22 to 2222]

one last thing, double make sure the static addresses on the machines, not the router, router may have some nasty cache and may just require a soft reboot... Make sure both servers (server and NAS) are never asking DHCP for an address

if all else fails ... try a firmware update on the router
 
Last edited:
nate922 said:
DO you have uPnP or any other forms of Automatic Port Forwarding configured on the Roouter? If so turn it off.
Click to expand...

This will almost certainly be the problem - turn it OFF. No device on the network knows enough about your security needs to reconfigure your modem. uPnP is to networks what autorun is to PC security.
 
Welcome to the big game of musical chairs we call IPv4.

I loved my block of 8 addresses on Zen, can't wait for IPv6, we'll get a truckload of addresses each.
 
You must log in or register to reply here.
Back
Top Bottom