SSH and Routers

[blkmage]

I've learned about the wonders of ssh. I've succesfully done it on my boxes inside my LAN. But, I can't seem to get to it using my IP address. I've done port forwarding to the box and everything, but no matter which computer I use, it refuses the connection. I've set it to port 22222 and it still doesn't work.

[Mithrandir]

To confirm:

1. You are trying to ssh to a machine behind your firewall, from a machine outside the firewall.

2. You have the SSH server running, and can connect to it (on 22,222) from inside the firewall (and it's not getting a DHCP ip address).

3. You have your router set to forward traffic on port 22,222 to your local IP address.

4. You are trying to ssh to the appropriate port from a box outside the firewall.


Correct?

[shooraijin]

Try telnetting to the port from outside instead of ssh.

Connection refused = sshd2 isn't even running (or port forwarding isn't working)
Connected/Connection closed (right after) = sshd2 doesn't like the outside host
Connected (stays connected) = home free, check something about your client

I had a lot of trouble with my sshd2 initially. Turns out there's an option to disallow hosts that can't be reverse-looked-up. Make sure that's not enabled in your configuration file (many installations have this on by default).

[blkmage]

4. You are trying to ssh to the appropriate port from a box outside the firewall.

I was trying to ssh from one of my boxes inside using the external IP. I don't think that's supposed to work now that I think about it.

sshd is running, port forwarding doesn't seem to be working.

What would I look for in my sshd_config if I wanted to turn that host reverse lookup off?

But, I have a new problem. I don't think my school's router is letting me get through. Would I have to ask the admin and hope he'll open it up, or can I tunnel through another port?

[Mithrandir]

I don't think my school's router is letting me get through. Would I have to ask the admin and hope he'll open it up, or can I tunnel through another port?

If you set it to a "standard" port, you'll probably be OK. I've setup one of my IP addresses to accept ssh on port 80, since I've got the website running on a different IP address.

I'll let shooby answer the other questions...

[blkmage]

I can't ssh to myself using my IP. I can do it through localhost and 192.168.0.2, but my IP gets me a connection refused.

[Mithrandir]

That's from outside the firewall, yeah?

[blkmage]

No. I'm trying to get it to connect to itself, so it'd be kind of going out and back in.

[Mithrandir]

I'd guess your router is programmed not to allow that... Do you have any way to test it from a box outside the line?

One other thing: Can you get to it from another machine on your internal network, using it's IP address? If so, it would almost certainly indicate that you have a router configuration issue.

Then we can figure out what kind of router it is, and help you figure out how to configure it.

[blkmage]

No machines work with the external IP. In theory, everything should work perfectly. I have a Netgear RP614.

[Mithrandir]

Heh. In theory all surfacises are without friction and conversations always go the way I want.

But I digress... Netgear huh? Hmm... I'll TRY to help you with it. Can you post a screen capture of the appropriate screen on the config website?

[blkmage]

Port 80 is forwarded to my compy, 192.168.0.2. SSH is running on port 80.

[Mithrandir]

Everything looks right. I think you'd better look at shooby's reverse resolve issue. Hey shooby, what's my line?

[blkmage]

I think I found it, but it still doesn't work. I think it's UseDNS and I set it to no.

Because it's on port 80, I saw something when I accidentally went there to 192.168.0.2. But, if I tried my IP, it'd say connection refused. My ISP only blocks port 25.

[shooraijin]

In my particular sshd2, the line is RequireReverseMapping no. I think it should be in OpenSSL/OpenSSH too, if that's what you're using.