Please help with ssh over internet to LAN server behind NAT

From: Larry Alkoff (nobody_at_nowhere.com)
Date: 05/20/05 

Date: Thu, 19 May 2005 23:31:41 GMT

I wish to ssh in in from the Internet to a specific server computer on
my private LAN but I'm having trouble setting that up.

Specifically I want to invoke ssh with
ssh user@mung.no-ip.info.

When I do this the ssh "transaction" does not complete, although I can
see with tcpdump that the server is getting something.

The server and other computers on the LAN are behind a NAT.
I have been testing with both computers actually on the LAN but my
next series of tests will be from a client on a modem connection to
better simulate real world conditions.

The Linux OS is Slackware 10.1 and ssh version is openssh 3.9p1.

The command and response looks like this:
user@linda ~ $ ssh -vv user@mung.no-ip.info
OpenSSH_3.9p1, OpenSSL 0.9.7e 25 Oct 2004
debug1: Reading configuration data /etc/ssh/ssh_config
debug2: ssh_connect: needpriv 0

Note I am not specifying any computer on the command line because the
firewall (floppyfw) on the LAN _should_ forward all port 22 traffic
to the designated server.

The lines in the firewall look like:

    SERVER_IP=192.168.0.5

    iptables -A PREROUTING -t nat -p tcp -d ${OUTSIDE_IP} --dport 22
-j DNAT --to ${SERVER_IP}:22

    iptables -A FORWARD -p tcp -d ${SERVER_IP} --dport 22 -o
${INSIDE_DEVICE} -j ACCEPT

    iptables -A POSTROUTING -t nat -p tcp -d ${SERVER_IP} --dport 22
-s ${INSIDE_NETWORK}/${INSIDE_NETMASK} -j SNAT --to ${OUTSIDE_IP}

Note: lines in the file are longer than they appear <g>.

I plead guilty in advance to doing something dumb but can't put my
finger on it after doing a lot of Googling and man page reading.
BTW, there is no problem whatsoever ssh'ing from one computer on the
LAN to another.

Larry Alkoff

Relevant Pages

  • Re: need help for setting SSH Server for Windows XP
    ... In my windows firewall proper ports are opened. ... Changing from port 22 to ports 80, 443 also doesn't give any results. ... static LAN IP of the server PC. ... It is *NOT* a valid test to call the SSH server PC from another ...
    (microsoft.public.windowsxp.work_remotely)
  • Re: SMTP will not connect
    ... This webserver is outside of my office LAN. ... I have no idea how to see what's in the firewall, ... The server allows email sending and it receives emails. ... > That doesn't mean Exchange isn't being a mail server. ...
    (microsoft.public.exchange2000.admin)
  • Re: Security, Distributed firewalling application...long ;-)
    ... > redirected to internal IP space DMZ server running web-apps ... Do note that that's a lot of services to offer inside the LAN (instead ... firewall configuration, can be used to 'persuade' it to). ... Running an IDS on the local network. ...
    (Focus-Linux)
  • Re: ssh security question
    ... Someone is attempting to use a dictionary or brute-force attack against your SSH server. ... Recently - I was away from the office - and enabled port 22 on the firewall - so I could access the centos server remotely. ...
    (SSH)
  • Re: Dual NIC Default Gateway Configuration
    ... This firewall opens ports for e-mail, ... The workstations on the LAN, ... The Windows 2003 SBS in question serves multiple ... mail server will bind to that IP address and that IP ...
    (microsoft.public.windows.server.sbs)