Re: Please help with ssh over internet to LAN server behind NAT
From: castellan (castellan_at_dev.null)
Date: 05/20/05
- Next message: Dimitri Maziuk: "Re: how to tunnel an imap connection over ssh"
- Previous message: Larry Alkoff: "Please help with ssh over internet to LAN server behind NAT"
- In reply to: Larry Alkoff: "Please help with ssh over internet to LAN server behind NAT"
- Next in thread: Larry Alkoff: "Re: Please help with ssh over internet to LAN server behind NAT"
- Reply: Larry Alkoff: "Re: Please help with ssh over internet to LAN server behind NAT"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 20 May 2005 02:32:48 GMT
Just to start off with, can you telnet to the port and actually
get a response? even with just telnet, it should spit back something
in SSH-eese.
> telnet my.home.system 22
Trying 123.123.123.123...
Connected to my.home.system
Escape character is '^]'.
SSH-2.0-OpenSSH_4.0
On 2005-05-19, Larry Alkoff <nobody@nowhere.com> wrote:
> I wish to ssh in in from the Internet to a specific server computer on
> my private LAN but I'm having trouble setting that up.
>
> Specifically I want to invoke ssh with
> ssh user@mung.no-ip.info.
>
> When I do this the ssh "transaction" does not complete, although I can
> see with tcpdump that the server is getting something.
>
> The server and other computers on the LAN are behind a NAT.
> I have been testing with both computers actually on the LAN but my
> next series of tests will be from a client on a modem connection to
> better simulate real world conditions.
>
> The Linux OS is Slackware 10.1 and ssh version is openssh 3.9p1.
>
> The command and response looks like this:
> user@linda ~ $ ssh -vv user@mung.no-ip.info
> OpenSSH_3.9p1, OpenSSL 0.9.7e 25 Oct 2004
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug2: ssh_connect: needpriv 0
>
> Note I am not specifying any computer on the command line because the
> firewall (floppyfw) on the LAN _should_ forward all port 22 traffic
> to the designated server.
>
> The lines in the firewall look like:
>
> SERVER_IP=192.168.0.5
>
> iptables -A PREROUTING -t nat -p tcp -d ${OUTSIDE_IP} --dport 22
> -j DNAT --to ${SERVER_IP}:22
>
> iptables -A FORWARD -p tcp -d ${SERVER_IP} --dport 22 -o
> ${INSIDE_DEVICE} -j ACCEPT
>
> iptables -A POSTROUTING -t nat -p tcp -d ${SERVER_IP} --dport 22
> -s ${INSIDE_NETWORK}/${INSIDE_NETMASK} -j SNAT --to ${OUTSIDE_IP}
>
> Note: lines in the file are longer than they appear <g>.
>
> I plead guilty in advance to doing something dumb but can't put my
> finger on it after doing a lot of Googling and man page reading.
> BTW, there is no problem whatsoever ssh'ing from one computer on the
> LAN to another.
>
> Larry Alkoff
>
-- Sick of USENET postwhores? Trolls? Flamers? Read the Killfile FAQ for Newsgroups to learn how to filter their drivel straight to /dev/null http://www.hyphenologist.co.uk/killfile/killfilefaqhtm.htm
- Next message: Dimitri Maziuk: "Re: how to tunnel an imap connection over ssh"
- Previous message: Larry Alkoff: "Please help with ssh over internet to LAN server behind NAT"
- In reply to: Larry Alkoff: "Please help with ssh over internet to LAN server behind NAT"
- Next in thread: Larry Alkoff: "Re: Please help with ssh over internet to LAN server behind NAT"
- Reply: Larry Alkoff: "Re: Please help with ssh over internet to LAN server behind NAT"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
