Re: Please help with ssh over internet to LAN server behind NAT
From: Larry Alkoff (nobody_at_nowhere.com)
Date: 05/20/05
- Next message: Darren Tucker: "Re: working with tcp wrapper and banners"
- Previous message: Dimitri Maziuk: "Re: how to tunnel an imap connection over ssh"
- In reply to: castellan: "Re: Please help with ssh over internet to LAN server behind NAT"
- Next in thread: castellan: "Re: Please help with ssh over internet to LAN server behind NAT"
- Reply: castellan: "Re: Please help with ssh over internet to LAN server behind NAT"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 20 May 2005 03:51:45 GMT
>
>
>
>
>On 2005-05-19, Larry Alkoff <nobody@nowhere.com> wrote:
>> I wish to ssh in in from the Internet to a specific server computer on
>> my private LAN but I'm having trouble setting that up.
>>
>> Specifically I want to invoke ssh with
>> ssh user@mung.no-ip.info.
>>
>> When I do this the ssh "transaction" does not complete, although I can
>> see with tcpdump that the server is getting something.
>>
>> The server and other computers on the LAN are behind a NAT.
>> I have been testing with both computers actually on the LAN but my
>> next series of tests will be from a client on a modem connection to
>> better simulate real world conditions.
>>
>> The Linux OS is Slackware 10.1 and ssh version is openssh 3.9p1.
>>
>> The command and response looks like this:
>> user@linda ~ $ ssh -vv user@mung.no-ip.info
>> OpenSSH_3.9p1, OpenSSL 0.9.7e 25 Oct 2004
>> debug1: Reading configuration data /etc/ssh/ssh_config
>> debug2: ssh_connect: needpriv 0
>>
>> Note I am not specifying any computer on the command line because the
>> firewall (floppyfw) on the LAN _should_ forward all port 22 traffic
>> to the designated server.
>>
>> The lines in the firewall look like:
>>
>> SERVER_IP=192.168.0.5
>>
>> iptables -A PREROUTING -t nat -p tcp -d ${OUTSIDE_IP} --dport 22
>> -j DNAT --to ${SERVER_IP}:22
>>
>> iptables -A FORWARD -p tcp -d ${SERVER_IP} --dport 22 -o
>> ${INSIDE_DEVICE} -j ACCEPT
>>
>> iptables -A POSTROUTING -t nat -p tcp -d ${SERVER_IP} --dport 22
>> -s ${INSIDE_NETWORK}/${INSIDE_NETMASK} -j SNAT --to ${OUTSIDE_IP}
>>
>> Note: lines in the file are longer than they appear <g>.
>>
>> I plead guilty in advance to doing something dumb but can't put my
>> finger on it after doing a lot of Googling and man page reading.
>> BTW, there is no problem whatsoever ssh'ing from one computer on the
>> LAN to another.
>>
>> Larry Alkoff
>>
On Fri, 20 May 2005 02:32:48 GMT, castellan <castellan@dev.null>
wrote:
>
>
>Just to start off with, can you telnet to the port and actually
>get a response? even with just telnet, it should spit back something
>in SSH-eese.
>
>> telnet my.home.system 22
>Trying 123.123.123.123...
>Connected to my.home.system
>Escape character is '^]'.
>SSH-2.0-OpenSSH_4.0
>
>
When I try to telnet, I get the message:
Trying xx.xx.xx.xxxx which is the correct incoming dhcp address of my
router. Nothing else is seen.
Looking at tcpdump on the target computer (what would be the ssh
server) I see packets going both ways but nothing is seen on the
client screen.
Larry
- Next message: Darren Tucker: "Re: working with tcp wrapper and banners"
- Previous message: Dimitri Maziuk: "Re: how to tunnel an imap connection over ssh"
- In reply to: castellan: "Re: Please help with ssh over internet to LAN server behind NAT"
- Next in thread: castellan: "Re: Please help with ssh over internet to LAN server behind NAT"
- Reply: castellan: "Re: Please help with ssh over internet to LAN server behind NAT"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
