|
Hi, I have a typical home network setup which is connected to an ADSL router. I have 2 PCs and a nettop PC which runs Ubuntu Linux 24x7. The nettop also runs the ddclient. The nettop is run headless and I use SSH and x11vnc to manage this little server. I can connect through SSH to the nettop from within my LAN and open a x11vnc session. However when I try to connect from outside the LAN to the nettop, i.e. from my office, I get a connection refused error. I even tried to connect from within my local network using the public IP and even the dynsdns host name but to no avail. The ddclient works fine. I feel that I have forwaded the ports correctly on my ADSL router. When I tested the port on your Open Port tool, it returned as "open". What could be the reason for my linux nettop to refuse a connection from the internet ? thanx all, e! |
|
I am able to connect remotely if I use a normal internet connection such as a USB dongle. All uptill now I've been trying to connect using my office PC which sits behind a proxy. So I guess the proxy creates some issues. Anyways this proves that my home setup is working ok. Thanx for all the trouble u took. Most business networks have quite strict firewall rules.
Feb 23 at 08:09 AM
VikingTiger ♦
I had no idea that the connection Im making (outbound packet to an SSH port) required an open port on my company's firewall. I thought open ports mattered only when hosting services, such as the one Im doing above. Pardon my knowledge on networking.
Feb 23 at 08:27 AM
faraway
You need open ports on all devices along the way. For routers that's the default, for firewalls it's (supposed to be) closed by default. Still, it's a useful learning experience and useful for others. Don't forget to tick an answer (even if it's this one of yours) so that others know what to look for in future.
Feb 23 at 08:30 AM
Cry Havok ♦
Yes definitely! This was surely a learning experience. I will tick this from the account I used originally to submit the question.
Feb 23 at 08:33 AM
faraway
|
|
What is the firewall configuration (iptables -L -v) on the nettop? Does it allow SSH from outside the LAN? Do you have TCPWrappers (/etc/hosts.allow and /etc/hosts.deny) configured to limit access to only the LAN? Does anything appear in your SSH logs? Finally, have you checked that the firewall at your office allows you to SSH home? Try from a friend or colleagues home connection if you don't want to ask the IT staff at work. Edit: So, did you restart SSH? What does Sorry, due to issues with the forum software I'm currently unable to post multiple answers Based on your latest answer I'd say you've got a problem with your SSH server's configuration. If packets are reaching it then that's the only explanation. Does the nettop have Internet access? Is the default gateway set? To check the default gateway is set you would enter If you see a line like that the default gateway is set. The default gateway is how the computer knows ot reach the Internet, which it sounds like it can. At this point the possibilities I can see are:
I will try netstat and give you the output once I get home. Oh btw, faraway and sri_the_saint are both my logins, if u got confused.
Feb 03 at 03:28 AM
sri_the_saint
and care to tell me how I cud check SSH logs ? I did restart SSH but that dint work. Tried running with debug output, and no output got registered when i tried to connect using the dyndns hostname, which resolves to the public IP. But when I used the local IP it gets connected and the debug output follows. I even changed the bind address to 10.0.0.8 rather than the default 0.0.0.0. It dint work either. When I changed the bind address to 127.0.0.1 it failed to connect via the local IP.
Feb 03 at 03:33 AM
sri_the_saint
The SSH logs will be under /var/log (all the logs are).
Feb 03 at 07:05 AM
Cry Havok ♦
|
|
thanx for offering to help. I too think this is a problem with the nettop rather than the router not forwarding ports. Here are the details. iptables -L -v returns
so I'm sure the firewall's clean. My hosts deny and allow files contain no entries (only the default comment at the top of the file preceded with the # sign). In addition I ran nmap with the following results. Note 10.0.0.8 is the nettops IP address on the LAN. nmap 10.0.0.8
nmap localhost
What i noticed is that 22222 which is the port I have configured for SSH does not come up as open in the nmap port scan. I have the sshd_config file as follows :
So Im guessing that the SSH daemon would have bound to 10.0.0.8 on port 22222. |
|
NMap should have shown that port 22222 was open. A point of interest is where are you trying the public IP from? It will always fail from behind the router. It should succeed from outside the router. Also, port 22222 is a vector port for several known virus and trojans https://www.incidents.org/port.html?port=22222 As such, it may be filtered on the Internet by ISPs and other routers. You might want to try a different port.... |
|
I tried accessing the router page from my office by typing the dyndns host name (at home I jus type the internal IP that is reserved to it and it loads). The usernmame / password entry box appeared and when I entered them, the browser changed its address from the dyndns host name to 10.0.0.2 and tried to load the page and eventually failed. Why does my router have to resolve the dyndns hostname to its local IP address ? any ideas ? I think this is the same happening with regards to opening an SSH connection. What is 10.0.0.2? In your first reply you said that your SSH server was on 10.0.0.8.
Feb 05 at 09:39 AM
Cry Havok ♦
10.0.0.2 is my router. 10.0.0.8 is the nettop. I have 2 more PCs on the same network. Btw, Im thinking of moving the nettop to DMZ and see if that would solve the addressing problem (if there ever is one). I saw an entry in the router which took an IP as DMZ so hoping that will be as simple as that. thanx for the help so far.
Feb 05 at 09:49 AM
faraway
I think this part of your problem relates to your using a web browser. Up until know you've been talking about SSH so you should be using an SSH client. Also, you still didn't answer my question about the output of
Feb 05 at 12:23 PM
Cry Havok ♦
|
1 2 3 next page »