Remote SSH and Port Forwarding

xworld · 2014-08-16 20:29:42

I have an Arch server running SSH on port 12444 which I am trying to be able to access from outside my network. I've already viewed this thread: https://bbs.archlinux.org/viewtopic.php?id=179561, but his solution does not work for me. I already confirmed that SSH is indeed working and listening on the specified port. I have an Actiontec C1000A and am using a PPPoE connection like the user in the thread above. I configured it to forward the same port the the LAN address of the SSH server. Once I leave my network and log in somewhere else, I find that the connection eventually times out on the port specified. If I run a scan it shows that the port is completely filtered. This is rather weird considering that I also disabled all firewalls including the one on the router. I restarted the router just to be sure, but to no avail. I still can't connect remotely to the router.

I also tried to enable Remote GUI and Remote Console. Both the GUI port and Telnet where filtered, and I could not connect to either of them. So essentially the router is simply doing the opposite of what I tell it to. I have dynamic DNS enabled so I'm positive that I'm using the correct WAN IP address when I try to log in. Just to be sure, this is how I log in:

ssh -i /priv/key -p 12444 sshserveruser@wan.ip.addr.xx

I also try without specifying a user. No dice. Nothing works. No ports that I open, or forward, seem to work. At all.

jasonwryan · 2014-08-16 20:33:09

What is the `.xx` supposed to represent?

Run ssh with verbose flags to generate some more meaningful error messages....

ewaller · 2014-08-16 20:45:34

jasonwryan wrote:

What is the `.xx` supposed to represent?
Run ssh with verbose flags to generate some more meaningful error messages....

I think he is saying the address is the four bytes expressed as decimal separated by dots -- IPv4 style (like 116.117.118.4)

ewaller · 2014-08-16 21:05:10

I think, but I am not certain, that you have an incorrect concept as to how this works. If I may...

When you forward a port on ssh, you usually still connect to ssh on port 22. I think you are trying to forward port 12444, which presumably has some custom server sitting on it on your host (A game, something you wrote, etc...). If you can hit that port from your host at localhost:12444, or from your lan at your.private.ip.address:12444, then this is the case.

What I think you want to do is connect to sshd on port 22 using the ssh -L option to forward port 12444. What happens is that sshd on the host then opens a connection to its own localhost:12444 and sends that information through the ssh connection on port 22. At the client end, the ssh client opens a listener at its localhost:12444 and uses that as the endpoint for the data coming through the ssh pipe. If your server on the host on port 12444 happened to serve up http stuff, one could run a browser on the client machine and surf to http://localhost:12444 as that remote port appears to be a local port. You do not connect to the.hosts.public.ip:12444.

I hope I explained that well.

edit: changed -D to -L in the ssh command. Thanks to bulletmark and his post below

Last edited by ewaller (2014-08-16 23:28:54)

bulletmark · 2014-08-16 23:12:42

ewaller wrote:

What I think you want to do is connect to sshd on port 22 using the ssh -D option to forward port 12444. What happens is that sshd on the host then opens a connection to its own localhost:12444 and sends that information through the ssh connection on port 22. At the client end, the ssh client opens a listener at its localhost:12444 and uses that as the endpoint for the data coming through the ssh pipe. If your server on the host on port 12444 happened to serve up http stuff, one could run a browser on the client machine and surf to http://localhost:12444 as that remote port appears to be a local port. You do not connect to the.hosts.public.ip:12444.
I hope I explained that well.

emaller, you hunch is probably correct and your description above is ok, except you have stated the wrong switch "-D" where I am sure you mean "-L". He likely wants to forward a local port (-L) as you say. He probably does not want to set up a dynamic socks proxy (-D).

Last edited by bulletmark (2014-08-16 23:13:32)

ewaller · 2014-08-16 23:26:06

You are, of course, correct. Posting in a hurry

xworld · 2014-08-22 03:39:11

Yes the xx did represent octets in an IP address. Thanks for the responses. I will try what you recommended but I don't think it will matter what port I choose or what kind of configuring I do on the LAN end, because my router simply won't allow anything from the outside through, even if I specify. Even if I disable the firewall, and create a rule to open port 12444 or whatever I decide, it still acts as though it is firewalled. A scan from the outside shows everything as filtered.

xworld · 2014-09-12 00:05:27

ewaller wrote:

I think, but I am not certain, that you have an incorrect concept as to how this works. If I may...
When you forward a port on ssh, you usually still connect to ssh on port 22. I think you are trying to forward port 12444, which presumably has some custom server sitting on it on your host (A game, something you wrote, etc...). If you can hit that port from your host at localhost:12444, or from your lan at your.private.ip.address:12444, then this is the case.
What I think you want to do is connect to sshd on port 22 using the ssh -L option to forward port 12444. What happens is that sshd on the host then opens a connection to its own localhost:12444 and sends that information through the ssh connection on port 22. At the client end, the ssh client opens a listener at its localhost:12444 and uses that as the endpoint for the data coming through the ssh pipe. If your server on the host on port 12444 happened to serve up http stuff, one could run a browser on the client machine and surf to http://localhost:12444 as that remote port appears to be a local port. You do not connect to the.hosts.public.ip:12444.
I hope I explained that well.
edit: changed -D to -L in the ssh command. Thanks to bulletmark and his post below

Would this method work from outside my network? Say I have an SSH server on port 12444 in a NATed network, and I want to connect to it from outside the network?

graysky · 2014-09-12 00:20:48

It's simple, ssh -p 12444 user@wanip

Make sure u have 12444 forwarding to the LAN ip and the firewall not blocking that.

HiImTye · 2014-09-15 08:45:08

be conscious of local firewalls also. did you set up, for instance, ufw or iptables to block unopened ports?

Arch Linux

#1 2014-08-16 20:29:42

Remote SSH and Port Forwarding

#2 2014-08-16 20:33:09

Re: Remote SSH and Port Forwarding

#3 2014-08-16 20:45:34

Re: Remote SSH and Port Forwarding

#4 2014-08-16 21:05:10

Re: Remote SSH and Port Forwarding

#5 2014-08-16 23:12:42

Re: Remote SSH and Port Forwarding

#6 2014-08-16 23:26:06

Re: Remote SSH and Port Forwarding

#7 2014-08-22 03:39:11

Re: Remote SSH and Port Forwarding

#8 2014-09-12 00:05:27

Re: Remote SSH and Port Forwarding

#9 2014-09-12 00:20:48

Re: Remote SSH and Port Forwarding

#10 2014-09-15 08:45:08

Re: Remote SSH and Port Forwarding

Board footer