You are not logged in.
- Topics: Active | Unanswered
#1 2016-11-30 06:17:51
- Mar
- Member
- Registered: 2016-05-08
- Posts: 11
ssh into virtual machine from outside network
So this has really got me stumped. The best part about this is I am able to remotely log into my home router using ssh, so I know I can reach my network from outside, but for the life of me I cannot touch my vm inside my network.
I'm using virtualbox, already set the vm to use a bridged adapter, its ip is static, and the tcp port that I want to use has been forwarded to it (as far as my router is telling me). I also made sure my ssh server is listening on the port I selected, and the port is allowed through the vm's firewall. The result is always "connection refused," and "sudo tcpdump -lvvi any port myport" on the vm remains a ghost town.
What am I missing?
from the shadows of war's past a demon of the air rises from the grave
"Onward to the land of kings—via the sky of aces!"
Offline
#2 2016-11-30 07:20:17
- bulletmark
- Member
- From: Brisbane, Australia
- Registered: 2013-10-22
- Posts: 653
Re: ssh into virtual machine from outside network
Can we assume you are running Arch on the VM?
If you have set the VM's network interface to bridged then it just another PC on your home network so you should be able to ssh to it from your host. That is the first test you can do.
Note that normally you would just let the ssh server listen on it's default port 22 and forward whatever external port you like from your home router to port 22 on your VM_ip_lan_address. Probably not related to your issue but always best to keep things clean and simple.
BTW, what exactly do you mean by "the port is allowed through the vm's firewall". AFAIK, Virtualbox does apply any special firewalling. What setting are you referring to?
Last edited by bulletmark (2016-11-30 07:24:01)
Offline
#3 2016-11-30 07:32:53
- Mar
- Member
- Registered: 2016-05-08
- Posts: 11
Re: ssh into virtual machine from outside network
Yes sorry, it is Arch Linux. iptables is the vm's firewall, managed with gufw. I did try doing all of the above with port 22 as well, same result. Stupid me probably should have also mentioned that I am able to ssh into the vm from inside my local network without any problems. The only thing I can think of is my router is not allowing any incoming connections at all despite the port forwarding.
from the shadows of war's past a demon of the air rises from the grave
"Onward to the land of kings—via the sky of aces!"
Offline
#4 2016-11-30 22:35:48
- bulletmark
- Member
- From: Brisbane, Australia
- Registered: 2013-10-22
- Posts: 653
Re: ssh into virtual machine from outside network
Well clearly if you can ssh to the VM from elsewhere within your LAN then the problem seems to be on the router side. Sorry, can't really help there. Port forwarding (for ssh and other various other services) has always been a simple function which has worked fine in all the home routers I have used.
Offline
#5 2016-11-30 22:42:12
- Slithery
- Administrator
- From: Norfolk, UK
- Registered: 2013-12-01
- Posts: 5,776
Re: ssh into virtual machine from outside network
Try port scanning your external IP (from outside your network) just to confirm that your port forwarding is set up correctly. You can use nmap from an external host for this or a quick google for 'portscan' throws up a load of websites that will do this for you.
You can use...
ssh -vvv <IP-address>to get more details on what is going wrong.
It's also worth checking https://portforward.com/ for your specific router just to make sure you're configuring it properly.
Last edited by Slithery (2016-11-30 23:11:59)
Offline
#6 2016-11-30 22:42:25
- Mar
- Member
- Registered: 2016-05-08
- Posts: 11
Re: ssh into virtual machine from outside network
I understand. Thanks for trying to help.
Maybe it'll go through if I write the port number on a hammer and smash the router with it.
from the shadows of war's past a demon of the air rises from the grave
"Onward to the land of kings—via the sky of aces!"
Offline
#7 2016-11-30 23:12:23
- Slithery
- Administrator
- From: Norfolk, UK
- Registered: 2013-12-01
- Posts: 5,776
Re: ssh into virtual machine from outside network
Just a stupid question here.
You are trying to connect to your external IP, not the internal IP of the VM aren't you?
Also if you want me to scan you just PM me your external IP and I can run a full nmap scan from one of my machines.
Offline
#8 2016-12-01 01:46:38
- Mar
- Member
- Registered: 2016-05-08
- Posts: 11
Re: ssh into virtual machine from outside network
Just a stupid question here.
You are trying to connect to your external IP, not the internal IP of the VM aren't you?Also if you want me to scan you just PM me your external IP and I can run a full nmap scan from one of my machines.
Yes, connecting to my router's external IP from outside.
Would your nmap be any different from checking the ports with something like http://www.canyouseeme.org/ ?
BTW, the only time I see an open port with http://www.canyouseeme.org/ is on 22 when I have the ssh console enabled on my router. With the router's ssh console disabled, on the vm I set the ssh daemon to listen on 22, disabled the firewall completely on the vm, forwarded 22 to the vm, http://www.canyouseeme.org/ testing port 22 says connection timed out.
My router is a ZyXEL PK5001Z. I did do the port forwarding correctly and made sure by visiting https://portforward.com/ . Advanced Setup > port forwarding > enter vm's lan ip, port to forward to it, select tcp (tried both too), click apply, and saw my entry appear in the list below. Is this thing just ignoring me or what?
from the shadows of war's past a demon of the air rises from the grave
"Onward to the land of kings—via the sky of aces!"
Offline
#9 2016-12-01 02:23:38
- bulletmark
- Member
- From: Brisbane, Australia
- Registered: 2013-10-22
- Posts: 653
Re: ssh into virtual machine from outside network
I would use the default port 22 on the VM as I said earlier, but I wouldn't use port 22 for the external port. Firstly, since your router has an ssh console then it is likely that is clashing with the port forward, even if you do have the ssh console disabled. I have seen this before. Secondly, I find it better to use an alternative port because there are a stack of ssh scanner bots out there and so you get constant stream of ssh login failures in your logs. Use a different port and you avoid this. Thirdly, if you are ssh'ing out to your home from a system within a corporate firewall, then those often block port 22 specifically, and many other outbound ports. I use port 443 (normally https) for my external ssh port because corporate firewalls usually leave outbound connections to that port alone. So, in summary, I forward port 443 from the external address on my router to port 22 on my ssh server.
Offline
#10 2016-12-01 07:51:05
- Mar
- Member
- Registered: 2016-05-08
- Posts: 11
Re: ssh into virtual machine from outside network
That sounded like a good idea, so I specified the remote port to be 443 in the port forward entry, but still got the same result.
I'm thinking I need to bridge this thing to a different router.
from the shadows of war's past a demon of the air rises from the grave
"Onward to the land of kings—via the sky of aces!"
Offline