[SOLVED] SSH port forwarding issue

matyo · 2020-09-21 08:23:42

Hi,

I'm trying to access my computer that has a private static IP from an outside network using a public IP of my router through port forwarding.

On my host:
sshd.service is running;
/etc/ssh/sshd_config port is set to 49190
static ip 192.168.1.100

On my router:
setup the static IP under DHCP reservations to 192.168.1.100
setup the "Virtual Server" under NAT setting from port 49190 to 49190 on 192.168.1.100
reboot

Log into my windows computer, run Putty and type in my public IP address with port 49190.
I get an error: Network connection timeout

I don't know what the problem could be. However, when I try it in my LAN using the private IP of the SSH server, it connects.

Last edited by matyo (2020-09-22 16:53:50)

schard · 2020-09-21 08:29:26

Do you use a firewall on the SSH server?
If so, please provide any relevant config.
Please also provide the server's network configuration and status of sshd.

Also, setting the SSH port to a non-standard one, to reduce the basic noise in the logs, is something you can do in your NAT firewall.
There is probably no reason to have it running on a non-standard port on the server.

In any case, please also provide a complete nmap scan of the server's SSH port from within the local network and from the outside.

Last edited by schard (2020-09-21 08:30:52)

jonno2002 · 2020-09-21 08:38:40

sounds like your router doesnt support NAT hairpinning/loopback, which allows access to services within your LAN from the WAN ip of the router, either that or you need to enable said function

solskog · 2020-09-21 09:24:25

Some routers use the term "Virtual Server" for port forwarding. routers supprt port fowarding doesn't necessarily also support NAT loopback. It seems OP tested his setup within LAN using external IP address. A better way to test his setup maybe using an external network e.g: mobile tethering.

matyo · 2020-09-22 16:53:20

I've solved the problem. My router/modem does support "Virtual Server" configuration. I don't know what the problem was, but it didn't want to connect using my public IP.
I essentially bypassed my ISP's router using an Asus router.

If anyone is interested in the solution, here is what i did:

Setup:
-I bought the cheapest router i could find(ASU SRT-AC51),
-connected its WAN port to my ISP's router/modem LAN port,
-connected my computer to the asus router LAN port,

ISP router:
-reserve a static IP for Asus router on 192.168.1.100
-enable DMZ on 192.168.1.100

Asus router:
-set WAN static IP to 192.168.1.100
-WAN default gateway 192.168.1.1
-LAN IP/gateway 192.168.50.1
-LAN DHCP from 192.168.50.2 - 192.168.50.254
-reserve a static IP for SSH server on 192.168.50.100
-under WAN -> Virtual Server / Port Forwarding I added a profile: IP is 192.168.50.100; external and internal port 49190; protocol TCP/UDP

SSH server:
setup the ssh config file to port 49190
run the sshd.service
setup a static IP to 192.168.50.100
done

I tested it with Putty and it works.

bulletmark · 2020-09-22 22:27:52

matyo wrote:

I don't know what the problem was, but it didn't want to connect using my public IP.

The two users just above told you what the problem likely is, i.e. NAT loopback not available on that router. So you simply can not test it from within your local LAN but it probably works if you connect externally which is the point of what you are trying to achieve.

I tested it with Putty and it works.

It "works" but is an awkward and inefficient setup. You are likely double-NAT'ing all your internet connections.

Last edited by bulletmark (2020-09-22 22:47:57)

Arch Linux

#1 2020-09-21 08:23:42

[SOLVED] SSH port forwarding issue

#2 2020-09-21 08:29:26

Re: [SOLVED] SSH port forwarding issue

#3 2020-09-21 08:38:40

Re: [SOLVED] SSH port forwarding issue

#4 2020-09-21 09:24:25

Re: [SOLVED] SSH port forwarding issue

#5 2020-09-22 16:53:20

Re: [SOLVED] SSH port forwarding issue

#6 2020-09-22 22:27:52

Re: [SOLVED] SSH port forwarding issue

Board footer