You are not logged in.
I have a ArchLinux+ZFS system. I am wanting to create a server out of it, it is behind a router with NAT. Internal IP is 192.168.1.9. I set up port forwarding for SSH for port 22 to go to that server. I have even installed ufw, and set it to allow connections to port 22. I keep getting connection refused. I can connect inside the network, but not using the IP address that is my router's. I have tried searching but all I am mostly seeing is to set up port forwarding.
Last edited by ndowens04 (2013-08-31 16:43:11)
ArchLinux + ZFS
Offline
So what have you tried? There's a bunch of suggestions on the wiki page. What results do you get?
CLI Paste | How To Ask Questions
Arch Linux | x86_64 | GPT | EFI boot | refind | stub loader | systemd | LVM2 on LUKS
Lenovo x270 | Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz | Intel Wireless 8265/8275 | US keyboard w/ Euro | 512G NVMe INTEL SSDPEKKF512G7L
Offline
Hi,
if you are trying to connect using your external ip address from inside the network, many home routers do not support it. I have been stuck with the same issue before. Try connecting from a friend's house and see if it will work. I am no networking guru but AFAIK, to do what you want, you need a router with "nat hairpinning" feature. If you have a d-link router, you might be in luck. Check this
Last edited by kermana (2013-08-25 06:01:39)
Offline
I have a netgear router. Like I said I looked at the port forwarding crap and looked at the ssh wiki. I tired changing port for ssh and it gave connection refused. I am using a dynamic DNS and I pinged the URL and it does list my ip address so I know it isn't anybody else's IP. I am even trying to use vsftpd and I can't connect to that either. It seems to me my connections are being blocked by router or doesn't understand that it is suppose to forward to a certain pc and it blocks it instead
I have tried connecting to it through this phone when it is on 3g instead of the network and it is the same issue.
Last edited by ndowens04 (2013-08-25 11:45:01)
ArchLinux + ZFS
Offline
seems to me my connections are being blocked by router
Run e.g. iptraf or wireshark (or even iptables logging) on the Linux server, to see if the packets are being forwarded by the router.
Offline
I have a netgear router. Like I said I looked at the port forwarding crap and looked at the ssh wiki. I tired changing port for ssh and it gave connection refused. I am using a dynamic DNS and I pinged the URL and it does list my ip address so I know it isn't anybody else's IP. I am even trying to use vsftpd and I can't connect to that either. It seems to me my connections are being blocked by router or doesn't understand that it is suppose to forward to a certain pc and it blocks it instead
I have tried connecting to it through this phone when it is on 3g instead of the network and it is the same issue.
Try this:
On the server machine, where you 'sudo ufw allow SSH'
Verify this by: 'sudo iptables -L -n | grep -i ssh'
You should see something like: ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 /* 'dapp_SSH' */
If you see this, then this machine is open to the internet for SSH connections.
Now, make sure you start your SSH server.
Now, this handy little code piece finds your actual IP#
wget http://checkip.dyndns.org/ -O - -o /dev/null | cut -d: -f 2 | cut -d\< -f 1
Now if you can 'ssh 192.168.x.x' (assuming 192.168.x.x is your internal server machine), successfully, try
the next command, 'ssh YOUR-IP' (using the actual IP# from the above WGET code).
** Your router should have an option to toggle NAT Filtering.
Last edited by Kilzool (2013-08-25 15:22:55)
Offline
Can't atm on my phone at work but I did try looking at the iptable to verify it is open and it was. Seems I even tried disabling Nat by selecting open instead of secured and I used GRC. com and port 22 and most of the rest was stealthed
ArchLinux + ZFS
Offline
ndowens04 wrote:I have a netgear router. Like I said I looked at the port forwarding crap and looked at the ssh wiki. I tired changing port for ssh and it gave connection refused. I am using a dynamic DNS and I pinged the URL and it does list my ip address so I know it isn't anybody else's IP. I am even trying to use vsftpd and I can't connect to that either. It seems to me my connections are being blocked by router or doesn't understand that it is suppose to forward to a certain pc and it blocks it instead
I have tried connecting to it through this phone when it is on 3g instead of the network and it is the same issue.
Try this:
On the server machine, where you 'sudo ufw allow SSH'
Verify this by: 'sudo iptables -L -n | grep -i ssh'
You should see something like: ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 /* 'dapp_SSH' */If you see this, then this machine is open to the internet for SSH connections.
Now, make sure you start your SSH server.
Now, this handy little code piece finds your actual IP#
wget http://checkip.dyndns.org/ -O - -o /dev/null | cut -d: -f 2 | cut -d\< -f 1
Now if you can 'ssh 192.168.x.x' (assuming 192.168.x.x is your internal server machine), successfully, try
the next command, 'ssh YOUR-IP' (using the actual IP# from the above WGET code).** Your router should have an option to toggle NAT Filtering.
I get, from iptables -L | grep ssh, this:
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT udp -- anywhere anywhere udp dpt:ssh
So it doesn't seem to be a issue with the firewall on server.
ArchLinux + ZFS
Offline
Kilzool wrote:ndowens04 wrote:I have a netgear router. Like I said I looked at the port forwarding crap and looked at the ssh wiki. I tired changing port for ssh and it gave connection refused. I am using a dynamic DNS and I pinged the URL and it does list my ip address so I know it isn't anybody else's IP. I am even trying to use vsftpd and I can't connect to that either. It seems to me my connections are being blocked by router or doesn't understand that it is suppose to forward to a certain pc and it blocks it instead
I have tried connecting to it through this phone when it is on 3g instead of the network and it is the same issue.
Try this:
On the server machine, where you 'sudo ufw allow SSH'
Verify this by: 'sudo iptables -L -n | grep -i ssh'
You should see something like: ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 /* 'dapp_SSH' */If you see this, then this machine is open to the internet for SSH connections.
Now, make sure you start your SSH server.
Now, this handy little code piece finds your actual IP#
wget http://checkip.dyndns.org/ -O - -o /dev/null | cut -d: -f 2 | cut -d\< -f 1
Now if you can 'ssh 192.168.x.x' (assuming 192.168.x.x is your internal server machine), successfully, try
the next command, 'ssh YOUR-IP' (using the actual IP# from the above WGET code).** Your router should have an option to toggle NAT Filtering.
I get, from iptables -L | grep ssh, this:
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT udp -- anywhere anywhere udp dpt:sshSo it doesn't seem to be a issue with the firewall on server.
I always thought iptables needed a port #, not a service name.
But assuming yours is fine....
OK, so on your router, you have PORT 22 (TCP/UDP) enabled, to redirect to your server IP#.
(Port Forwarding)
You have a dynamic IP#.
So you should be able to SSH from any machine to your server.
FTP is PORT 21. I'm not sure what port VSFTP uses for secure ftp.
With WAN NAT Redirection filter on, you wouldn't be able to ssh (your server's dynamic IP), but you can ssh to it's internal 192.168.x.x ip.
From another location, you should be able to SSH to your Dynamic IP#, and it would redirect to your server IP#.
If connection refused is still happening.. we must look into your SSHD configuration.
Offline
Emailed my isp seems the dsl modern is blocking since it has a router in it. Gotta call and get them to open the ports hopefully I can get them to open it completely. I will mark as solved if it works
ArchLinux + ZFS
Offline