You are not logged in.

#1 2013-08-25 02:00:57

ndowens04
Member
Registered: 2009-05-07
Posts: 25

Server behind NAT Router [Solved]

I have a ArchLinux+ZFS system. I am wanting to create a server out of it, it is behind a router with NAT. Internal IP is 192.168.1.9. I set up port forwarding for SSH for port 22 to go to that server.  I have even installed ufw, and set it to allow connections to port 22. I keep getting connection refused. I can connect inside the network, but not using the IP address that is my router's. I have tried searching but all I am mostly seeing is to set up port forwarding.

Last edited by ndowens04 (2013-08-31 16:43:11)


ArchLinux + ZFS

Offline

#2 2013-08-25 02:30:31

cfr
Member
From: Cymru
Registered: 2011-11-27
Posts: 7,130

Re: Server behind NAT Router [Solved]

So what have you tried? There's a bunch of suggestions on the wiki page. What results do you get?


CLI Paste | How To Ask Questions

Arch Linux | x86_64 | GPT | EFI boot | refind | stub loader | systemd | LVM2 on LUKS
Lenovo x270 | Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz | Intel Wireless 8265/8275 | US keyboard w/ Euro | 512G NVMe INTEL SSDPEKKF512G7L

Offline

#3 2013-08-25 05:31:01

kermana
Member
Registered: 2009-04-13
Posts: 60

Re: Server behind NAT Router [Solved]

Hi,

if you are trying to connect using your external ip address from inside the network, many home routers do not support it. I have been stuck with the same issue before. Try connecting from a friend's house and see if it will work. I am no networking guru but AFAIK, to do what you want, you need a router with "nat hairpinning" feature. If you have a d-link router, you might be in luck. Check this

Last edited by kermana (2013-08-25 06:01:39)

Offline

#4 2013-08-25 11:43:11

ndowens04
Member
Registered: 2009-05-07
Posts: 25

Re: Server behind NAT Router [Solved]

I have a netgear router. Like I said I looked at the port forwarding crap and looked at the ssh wiki. I tired changing port for ssh and it gave connection refused. I am using a dynamic DNS and I pinged the URL and it does list my ip address so I know it isn't anybody else's IP. I am even trying to use vsftpd and I can't connect to that either. It seems to me my connections are being blocked by router or doesn't understand that it is suppose to forward to a certain pc and it blocks it instead

I have tried connecting to it through this phone when it is on 3g instead of the network and it is the same issue.

Last edited by ndowens04 (2013-08-25 11:45:01)


ArchLinux + ZFS

Offline

#5 2013-08-25 14:02:10

brebs
Member
Registered: 2007-04-03
Posts: 3,742

Re: Server behind NAT Router [Solved]

ndowens04 wrote:

seems to me my connections are being blocked by router

Run e.g. iptraf or wireshark (or even iptables logging) on the Linux server, to see if the packets are being forwarded by the router.

Offline

#6 2013-08-25 15:21:17

Kilzool
Member
From: Ireland
Registered: 2010-08-04
Posts: 232

Re: Server behind NAT Router [Solved]

ndowens04 wrote:

I have a netgear router. Like I said I looked at the port forwarding crap and looked at the ssh wiki. I tired changing port for ssh and it gave connection refused. I am using a dynamic DNS and I pinged the URL and it does list my ip address so I know it isn't anybody else's IP. I am even trying to use vsftpd and I can't connect to that either. It seems to me my connections are being blocked by router or doesn't understand that it is suppose to forward to a certain pc and it blocks it instead

I have tried connecting to it through this phone when it is on 3g instead of the network and it is the same issue.


Try this:

On the server machine, where you 'sudo ufw allow SSH'

Verify this by:  'sudo iptables -L -n  | grep -i ssh'
You should see something like: ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:22 /* 'dapp_SSH' */

If you see this, then this machine is open to the internet for SSH connections.

Now, make sure you start your SSH server.

Now, this handy little code piece finds your actual IP#

wget http://checkip.dyndns.org/ -O - -o /dev/null | cut -d: -f 2 | cut -d\< -f 1

Now if you can 'ssh 192.168.x.x' (assuming 192.168.x.x  is your internal server machine), successfully, try
the next command,  'ssh YOUR-IP'  (using the actual IP# from the above WGET code).

** Your router should have an option to toggle NAT Filtering.

Last edited by Kilzool (2013-08-25 15:22:55)

Offline

#7 2013-08-25 17:06:06

ndowens04
Member
Registered: 2009-05-07
Posts: 25

Re: Server behind NAT Router [Solved]

Can't atm on my phone at work but I did try looking at the iptable to verify it is open and it was. Seems I even tried disabling Nat by selecting open instead of secured and I used GRC. com and port 22 and most of the rest was stealthed


ArchLinux + ZFS

Offline

#8 2013-08-25 22:55:28

ndowens04
Member
Registered: 2009-05-07
Posts: 25

Re: Server behind NAT Router [Solved]

Kilzool wrote:
ndowens04 wrote:

I have a netgear router. Like I said I looked at the port forwarding crap and looked at the ssh wiki. I tired changing port for ssh and it gave connection refused. I am using a dynamic DNS and I pinged the URL and it does list my ip address so I know it isn't anybody else's IP. I am even trying to use vsftpd and I can't connect to that either. It seems to me my connections are being blocked by router or doesn't understand that it is suppose to forward to a certain pc and it blocks it instead

I have tried connecting to it through this phone when it is on 3g instead of the network and it is the same issue.


Try this:

On the server machine, where you 'sudo ufw allow SSH'

Verify this by:  'sudo iptables -L -n  | grep -i ssh'
You should see something like: ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:22 /* 'dapp_SSH' */

If you see this, then this machine is open to the internet for SSH connections.

Now, make sure you start your SSH server.

Now, this handy little code piece finds your actual IP#

wget http://checkip.dyndns.org/ -O - -o /dev/null | cut -d: -f 2 | cut -d\< -f 1

Now if you can 'ssh 192.168.x.x' (assuming 192.168.x.x  is your internal server machine), successfully, try
the next command,  'ssh YOUR-IP'  (using the actual IP# from the above WGET code).

** Your router should have an option to toggle NAT Filtering.

I get, from iptables -L | grep ssh, this:
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh
ACCEPT     udp  --  anywhere             anywhere             udp dpt:ssh

So it doesn't seem to be a issue with the firewall on server.


ArchLinux + ZFS

Offline

#9 2013-08-26 15:49:08

Kilzool
Member
From: Ireland
Registered: 2010-08-04
Posts: 232

Re: Server behind NAT Router [Solved]

ndowens04 wrote:
Kilzool wrote:
ndowens04 wrote:

I have a netgear router. Like I said I looked at the port forwarding crap and looked at the ssh wiki. I tired changing port for ssh and it gave connection refused. I am using a dynamic DNS and I pinged the URL and it does list my ip address so I know it isn't anybody else's IP. I am even trying to use vsftpd and I can't connect to that either. It seems to me my connections are being blocked by router or doesn't understand that it is suppose to forward to a certain pc and it blocks it instead

I have tried connecting to it through this phone when it is on 3g instead of the network and it is the same issue.


Try this:

On the server machine, where you 'sudo ufw allow SSH'

Verify this by:  'sudo iptables -L -n  | grep -i ssh'
You should see something like: ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:22 /* 'dapp_SSH' */

If you see this, then this machine is open to the internet for SSH connections.

Now, make sure you start your SSH server.

Now, this handy little code piece finds your actual IP#

wget http://checkip.dyndns.org/ -O - -o /dev/null | cut -d: -f 2 | cut -d\< -f 1

Now if you can 'ssh 192.168.x.x' (assuming 192.168.x.x  is your internal server machine), successfully, try
the next command,  'ssh YOUR-IP'  (using the actual IP# from the above WGET code).

** Your router should have an option to toggle NAT Filtering.

I get, from iptables -L | grep ssh, this:
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh
ACCEPT     udp  --  anywhere             anywhere             udp dpt:ssh

So it doesn't seem to be a issue with the firewall on server.


I always thought iptables needed a port #, not a service name.
But assuming yours is fine....

OK, so on your router, you have PORT 22 (TCP/UDP) enabled, to redirect to your server IP#.
(Port Forwarding)
You have a dynamic IP#.

So you should be able to SSH from any machine to your server.
FTP is PORT 21.  I'm not sure what port VSFTP uses for secure ftp.

With WAN NAT Redirection filter on, you wouldn't be able to ssh (your server's dynamic IP), but you can ssh to it's internal 192.168.x.x ip.

From another location, you should be able to SSH to your Dynamic IP#, and it would redirect to your server IP#.

If connection refused is still happening.. we must look into your SSHD configuration.

Offline

#10 2013-08-26 16:53:04

ndowens04
Member
Registered: 2009-05-07
Posts: 25

Re: Server behind NAT Router [Solved]

Emailed my isp seems the dsl modern is blocking since it has a router in it. Gotta call and get them to open the ports hopefully I can get them to open it completely. I will mark as solved if it works


ArchLinux + ZFS

Offline

Board footer

Powered by FluxBB