Router Port Forwarding and SSH

1

I would like to access my Ubuntu PC remotely via SSH. The SSH daemon is currently listening on port [x]. My router is a ASUS DSL-N12E.

I have created a rule for the firewall with the following parameters:

  • Protocol: TCP
  • Direction: Downstream
  • Source Port: [x]
  • Dest IP/Mask: 192.168.1.100/255.255.255.255
  • Dest Port: [x]

and a NAT Virtual Server rule with the following parameters:

  • Protocol: TCP
  • Local IP: 192.168.1.100
  • Local Port: [x]
  • WAN IP: pppoe1
  • WAN Port: [x]

I'm able to connect to the SSH server from the local network, using ssh -p [x] myuser@192.168.1.100, but I can't do it using ssh -p [x] myuser@mypublicip. I'm guessing there's something wrong with the router configuration although canyouseeme.org says that port [x] is open.

Any ideas about what I might be doing wrong?

Delfad0r

Posted 2015-01-04T22:34:58.580

Reputation: 113

try ssh -v. but that aside, set a key or super strong password and temporarily remove the firewall rules I wonder if Dest IP/Mask: 192.168.1.100/255.255.255.255 is wrong. what firewall is it? though normally if the online port svanner syas it can see it then the firewall is fine. do telnet or nc to it see if it says openssh or what. – barlop – 2015-01-04T23:57:20.540

Answers

2

This is a common issue on a lot of routers.

It sounds simply like you need to enable NAT reflection, Nat hairpin or NAT loopback, the name changes on different routers - but be warned that not all routers support it.

... Please check your firmware version, it looks like your router either didn't support it out the box, or has been buggy... I just found this, although 6 months old, it indicates a firmware fix where loopback wasn't always working. (Don't get from here - check Asus directly for even newer).

William Hilsum

Posted 2015-01-04T22:34:58.580

Reputation: 111 572

I will definitely check that out, but please tell me if I have understood correctly: without NAT reflection, I will still be able to remotely connect to my SSH server - just not from home; is that correct? – Delfad0r – 2015-01-04T22:51:29.040

Yep. Every connection that goes through the router has to be processed by different chains - one chain would be WAN in, another would be LAN in... Nat by default is only applied to WAN in, so, when you attempt to access your external IP (which exists on WAN), your router has no idea how to connect it back to you.. Nat reflection is basically a little addon that tells the router to apply the NAT rules to packets that originate from the LAN side... (Ok... not exactly, but, hopefully this gets the basics across to you!?) – William Hilsum – 2015-01-04T22:54:17.950

Thank you! Sadly, even though I'm running the (almost) most recent firmware version, I can't seem to be able to find anything about "NAT loopback" or similar. No big deal though, my biggest concern was being able to access it remotely - which I am :) – Delfad0r – 2015-01-04T23:08:13.560

I would update to the latest firmware to rule out issues - on most consumer routers, it isn't always an option - most likely it is either off or on by default and it requires ssh/telnet in order to change... hopefully the firmware update will give it the kick it needs – William Hilsum – 2015-01-04T23:29:11.410

@Delfad0r you could try from your phone. make your phone a wireless hotspot. – barlop – 2015-01-05T00:02:27.867

@WilliamHilsum I will try that, but - as I said - no big deal: I can always use myuser@192.168.1.100 to connect from local network and myuser@mypublicip from outside – Delfad0r – 2015-01-05T00:12:28.770

@Delfad0r +1 for him for his suggested solution, but Try it before you accept the answer, otherwise you haven't verified that this is the solution to your question. Though it likely is the solution. You can test if that was the issue by going to an Internet Cafe. Or by connecting a computer to your phone set as wireless hotpsot so your computer isn't behind your LAN. – barlop – 2015-01-05T02:18:11.323

@barlop I have already tried connecting from my phone that and it works, I wouldn't have accepted the answer otherwise ;) – Delfad0r – 2015-01-05T09:24:35.393

0

You can able to connect your machine with ssh access on local network but unable to access remotely.

you can connect through ;ocal network is because the port[x] was opened in your machine and you using local ip to access it

Please check your port forwarding setting was perfect.

Also cross check the listening port from remote ip to your public ip with telnet

telnet [remote_ip] [port_number]

Hope this helps!

vembutech

Posted 2015-01-04T22:34:58.580

Reputation: 5 693

Asked: 2015-01-04T22:34:58.580

Viewed: 1 348 times

Active: 2017-03-01T02:11:44.040