I can't SSH into my remote computer likely due to the router

1

I setup a computer running debian that I want to SSH into. I have 2 computers on the network (remote), the first is an old XP machine which is about to be replaced, and the second is the debian computer which is the replacement. From outside the network I can VNC to the XP machine which then, using PuTTY, I can SSH into the debian computer (So I know the computer is up) I've watched the auth.log when I try to SSH into the debian computer directly and nothing changes. When I do try to SSH directly to the debian computer I get a timeout error. This leads me to the problem being at the router.

I have already changed the port from 22 to something else, we'll say 44444. I've gone into the router and forwarded port 44444 for TCP (and once that didn't work UDP too just to be safe). I setup all the port forwarding correctly for VNC on the XP machine so I don't think the port forwarding setup is the issue.

Any ideas on what the problem could be?

Edit: In case it matters the XP machine and debian machine are both connected to the router through a switch but I can see the IP's of both machines when I log into the router so I didn't think there's any issue there.

user1424311

Posted 2014-04-04T01:32:19.563

Reputation: 11

What is the router make / model / version? Also, are you sure you're forwarding those ports to the correct machine? (e.g. the Debian machine, instead of the XP machine) – Slartibartfast – 2014-04-04T03:41:13.007

The only difference I could see was that the port forwarding for the XP machine was Any Port-> VNC Port however for the debian machine forwarding it was SSH Port -> SSH Port. I changed it to match so it is now Any Port -> SSH Port and it works. My question now is, why does it have to be any incoming port? Shouldn't I specify the single incoming port? – user1424311 – 2014-04-04T15:16:43.660

Just a thought but if you have any port -> VNC and SSH port -> SSH your router might evaluate them in order and sends SSH port to VNC. Have you tried simply disabling the port redirection for VNC or specifying VNC port -> VNC? – user2313067 – 2014-04-04T15:29:21.710

I have a number of port forwarding rules and they are all any -> specific. Most were automatically created for various programs including some which I can't disable as they are set by the ISP. The only rule I created was the one for VNC. So in short, I can't disable all of the Any->Specific port forwarding rules. – user1424311 – 2014-04-04T16:30:35.953

Answers

0

The port forwarding was set so only the single incoming port would forward to the single outgoing port in the router. This had to be updated to any incoming port would be forwarded to the single outgoing port.

user1424311

Posted 2014-04-04T01:32:19.563

Reputation: 11

Are you sure that the rule you are referring to was a NAT rule, and not a firewall rule that restricted the source port, requiring a source port equal to the destination port (which is uncommon for TCP services with ports lower than 1024) – Slartibartfast – 2014-04-08T03:25:08.720

I'm not sure if it was a NAT rule or firewall rule. I'm just editing the "Port Forwarding" section of my router. – user1424311 – 2014-04-08T21:45:00.230

I'm curious about the reason this worked, so I'm still curious about the make / model of the router, but I understand if you don't feel comfortable sharing the info. – Slartibartfast – 2014-04-09T03:58:17.127

It's a Westell A90-9100em15-10 – user1424311 – 2014-04-09T14:49:22.113

Asked: 2014-04-04T01:32:19.563

Viewed: 322 times

Active: 2014-04-04T15:21:46.370