Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
SSH tunnel problems [solved]
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
The Doctor
Moderator
Moderator


Joined: 27 Jul 2010
Posts: 2678

PostPosted: Thu Oct 04, 2012 12:51 am    Post subject: SSH tunnel problems [solved] Reply with quote

Hi,
Here is my setup. I have my Gentoo box, which happens to be a desktop, which has all my important docs. I have my laptop which I take to class. I would like to be able to access my files regardless of my actual location. My problem is that I can't seem to get into my box from the internet. I can ssh from my local network so I don't think the ssh setup is the problem. I have a Cisco linksys e1200 router that is set to forward port 22 (yes, I intend to change this to a higher port. Which one should I use?) to my computer's static ip. The router is set to forward TCP and UDP requests to my computer.

I used google to find the internet ip and I also checked my router. The ip address agree. I do have a modem as well, and the ISP is Comcast. Any suggestions?

EDIT: I did figure it out :oops: :oops: I was trying to ssh to the wrong ip address :oops: :oops:
_________________
First things first, but not necessarily in that order.

Apologies if I take a while to respond. I'm currently working on the dematerialization circuit for my blue box.


Last edited by The Doctor on Fri Oct 05, 2012 3:16 am; edited 1 time in total
Back to top
View user's profile Send private message
Hypnos
Advocate
Advocate


Joined: 18 Jul 2002
Posts: 2889
Location: Omnipresent

PostPosted: Thu Oct 04, 2012 1:43 am    Post subject: Reply with quote

Change ports and see -- Comcast may be blocking.
_________________
Personal overlay | Simple backup scheme
Back to top
View user's profile Send private message
The Doctor
Moderator
Moderator


Joined: 27 Jul 2010
Posts: 2678

PostPosted: Thu Oct 04, 2012 2:03 am    Post subject: Reply with quote

Thank you for your reply.

I used ssh -p 50683 <username>@<ip> but its still not working. Is this correct, or do I need to do something different? I made sure to update my sshd_config, firewall, and router settings but it still not working, from my laptop or from an outside server. It just times out. I can ssh locally.

I don't know if this makes any difference, but if I try to shh to my router I get a connection refused.
_________________
First things first, but not necessarily in that order.

Apologies if I take a while to respond. I'm currently working on the dematerialization circuit for my blue box.
Back to top
View user's profile Send private message
The Doctor
Moderator
Moderator


Joined: 27 Jul 2010
Posts: 2678

PostPosted: Thu Oct 04, 2012 2:11 am    Post subject: Reply with quote

:oops: It helps to use the right SSH command. Thanks for your help Hypnos.

In case anyone else need to do this, here is the proper command: ssh -p <port> <my_user>@<my_local_ip> -L <port>:<global_ip>:22

EDIT: actually this is not working when I try it at from another server. I am not sure if the server is just blocking it or if I'm using the wrong command.
_________________
First things first, but not necessarily in that order.

Apologies if I take a while to respond. I'm currently working on the dematerialization circuit for my blue box.
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 21431

PostPosted: Thu Oct 04, 2012 2:30 am    Post subject: Reply with quote

Are you trying this from an external host? Some NAT devices do not handle routing a connection that starts inside, connects to the outside IP address, and is rewritten to go back inside. If you are using an external host, what does tcpdump on your desktop say? What does tcpdump on your gateway say?
Back to top
View user's profile Send private message
The Doctor
Moderator
Moderator


Joined: 27 Jul 2010
Posts: 2678

PostPosted: Thu Oct 04, 2012 2:45 am    Post subject: Reply with quote

I am trying to test the setup using my laptop, which currently is connected to the local network, and by sshing to a remote server that I have an account on and sshing from there. So far, I think the laptop only connects locally, not from the net.

I get something like this on my desktop: http://pastebin.com/KYRNFidC

The router is, well, an ordinary router. I can't run commands on it.

I really don't know how I am supposed to configure it or ssh though it. I set it to forward my port, but if I try to ssh -<port> <user>@<global_ip> it times out whether I do it from a remote server or from my local laptop. I was trying to experiment with different commands because I really don't get how I am supposed to ssh here. This is my first attempt at setting up making my computer accessible from the net, and I admit I am a bit lost.
_________________
First things first, but not necessarily in that order.

Apologies if I take a while to respond. I'm currently working on the dematerialization circuit for my blue box.
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 21431

PostPosted: Fri Oct 05, 2012 1:55 am    Post subject: Reply with quote

If you get a timeout when the external machine attempts to connect back, then either the NAT rule is not set properly or some device along the way is filtering the connection request. A packet capture, as provided by tcpdump, can confirm whether the SYN reaches a particular device. Although most ISPs do not filter ssh, confirming that ssh is not filtered by your ISP is a good place to start. The easiest way to confirm this is to collect a packet capture from the gateway. Once you have confirmed that it is not filtered there, you can check whether the gateway is successfully forwarding the connection request to the internal host.

If you are not using a Linux based router, you may need to flash your router with a usable Linux before proceeding. Otherwise, attaining a root shell on your router should be sufficient. Some consumer grade "home router" products are capable of running general purpose Linux, but either ship with a locked down Linux or with some non-Linux system. You might be able to limp along with whatever administrative interface was provided by the manufacturer, but that is almost certainly vendor or even model specific. Our ability to help you with its interface and its output may be limited.
Back to top
View user's profile Send private message
The Doctor
Moderator
Moderator


Joined: 27 Jul 2010
Posts: 2678

PostPosted: Fri Oct 05, 2012 3:13 am    Post subject: Reply with quote

Thank you both for you help. I am honestly not quite sure what I did, but somehow it is working now. I can ssh form my box using my ip address and from a remote server I have an account on. I'm going to mark this as solved since it seems to be working properly. It may have something to do with enabling the port range forwarding and disabling the single port forwarding.

EDIT: :oops: :oops: I was using the wrong IP address. I can't believe I didn't notice before. Again, thank you for your efforts here and I apologize for not being as careful as I should have been about checking my typing,
_________________
First things first, but not necessarily in that order.

Apologies if I take a while to respond. I'm currently working on the dematerialization circuit for my blue box.
Back to top
View user's profile Send private message
Hypnos
Advocate
Advocate


Joined: 18 Jul 2002
Posts: 2889
Location: Omnipresent

PostPosted: Fri Oct 05, 2012 4:04 am    Post subject: Reply with quote

lol -- isn't the whole point of computers that we don't have to do tedious things like remember?
_________________
Personal overlay | Simple backup scheme
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum