Can't get through to my server from external but can if I'm internal

pokerblogger

OSNN Addict
Joined
8 Jun 2006
Messages
125
I set my linksys router to have port forwarding to the SSH port but when I try connecting from an external network I get a timeout. If I'm connected to my network internally and SSH the port forwarding goes to the correct server and I'm able to login.

Externally, SSH times out and so does ping - Traceroute makes it as far as my local Comcast . . .

Any ideas?
 
If you can do it internally but not externally, something has to be configured incorrectly on the router I would wreckon.

Try RDP to see if you can get through?
 
Well a ping isn't a true test, as you probably have ICMP blocked.

I still say double-check your firewall though, what is the make/model of it? Post a screenshot of your port forwarding screen?
 
Image of port forwarding screen attached . . .
 

Attachments

  • portforward.jpg
    portforward.jpg
    120.3 KB · Views: 92
I noticed I had "Block WAN Request" enabled in the "filtering" tab, this may have been the issue. I'll have to try externally but I think this may have been the issue. Thank you everyone for the help.

did you ip address change on the server?
Nope, the server has a static IP assigned.

posts merged
 
Last edited by a moderator:
Ok, so I've tried everything now, reset the router to factory defaults, followed instructions for enabling ssh step by step and nothing.

Should I buy a new router? Could it be the Debian box? Should I just nuke that and install FreeBSD? It seems like it isn't the Linux box if I'm able to ssh in while inside my network . . . but that also means the linksys router is forwarding right? What the hell could be causing this?
 
I'm sorry for not suggesting this earlier, but it could be possible your ISP is blocking the ports necessary to access it. It could be a longshot, depending on your provider and config, but it's something you should try. SSH isn't illegal, so there is no harm in contacting your ISP and asking them if they block the port. If they are, they might even unblock it for you.

Most ISPs will block ports by default, such as ports required for SMTP/POP3 because they don't want people running e-mail servers. Also common ports to block are those necessary for VPN connections. All viable purposes, but blocked for the safety of the consumers for the most part. In different instances, I have had all ports opened successfully by contacting my ISP and providing due cause.

Furthermore, it's not the OS because everything works fine internally. I don't think it's the router because you reset to defaults and that is essentially the "loosest" config.
 
OK, thank you for the assurance on the Debian setup :)

I called COMCAST and they said that "all ports are open"

I then proceeded to reset my router again.

I disabled "Block WAN" on the router.

I setup port forwarding to forward port 22 to port 22 on the local IP of my server.

I ran a test on grc.com which said that port 22 was in "stealth" mode. Could this be the problem?
 
Sounds like it isn't listening on 22. Is ssh listening on port 22 on the debian box? I would do a nmap [port] scan inside your LAN and see what is open on the debian PC, just to make it is in fact listing on port 22.

If comcast is in fact blocking ssh, just because lvl1 tech said they aren't doesn't really mean anything. ;) Try forwarding port 2222 to port 22 and connect using ssh username@hostname.com:2222
 
Ok - I got it :)

Wound up being the Linux box being misconfigured. Thank you everyone for the help!
 

Members online

No members online now.

Latest profile posts

Also Hi EP and people. I found this place again while looking through a oooollllllldddd backup. I have filled over 10TB and was looking at my collection of antiques. Any bids on the 500Mhz Win 95 fix?
Any of the SP crew still out there?
Xie wrote on Electronic Punk's profile.
Impressed you have kept this alive this long EP! So many sites have come and gone. :(

Just did some crude math and I apparently joined almost 18yrs ago, how is that possible???
hello peeps... is been some time since i last came here.
Electronic Punk wrote on Sazar's profile.
Rest in peace my friend, been trying to find you and finally did in the worst way imaginable.

Forum statistics

Threads
62,015
Messages
673,494
Members
5,621
Latest member
naeemsafi
Back