SSH connection refused after port redirection

  • I have an issue with SSH as it does not work from outside of the home network. I performed a test using the same machine and Putty.


    In my home network I connected through local IP address and port 22. I tried to reach the device remotely using public IP and some high port (above 2000), which was assigned to me by ISP and linked to my device and its port 22. It seems like the device is reachable, but for some reason it refuses to establish connection. I use the same user, which is in ssh group. I have also allowed root user login, but it did not help.


    Do you know what might be the solution?

  • Hi,


    install tcpdump on your omv-box and check, whether the SSH pakets reach your server.

    I tried to run it on my 22 port with output saved to a file, but it seems like rubbish. Is it possible to make it save data in human-readable form?



    Are you trying to reach remotely on the wan side externally or from your local lan?

    Outside of my local LAN - tried from work, parent's home etc., but all the time it is the same.

  • I tried to run it on my 22 port with output saved to a file, but it seems like rubbish. Is it possible to make it save data in human-readable form?

    Just let it run in a console window.


    Assuming eth0 is your wan IF:


    tcpdump -i eth0 -n | grep "IP adress of your external client"


    Then you should see the pakets going to your box.

  • I did that, from the local network the answer was:


    Code
    SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u3

    from the outside network still connection refused.


    I still need to test with tcpdump, but need 2 machines for that (1 in local network running terminal with tcpdump and other trying to connect from outside).

  • Ok, I have tried

    Code
    tcpdump -i eth0 -n | grep "IP adress of your external client"

    with IP in the quotes, but it is showing nothing when I try to connect from the outside. So is it stuck somewhere on the router? Weird, my router is AP only. So maybe OMV has some internal firewall rules? I have set no rules by myself there.

  • Again the port forward is not configured correctly in the router probably. There are no firewall rules included by default in omv or debian. The default policy is ACCEPT in input, output and fwd chain

    Router settings are owned and configured by my ISP and they told me it is working correctly - I can access my Plex, OpenVPN and other services, but not SSH. Before, when the port was not forwarded the message was "server not reachable", while now it is different.

    • Offizieller Beitrag

    Router settings are owned and configured by my ISP and they told me it is working correctly


    I would said get a router you can configure. I am certain that if telnet did not give anything neither tcpdump then is not forwarding. What if the people from the isp put UDP instead of TCP?
    How is the message different now?


    Try this


    http://www.yougetsignal.com/tools/open-ports/


    Just to discard the firewall, check it


    iptables -vnL post the output here

  • I would said get a router you can configure. I am certain that if telnet did not give anything neither tcpdump then is not forwarding. What if the people from the isp put UDP instead of TCP?
    How is the message different now?

    Yes, it was connection time out when only UDP was enabled, with both TCP and UDP it is connection refused.



    It shows that the port is closed (weird).




    Just to discard the firewall, check it


    iptables -vnL post the output here

    The output was
    Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination

    Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination

    Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination

  • the firewall in Omv is completely open. Do this stop plex, change ssh port to plex one now try to access remotely using plex port and ssh.

    Finally I had a chance to try that. It worked. I asked them to open another port for me and changed in OMV to listen to another port, so it is fully functional now, thanks!

  • It's an old thread but, just to confirm, i had the same trouble, i forwarded the 22 port into my ISP's router so to point to an internal ip where it's installed OMV with SSH enabled but i couldn't establish an SSH connection from outside my LAN via Internet, it was working from inside the LAN but not outside.

    I was becoming crazy just to find that changing the 22 port to 333 into SSH's parameters and opening that new port into the router did the trick...

    ssh aaa@xxxxxxxxx -p 333 from outside my lan now works as expected.

    It was my router fault with port 22, maybe it's blocked from the ISP...

  • Well, you probably don't want to expose ssh to the internet on port 22 anyway.

    --
    Google is your friend and Bob's your uncle!


    OMV AMD64 7.x on headless Chenbro NR12000 1U 1x 8m Quad Core E3-1220 3.1GHz 32GB ECC RAM.

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!