×

Switch Account

SSH port forwarding broken...

Reply
Highlighted
Contributor
Contributor
Posts: 2
Registered: ‎07-27-2009

SSH port forwarding broken...

Message 1 of 5
(19,011 Views)

I know that this question has been asked a bunch of times and I have tried the suggested solutions with no success. I am trying to SSH to one of my home computers from work. I tried the first suggeston where you pick the SSH protocol from the drop-down list of the protocol and the entry looked like TCP Any --> 22.

 

Then using the "can you see" me site I could see that port was open and found the WAN address of my Actiontec. From a home machine I was able to connect to my router but when I tried it from work there was no luck. Later I was told by co-workers that work doesn't want to allow standard ssh ports i.e. 22 and that I needed to pick a nonstandard port. I did that and reconfigured my sshd.

 

Now I can ssh to this machine from anyone inside my home net on port 8935 <-- don't know why I picked that, but now the can-you-see-me says that it can't see the port as being open.

 

Other things I tried to get a solution were to add the sshd machine to the DMZ. That seemed a little risky but that machie doesn't have much of anything on it.

 

The other thing that I find annoying is why is actiontec taking someone who tries to connect on any port and mapping them to the 8935 port... Why not just the same incoming to outgoing, (yes I know that appears 3 drop-downs later)? Or am I just reading that entry incorrectly

 

 

4 REPLIES 4
Highlighted
Platinum Contributor III
Platinum Contributor III
Posts: 6,819
Registered: ‎08-23-2008

Re: SSH port forwarding broken...

Message 2 of 5
(18,978 Views)

@tmhuggins wrote:

I know that this question has been asked a bunch of times and I have tried the suggested solutions with no success. I am trying to SSH to one of my home computers from work. I tried the first suggeston where you pick the SSH protocol from the drop-down list of the protocol and the entry looked like TCP Any --> 22.

 

Then using the "can you see" me site I could see that port was open and found the WAN address of my Actiontec. From a home machine I was able to connect to my router but when I tried it from work there was no luck. Later I was told by co-workers that work doesn't want to allow standard ssh ports i.e. 22 and that I needed to pick a nonstandard port. I did that and reconfigured my sshd.

 

Now I can ssh to this machine from anyone inside my home net on port 8935 <-- don't know why I picked that, but now the can-you-see-me says that it can't see the port as being open.

 

Other things I tried to get a solution were to add the sshd machine to the DMZ. That seemed a little risky but that machie doesn't have much of anything on it.

 

The other thing that I find annoying is why is actiontec taking someone who tries to connect on any port and mapping them to the 8935 port... Why not just the same incoming to outgoing, (yes I know that appears 3 drop-downs later)? Or am I just reading that entry incorrectly

 

 


I believe it is any incoming port that connects to port 22 will be forwarded to port 22 on the IP address you specify. I know it doesn't seem correct but looks like that is the way it works. Port forwarding on my Actiontec works fine on port 22. I have ad different ports forwarded for different services and they all say TCP Any --> Port #. Yes it is confusing. Routers I have used let you set WAN Port to LAN Port which could be different numbers, and it would work. Actiontec seems different.

Highlighted
Contributor
Contributor
Posts: 2
Registered: ‎07-27-2009

Re: SSH port forwarding broken...

Message 3 of 5
(18,966 Views)

I thought that might be the problem, work is blocking port 22 outgoing so I needed to setup ssh on a non-standard port.

 

Or at least that is what I have been told is happening. Do you need to get Verizon to allow 8935 to be open. 

 

Thanks for any advise.

Highlighted
Copper Contributor
Copper Contributor
Posts: 6
Registered: ‎07-29-2009

Re: SSH port forwarding broken...

Message 4 of 5
(18,930 Views)
You should specify the rule as TCP 8935 -> 8935. This way all external traffic that is directed to that specific port is redirected properly. The firewall spam you see is correct as your old rule directed ALL incoming traffic to port 22.
Highlighted
Platinum Contributor III
Platinum Contributor III
Posts: 6,819
Registered: ‎08-23-2008

Re: SSH port forwarding broken...

Message 5 of 5
(18,905 Views)

@satoru wrote:
You should specify the rule as TCP 8935 -> 8935. This way all external traffic that is directed to that specific port is redirected properly. The firewall spam you see is correct as your old rule directed ALL incoming traffic to port 22.

Good point, but. When I tried to forward TCP 22-> 22 I could not get it to work. When I did all it did and even other ports forwarded and I think it worked. Even with the following.

 

TCP ANY-> 22

TCP ANY-> 3389

 

Strange but it worked, didn't seem logical. Your  example logicaly would be TCP 8935 -> 22. 8935 on the WAN to 22 on the LAN. That is the way it should work. But I have seen some strange things with the Verizon routers. I been wrong before. I will be wrong again.Smiley Sad

 

 

How-To Videos
 
The following videos were produced by users like you!
   
Videos are subject to the Verizon Fios Community Terms of Service and User Guidelines and contains content that is not created by Verizon.
Covid19


Browse Categories
Categories:
Posts

Verizon Troubleshooters
Unable to find your answer here? Try searching Verizon Troubleshooters for more options.