SSH port forwarding broken...
tmhuggins
Newbie

I know that this question has been asked a bunch of times and I have tried the suggested solutions with no success. I am trying to SSH to one of my home computers from work. I tried the first suggeston where you pick the SSH protocol from the drop-down list of the protocol and the entry looked like TCP Any --> 22.

Then using the "can you see" me site I could see that port was open and found the WAN address of my Actiontec. From a home machine I was able to connect to my router but when I tried it from work there was no luck. Later I was told by co-workers that work doesn't want to allow standard ssh ports i.e. 22 and that I needed to pick a nonstandard port. I did that and reconfigured my sshd.

Now I can ssh to this machine from anyone inside my home net on port 8935 <-- don't know why I picked that, but now the can-you-see-me says that it can't see the port as being open.

Other things I tried to get a solution were to add the sshd machine to the DMZ. That seemed a little risky but that machie doesn't have much of anything on it.

The other thing that I find annoying is why is actiontec taking someone who tries to connect on any port and mapping them to the 8935 port... Why not just the same incoming to outgoing, (yes I know that appears 3 drop-downs later)? Or am I just reading that entry incorrectly

Tags (2)
0 Likes
Re: SSH port forwarding broken...
prisaz
Legend

@tmhuggins wrote:

I know that this question has been asked a bunch of times and I have tried the suggested solutions with no success. I am trying to SSH to one of my home computers from work. I tried the first suggeston where you pick the SSH protocol from the drop-down list of the protocol and the entry looked like TCP Any --> 22.

Then using the "can you see" me site I could see that port was open and found the WAN address of my Actiontec. From a home machine I was able to connect to my router but when I tried it from work there was no luck. Later I was told by co-workers that work doesn't want to allow standard ssh ports i.e. 22 and that I needed to pick a nonstandard port. I did that and reconfigured my sshd.

Now I can ssh to this machine from anyone inside my home net on port 8935 <-- don't know why I picked that, but now the can-you-see-me says that it can't see the port as being open.

Other things I tried to get a solution were to add the sshd machine to the DMZ. That seemed a little risky but that machie doesn't have much of anything on it.

The other thing that I find annoying is why is actiontec taking someone who tries to connect on any port and mapping them to the 8935 port... Why not just the same incoming to outgoing, (yes I know that appears 3 drop-downs later)? Or am I just reading that entry incorrectly


I believe it is any incoming port that connects to port 22 will be forwarded to port 22 on the IP address you specify. I know it doesn't seem correct but looks like that is the way it works. Port forwarding on my Actiontec works fine on port 22. I have ad different ports forwarded for different services and they all say TCP Any --> Port #. Yes it is confusing. Routers I have used let you set WAN Port to LAN Port which could be different numbers, and it would work. Actiontec seems different.

0 Likes
Re: SSH port forwarding broken...
tmhuggins
Newbie

I thought that might be the problem, work is blocking port 22 outgoing so I needed to setup ssh on a non-standard port.

Or at least that is what I have been told is happening. Do you need to get Verizon to allow 8935 to be open. 

Thanks for any advise.

0 Likes
Re: SSH port forwarding broken...
satoru
Enthusiast - Level 2
You should specify the rule as TCP 8935 -> 8935. This way all external traffic that is directed to that specific port is redirected properly. The firewall spam you see is correct as your old rule directed ALL incoming traffic to port 22.
Re: SSH port forwarding broken...
prisaz
Legend

@satoru wrote:
You should specify the rule as TCP 8935 -> 8935. This way all external traffic that is directed to that specific port is redirected properly. The firewall spam you see is correct as your old rule directed ALL incoming traffic to port 22.

Good point, but. When I tried to forward TCP 22-> 22 I could not get it to work. When I did all it did and even other ports forwarded and I think it worked. Even with the following.

TCP ANY-> 22

TCP ANY-> 3389

Strange but it worked, didn't seem logical. Your  example logicaly would be TCP 8935 -> 22. 8935 on the WAN to 22 on the LAN. That is the way it should work. But I have seen some strange things with the Verizon routers. I been wrong before. I will be wrong again.Smiley Sad

0 Likes