RE: [Wlug] charter.net & ssh
Bill, Try doing a traceroute on port 22 to your machine and see where along the line it get stopped. It's probably a default security thing they have setup, you could probably call up tech support and have them remove the blocks for specific ports... Tim. -----Original Message----- From: Bill Mills-Curran [mailto:bcurran@clariion.com] Sent: Thursday, May 10, 2001 11:30 AM To: Worcester Linux Users Group Subject: [Wlug] charter.net & ssh I got my new Charter cable modem and Linksys router set up recently, but I find that Charter seems to be blocking inbound access. I've the the sshd running, and I set the router to pass port 22 to my linux box. I can even connect if I ssh outbound to the router DHCP address, so it looks like my end of the configuration is correct. Anybody experience anything like this? Do you think that Charter will allow incoming requests to my system? TIA, Bill _______________________________________________ Wlug mailing list Wlug@mail.wlug.org http://mail.wlug.org/mailman/listinfo/wlug
Tim, It never makes it. BTW, if you're looking to try this yourself, I've turned off the forwarding on my router. I probably should have left it on so that I could work with the Charter people. Bill traceroute to 24.240.184.215 (24.240.184.215), 30 hops max, 40 byte packets 1 clar45sec (128.221.45.11) 0.870 ms 0.892 ms 0.829 ms 2 sobo-clariion-gw.us.dg.com (128.221.35.65) 1.238 ms 0.740 ms 0.829 ms 3 webo-atm-oc3.us.dg.com (128.221.35.61) 1.851 ms 1.232 ms 1.286 ms 4 128.221.22.60 (128.221.22.60) 1.408 ms 1.063 ms 1.791 ms 5 128.221.4.66 (128.221.4.66) 1.141 ms 1.629 ms 1.113 ms 6 128.221.23.23 (128.221.23.23) 1.917 ms 1.076 ms 1.113 ms 7 us-customs2.us.dg.com (128.221.131.14) 1.580 ms 1.613 ms 2.193 ms 8 uunet-gw.us.dg.com (128.221.122.1) 3.197 ms 2.035 ms 1.939 ms 9 500.Serial4-1-0.GW3.BOS1.ALTER.NET (157.130.222.33) 3.365 ms 3.313 ms 3.132 ms 10 196.ATM2-0.XR1.BOS1.ALTER.NET (152.63.25.122) 3.839 ms 3.410 ms 3.814 ms 11 191.ATM7-0.GW3.BOS1.ALTER.NET (146.188.177.209) 3.342 ms 3.221 ms 3.449 ms 12 hsa-noxford-t3.customer.alter.net (157.130.220.226) 5.158 ms 5.753 ms 5.425 ms 13 24-216-218-3.hsacorp.net (24.216.218.3) 5.489 ms 5.842 ms 6.198 ms 14 10.254.1.2 (10.254.1.2) 6.192 ms 9.664 ms 6.756 ms 15 * * * 16 * * * 17 * * * 18 * * * 19 * * * 20 * * * 21 * * * 22 * * * 23 * * * 24 * * * 25 * * * 26 * * * 27 * * * 28 * * * 29 * * * 30 * * * On Thu, 10 May 2001, Keller, Tim wrote:
Date: Thu, 10 May 2001 11:30:26 -0400 From: "Keller, Tim" <Tim.Keller@stratus.com> Reply-To: wlug@mail.wlug.org To: "'wlug@mail.wlug.org'" <wlug@mail.wlug.org> Subject: RE: [Wlug] charter.net & ssh
Bill,
Try doing a traceroute on port 22 to your machine and see where along the line it get stopped.
It's probably a default security thing they have setup, you could probably call up tech support and have them remove the blocks for specific ports...
Tim.
-----Original Message----- From: Bill Mills-Curran [mailto:bcurran@clariion.com] Sent: Thursday, May 10, 2001 11:30 AM To: Worcester Linux Users Group Subject: [Wlug] charter.net & ssh
I got my new Charter cable modem and Linksys router set up recently, but I find that Charter seems to be blocking inbound access. I've the the sshd running, and I set the router to pass port 22 to my linux box. I can even connect if I ssh outbound to the router DHCP address, so it looks like my end of the configuration is correct.
Anybody experience anything like this? Do you think that Charter will allow incoming requests to my system?
TIA, Bill
_______________________________________________ Wlug mailing list Wlug@mail.wlug.org http://mail.wlug.org/mailman/listinfo/wlug _______________________________________________ Wlug mailing list Wlug@mail.wlug.org http://mail.wlug.org/mailman/listinfo/wlug
Are you doing uni-directional NAT on the Linksys? Are there any firewall rules defined on the Linksys? In addition to allowing packets from outside to port 22 on your SSH server, do you allow outgoing packets from your SSH server on port 22 to local ephemeral ports (1024-65535) on the outside clients? Traceroute also uses either ICMP (Windows) or UDP+ICMP (Unix) to high numbered ports. On Thu, 10 May 2001, Bill Mills-Curran wrote: bcurra> It never makes it. BTW, if you're looking to try this bcurra> yourself, I've turned off the forwarding on my router. I bcurra> probably should have left it on so that I could work with bcurra> the Charter people. bcurra> 13 24-216-218-3.hsacorp.net (24.216.218.3) 5.489 ms 5.842 ms 6.198 ms bcurra> 14 10.254.1.2 (10.254.1.2) 6.192 ms 9.664 ms 6.756 ms
Charles, Answers below... On Thu, 10 May 2001, Charles R. Anderson wrote:
Date: Thu, 10 May 2001 15:02:41 -0400 (EDT) From: Charles R. Anderson <cra@WPI.EDU> Reply-To: wlug@mail.wlug.org To: "'wlug@mail.wlug.org'" <wlug@mail.wlug.org> Subject: RE: [Wlug] charter.net & ssh
Are you doing uni-directional NAT on the Linksys? Are there any firewall rules defined on the Linksys?
Yes, at least I believe that's it. When I was testing, I configured port 22 to translate to my internal address.
In addition to allowing packets from outside to port 22 on your SSH server, do you allow outgoing packets from your SSH server on port 22 to local ephemeral ports (1024-65535) on the outside clients?
I believe that all outgoing packets are passed & translated by default. (I've never heard them called ephemeral. I've always called them transient.) Thanks, Bill
participants (3)
-
Bill Mills-Curran -
Charles R. Anderson -
Keller, Tim