# SSH tunnel problems [solved]

## The Doctor

Hi,

Here is my setup. I have my Gentoo box, which happens to be a desktop, which has all my important docs. I have my laptop which I take to class. I would like to be able to access my files regardless of my actual location. My problem is that I can't seem to get into my box from the internet. I can ssh from my local network so I don't think the ssh setup is the problem. I have a Cisco linksys e1200 router that is set to forward port 22 (yes, I intend to change this to a higher port. Which one should I use?) to my computer's static ip. The router is set to forward TCP and UDP requests to my computer.

I used google to find the internet ip and I also checked my router. The ip address agree. I do have a modem as well, and the ISP is Comcast. Any suggestions?

EDIT: I did figure it out   :Embarassed:   :Embarassed:   I was trying to ssh to the wrong ip address   :Embarassed:   :Embarassed: 

----------

## Hypnos

Change ports and see -- Comcast may be blocking.

----------

## The Doctor

Thank you for your reply.

I used ssh -p 50683 <username>@<ip> but its still not working. Is this correct, or do I need to do something different? I made sure to update my sshd_config, firewall, and router settings but it still not working, from my laptop or from an outside server. It just times out. I can ssh locally.

I don't know if this makes any difference, but if I try to shh to my router I get a connection refused.

----------

## The Doctor

 :Embarassed:  It helps to use the right SSH command. Thanks for your help Hypnos.

In case anyone else need to do this, here is the proper command: ssh -p <port> <my_user>@<my_local_ip> -L <port>:<global_ip>:22

EDIT: actually this is not working when I try it at from another server. I am not sure if the server is just blocking it or if I'm using the wrong command.

----------

## Hu

Are you trying this from an external host?  Some NAT devices do not handle routing a connection that starts inside, connects to the outside IP address, and is rewritten to go back inside.  If you are using an external host, what does tcpdump on your desktop say?  What does tcpdump on your gateway say?

----------

## The Doctor

I am trying to test the setup using my laptop, which currently is connected to the local network, and by sshing to a remote server that I have an account on and sshing from there. So far, I think the laptop only connects locally, not from the net.

I get something like this on my desktop: http://pastebin.com/KYRNFidC

The router is, well, an ordinary router. I can't run commands on it.

I really don't know how I am supposed to configure it or ssh though it. I set it to forward my port, but if I try to ssh -<port> <user>@<global_ip> it times out whether I do it from a remote server or from my local laptop. I was trying to experiment with different commands because I really don't get how I am supposed to ssh here. This is my first attempt at setting up making my computer accessible from the net, and I admit I am a bit lost.

----------

## Hu

If you get a timeout when the external machine attempts to connect back, then either the NAT rule is not set properly or some device along the way is filtering the connection request.  A packet capture, as provided by tcpdump, can confirm whether the SYN reaches a particular device.  Although most ISPs do not filter ssh, confirming that ssh is not filtered by your ISP is a good place to start.  The easiest way to confirm this is to collect a packet capture from the gateway.  Once you have confirmed that it is not filtered there, you can check whether the gateway is successfully forwarding the connection request to the internal host.

If you are not using a Linux based router, you may need to flash your router with a usable Linux before proceeding.  Otherwise, attaining a root shell on your router should be sufficient.  Some consumer grade "home router" products are capable of running general purpose Linux, but either ship with a locked down Linux or with some non-Linux system.  You might be able to limp along with whatever administrative interface was provided by the manufacturer, but that is almost certainly vendor or even model specific.  Our ability to help you with its interface and its output may be limited.

----------

## The Doctor

Thank you both for you help. I am honestly not quite sure what I did, but somehow it is working now. I can ssh form my box using my ip address and from a remote server I have an account on. I'm going to mark this as solved since it seems to be working properly. It may have something to do with enabling the port range forwarding and disabling the single port forwarding.

 EDIT:  :Embarassed:   :Embarassed:  I was using the wrong IP address. I can't believe I didn't notice before. Again, thank you for your efforts here and I apologize for not being as careful as I should have been about checking my typing,

----------

## Hypnos

lol -- isn't the whole point of computers that we don't have to do tedious things like remember?

----------

