Home / server / Questions / 307824
Accepted
bash-
Asked: 2011-09-03 22:37:05 +0800 CST

Ssh connecting to Static ip

  • 772

I have a static IP set on a Planet VRT-311S VPN router and port 22 (UDP and TCP) forwarded to an Ubuntu server on the LAN. I am still unable to connect to the Ubuntu server.

I am currently using the following command on an external computer:

ssh -p 22 <router's ip address>

I am still unable to connect to the Ubuntu server. How can I troubleshoot this?

ubuntu ssh ip

2 Answers

  1. Best Answer

    The routing device that has the public IP address needs to forward port 22 traffic to the Ubuntu server that is behind the firewall. If you tell us what kind of firewall / edge device it is, we might be able to help point you in a more specific direction.

    EDIT: You'll need to check that traffic is truly being sent to your Ubuntu server. Run tcpdump to see if SSH traffic is hitting your server. If it's not, you still have an edge router problem. If it is, then you can start focusing on the Ubuntu server. Once you figure that out, we might be able to help you more.

    EDIT 2: If you set up port forwarding for port 22, the router handles the translation for all traffic bound for port 22 directed at the public IP address and immediately sends the traffic to the Ubuntu server. The Ubuntu server then sees the traffic coming from the router, and any responses to port 22 traffic get sent to the router which then forwards it on to you. The router handles all the traffic translation by maintaining a table of who is communicating to which port and assigning unique sessions to each communicant. That way even multiple people can talk to the Ubuntu server through ssh using the external IP address.

    For example: If you have an external IP address at home of 1.1.1.1 and your office router has an external IP address of 2.2.2.2 and the Ubuntu server has a local IP of 192.168.1.10 (behind the 2.2.2.2 router), the traffic flows like this:

    • 1.1.1.1 connects to 2.2.2.2:22
    • 2.2.2.2:22 gets forwarded to 192.168.1.10:22.
    • 192.168.1.10:22 responds to the router at 2.2.2.2:22 (well, in reality it responds to the local IP address of the router, not the public IP address. It would probably be 192.168.1.1:22 in this example.)
    • The router then forwards the information back to your home's public IP of 1.1.1.1.
    • 3

  2. tdpdump may be an overkill here. Just do telnet <yourip> 22 from outside and telnet localhost 22 on your ubuntu server. Ssh server should respond immediately with something like 'SSH-2.0-OpenSSH_5.8p1-hpn13v10'.

    If telnet from localhost does not work, you have problems with your ssh server. If telnet from localhost works, but not from outside, this is probably router-related problem. If both works, this might be your ssh client problem.

    And another one guess: check your firewall rules on the server. You can print out them by running /sbin/iptables -L.

    Please update your answer with results of telnet diagnostics and with list of your firewall rules, so we'll be able to give you better advice.

    • 2