About ssh-connecting

Discussion in 'Server Operation' started by satimis, Jul 22, 2008.

  1. satimis

    satimis New Member

    Hi folks,


    Broadband connection:-
    Server/PC --> Router --> Modem --> ISP
    LAMP server IP -192.168.0.52
    Local PC - 192.168.0.10
    Public IP - 220.232.xxx.xxx


    I have been trying 2 days without result to ssh-connect the server via Internet. (This is a test)


    Both
    $ ssh -p2222 satimis.com
    Code:
    ssh: connect to host satimis.com port 2222: Connection timed out
    
    satimis.com is the hostname of the server.


    $ ssh -p2222 220.232.xxx.xxx
    Code:
    ssh: connect to host 220.232.xxx.xxx port 2222: Connection timed out
    

    However local PC can ssh-connect the server with;

    $ ssh -p2222 192.168.0.52


    and the server can ssh-connect local PC with;

    $ ssh 192.168.0.10


    both without problem.


    /etc.hosts.deny is an empty file


    $ cat /etc/hosts.allow
    Code:
    
    sshd: 127.0.0.1
    
    # Domain
    sshd: satimis.com
    
    # Pacific from home
    sshd: *.pacific.net
    
    sshd sshd1 sshd2 : ALL : ALLOW
    
    ALL: satimis.com 192.168.0.10 *.satimis.com localhost.localdomain
    
    imap:   ALL
    imaps:  ALL
    pop3:   ALL
    pop3s:  ALL
    
    Also tried commenting out the line "sshd: 127.0.0.1" and rebooted the server but without result.


    Please advise whether I can't test the connection in this way? If YES how to make the test. TIA


    B.R.
    satimis
     
  2. topdog

    topdog Active Member HowtoForge Supporter

    You need to port forward the port from the internet to the server. but testing may not work if you are coming from the lan.
     
  3. satimis

    satimis New Member

    Hi,


    Thanks for your advice.


    port 2222 already forward to 192.168.0.52

    Problem solved. It it the firewall, iptables, stop the connenction.

    After adding following rules on /etc/rc.local;
    Code:
    iptables -A INPUT -s 220.232.xxx.xxx -p tcp --dport 2222 -j ACCEPT
    iptables -A INPUT -s satimis.com -p tcp --dport 2222 -j ACCEPT
    
    It is working now.


    B.R.
    satimis
     

Share This Page