Configuration of sshd to allow port forwarding (tunneling)?

Similar Messages

• WRT610N V1 will not allow port forwarding via HP Mediasmart Server

  I have the WRT620N router and an HP MediaSmart server connected to it.  My source is a cable modem.  WHen I try to set up the server for remote access, the router is not found.  I am continually getting "Port Forwarding failed" errors from the server.  I also have several iPhone apps used to control devices on the network (DVR, BluRay player,etc) that will not connect.  (These worked before I changed to this router.) 
  I have verified that the UPnP is enabled.
  I have been struggling with this issue for several months and have not had any luck getting help from the forums, but will tryi again.
  Any help would be appreciated.
  Thanks,
  Joel WZ
  Thanks,
  Joel WZ

  Did you tried to enable Remote Management Access on the router setup page?
  If no, then Enable Remote Management Access under Administration tab and then check.

• Trouble with bridge mode and port forwarding

  I have a Westell Model 6100F DSL modem in bridge mode into my network and I'm having trouble forwarding ports. Is there any general guidance available to do this. I have set many of my friends networks up to allow port forwarding but all have been on other service providers, mainly cable. (my experience) My network is the only one I have had trouble with.
  Basically, my question is, while in bridge mode, does the modem forward all incoming traffic to my NAT router or do I need to apply special port forwarding settings in the modem to allow this?
  If bridge mode is the reason I cannot forward the ports, can someone explain how to set the WEstell 6100F back to factory defaults so I can start over. 
  Any other suggestions?
  Thanks in advance.
  Paul

  If bridge mode is set up correctly, your router should be holding the Public IP address (basically not something that is a 192.168 address) as shown at http://www.whatismyip.com/ and compared against what IP your router has.
  If your router has the public IP, all problems lie with either your router or your PC's firewall and configuration. I'd check out portforward.com for some guides on forwarding ports for your router or poarticular application if you need some additional help.
  ========
  The first to bring me 1Gbps Fiber for $30/m wins!

• RV042 Port Forwarding bypassing ACL

  I have a RV042 with Port Forwarding configured for RDP. This Port Forwarding Rule is being applied before my ACL - so subnets that are not authorized through are being allowed in. Firmware version 4.0.0.07. Any help would be greatly appreciated.                  

  Hi Eric, the default state table may be the problem.
  Try to make an access rule something like-
  Action Deny
  Service All
  Source interface WAN
  Source IP any
  Destination IP any
  Save
  Action Permit
  Service RDP
  Source interface WAN
  Source IP -xx.xx.xx.xx
  Destination IP - xx.xx.xx.xx
  Save
  -Tom
  Please mark answered for helpful posts

• Unable to connect to Arch VM through port forward.

  I'm attempting to run Arch as a web server through VMware, everything appears to be working. The guest can connect to everything with some edits through the network editor, I can type my hosts IP in and it'll connect perfectly to the ArchVM.
  So everything seems to be working through my internal network, I just can't port forward the connection so that I can access my server over my internet IP. All my ports seem to be correct and opened like they need to be, I just can't see why I can access it perfectly fine on my internal network just not my external one.
  Could it be an issue with VMware not allowing port forwarding to it's internal guests(It doesn't make sense)? Any ideas/stats I can give you guys to help me out.
  Thanks
  ~Compulsed.
  Last edited by Compulsed (2012-01-04 04:20:05)

  Is your router configured to forward the necessary ports to the host ?
  Do you have a firewall/iptables running at the host ?
  if so, try connecting while iptables is stopped

• Port forwarding problems with WRT610N v2 + WAG54GS v1.0

  Background:
  I have a WAG54GS v1.0 (Annex A) which I was using to handle my home network and my ADSL connection. I bought a WRT610N v2 (which I'll refer to as the router) with the intention that it would replace the networking duties of the WAG54GS (which I'll call the modem), which would be relegated to just handling the Internet connection. Both are running their latest firmware.
  I've gotten this configuration to work, but with one problem: I've lost a lot of flexibility in regard to port forwarding. The problem is that the only way I've managed to get the Internet to work is by having the router on 192.168.0.1, and the modem on 192.168.1.1. If I try and have both on 192.168.0.x or 192.168.1.x then connecting to the Internet no longer works under any configuration of options I've tried.
  What this means is that when I go to setup port forwarding in the modem, I can only forwards to clients on 192.168.1.x, but the router can only forward to 192.168.0.x. The only things I can get to work are situations where port range triggering can be applied, so only when a connection is made on the relevant port to an external IP, and then that external IP also communicates back on that port. As you may guess this doesn't nearly cover all cases.
  Question:
  Should it be be possible to have both router and modem on either 192.168.0.x or 192.168.1.x, which would allow port forwarding to work as expected. That should have in theory been possible with the modem's bridge mode except that it's then impossible to configure the PPPoA settings necessary to connect to my ISP.
  Or am I going to have to rethink the network layout (i.e. buy a dedicated ADSL modem and fully retire my WAG54GS?)
  Solved!
  Go to Solution.

  Actually in the end what I figured out was that as far as my WRT610N was concerned my WAG54GS was my ISP, and that was all it needed to know about the Internet connection. So I set it to connect to the WAG54GS with a static IP, stuck that IP into the WAG54GS's DMZ, and left the WRT610N to handle port forwarding as all devices that connect will do so through that. (Yes, I've disabled the wireless features of the WAG54GS)
  I'm reasonably sure I tried the combination of settings you've suggested (including moving the WAG54GS off the Internet port of the WRT610N, which I would have wanted to avoid anyway as I have four permanently connected devices anyway) and found it still wouldn't work. And I wasn't trying to set both to 192.168.1.1 at any point, my self-obscured point was that changing only the last block of the IP address failed to work for accessing the Internet.

• Combo unix ssh port forwarding + iChatAV + Bonjour question

  I don't know which forum is best for this question, so thought I'd try here first.
  I've been tossing around the idea of picking up a couple of iSights and running iChatAV. Problem is, if I understand this correctly, iChatAV uses a couple of ports for connections to third-party servers: AOL buddy server or Jabber server, a port for something called snatmap, a port for SIP, and some other stuff. Plus, it requires that you open up nearly 20 ports on your network for the AV traffic! (I get nervous just having my non-standard ports for smtp and ssh open, and my imaps port open (which is another issue -- anybody know how to change imaps port 993 to a non-standard port if running uw-imap server?) It doesn't look like iChatAV can, normally, operate by "calling up" an IP address or hostname...it always has to set up calls using AOL or Jabber...unless, perhaps, the destination iSight/iChatAV is on your own Bonjour-capable subnet.
  So, I'm thinking, what if a calling party created a ssh tunnel and port-forwarded the dozens of UDP and couple of TCP ports over a ssh tunnel, as a lengthy list of port forward options like "-L 5297:localhost:5297 -L ...", (assuming that the forwarding host, to whom the caller ssh's, is the same computer that is running iChatAV, hence, the remote host specification in the "-L" option of "localhost"). Would the caller then be able to treat the connection like Bonjour networking and when he calls localhost on his end of the circuit, it "bonjours" to the called hostname's localhost and thus a peer-to-peer connection would be made?
  Or perhaps a reverse port forward tunnel ("-R" options) could be set up in advance by the "to-be-called" party, and then the calling party initiates a iChatAV call as a "same-subnet-as-calling-computer-via-Bonjour" type of call?
  I'm just kicking around some thoughts here; I don't know enough about the intricacies of iChatAV and Bonjour (and ssh) to really know all the "gotchas" and I'd like to get the planning done with a high degree of confidence of success before I plunk out $300 on two iSights.
  If the general concensus of the group moderator and others on this forum is that this question should be posted in another forum, I apologize, and I'll move, but I thought that the ssh tunneling nature of my inquiry (and my unrelated side question about how to change 993 to a non-standard port) made this forum the obvious, and best, choice.
  Thanks in advance for any thoughts on these issues!
  2001 Quicksilver G4   Mac OS X (10.4.5)  

  No, you can't do what you describe. You have to use port forwarding on the router for any incoming connections, and each port forward rule can only map to a single server/service.
  However, SSH has the ability to tunnel other connections, so it may be possible to remove one or more of the existing port forwarding rules and replace them with a SSH rule, then use SSH tunneling to get to those services. Of course, this will only work for services that only you (or other authorized users) need to access, and not public services such as web/http traffic (assuming you're running a public web site).
  The only other option would be to replace your router with one that doesn't have such a strict limit on the number of port forwarding rules.

• Ssh Port Forwarding Stopped Working

  I have used ssh port forwarding in the past, and it has come in handy.
  I have recently upgraded to Mavericks, but it does appear that my ssh port forwarding stopped some time before this. The last time I know it worked was 5/14/14, and feel it has worked more recently as well.
  Here's what I do, from my Mac I ssh to my work jump server (port 22, let's say its IP is 11.22.33.44), and my jump server has access to work PC (lets say IP of 10.1.2.3). My work PC has RDP running on it on the common port 3389. I have verified that I can set up a working RDP session at work from another box. Also, I know that my jump server can get to my PC at work as I can ping my work IP if I just ssh straight to my jump server. And I know that there is no firewall stopping me from the jump server as I can also open a telnet session to my work PC on port 3389, without errors.
  So, here's how I have done it in the past and it has worked, but now recently stopped working in Terminal app:
  ssh  -f  [email protected]  -L  3388:10.1.2.3:3389  -Nnv
  The verbose logging shows that it sets up connectivity. If I then look to see if my local port is listening I can type:
  netstat  -an  |  grep  127.0
  I will note that port 3387 is in fact LISTENing and waiting for connection
  I then start my RDP client app, and start a session to "localhost:3387" (I could also use "127.0.0.1:3387", and have, but it does not work either). My RDP client eventually times out. I have turned my firewall off and on, neither way works.
  Does anyone know why this may have stopped working?
  Your input is most appreciated.
  The verbose log shows the following is setup appropriately (with noted modifications to server names and actual IPs):
  debug1: Authentication succeeded (keyboard-interactive).
  Authenticated to somewhere.net ([11.22.33.44]:22).
  debug1: Local connections to localhost:3387 forwarded to remote address 10.1.2.3:3389
  debug1: Local forwarding listening on 127.0.0.1 port 3387.

  Unfortunately I don't have another device to test if RDP is working on my LAN, however, when I check out my network connections and this is what I see after setting up the ssh tunnel and prior to attempting the RDP connection (again names protected):
  my-rmbp:~ me2$ netstat -an | grep 127.0
  tcp4       0      0  127.0.0.1.3387         *.*                    LISTEN
  Then, as it is difficult to catch in the middle of TCP 3-way handshaking, here's what happens after an attempt with the RDP client while it sits and spins:
  my-rmbp:~ me2$ netstat -an | grep 127.0
  tcp4       0      0  127.0.0.1.3387         127.0.0.1.50323        FIN_WAIT_2
  tcp4       0      0  127.0.0.1.50323        127.0.0.1.3387         CLOSE_WAIT
  tcp4       0      0  127.0.0.1.3387         *.*                    LISTEN
  You can clearly see it's attempting to make a connection over the tunnel via my RDP client, but it's being shut down right away. I will obtain a WireShark packet capture and see exactly what's happening. Oh, and if I tried to RDP to a port other than the one I set up the port forwarding tunnel with, RDP would disconnect right away.
  What I'm most interested in is why, without any known changes, other than OS updates, did this work a few months ago, and now it does not?
  I have also tried other test ssh port forwarding, such as to www.apple.com forwarding 8080 on localhost to 80, and others, and none of those work either with web browsers, I assume this is something Apple has done to disable ssh port forwarding/tunneling. Perhaps someone else has bumped into this and found a fix? Please share!
  Also, I have heard that you have to be root in order to set up port forwarding, but clearly this is not accurate, as it worked before, and also as you can see above it worked without root. But I tried both ways, and sadly neither worked.
  Could it by my jump server? Possibly, but others at work do this and it works just fine for them from their Windoze PCs. So can't be that either.
  Perhaps my capture will tell me, I'll report back here with what I discover. Thanks in advance!

• New Customer Experience with Port Forwarding

  OK, so my OpenReach Modem and HomeHub 3 were installed last week and all seemed OK at first.
  A bit of background:
  I'm a seasoned IT guy and have a nice network set up at home that caters for my needs (most of the time).
  Without going into too much detail, I have my own DHCP/DNS server and I run a Webserver for personal use.
  I have Virgin Broadband - which work most of the time.
  I've also just had BT Infinity installed so I should always have Internet access no matter which ISP is having issues.
  I was hoping to be able to access my webserver externally from either my BT or Virgin. I didn't think this would be an issue.
  It still all works fine through my Virgin connection. I use dynamic DNS (no-ip.org)  to get to my server. 
  On the Virgin Superhub - I have DHCP switched off and all my machines (except one at the moment) get the Virgin router assigned as the Internet gateway (via my own DHCP server).  
  My test machine gets a the BT HomeHub 3 assigned as the Internet gateway (also from my own DHCP server) and I have switched off DHCP on Home Hub.  
  Before I move onto my issue, I have to say that the above network setup works flawlessly. 
  The Virgin Router is on 192.168.0.1, The Home Hub is on 192.168.0.2.  (subnet 255.255.255.0)
  They are on the same network but because DHCP it switched off on both routers - everything is happy.
  I can access my Server from the Internet via my no-ip.org address and it all works great.
  The issue:
  I thought it would be relatively simple to configure the BT Home Hub 3 to access my server from the Internet.
  Hmmm. Port Forwarding seems to be the issue. It just doesn't work reliably enough. Sometimes it works, then sometime it stops working. Right now it's not working.
  At first I though it was just me, not configuring it correctly. But no.
  Then I started reading this forum and found there are reports of issues with port forwarding going back a year.
  I don't know if that a good or bad thing - an issue running that long must be on the verge of getting fixed right?
  Or any issue running that long without resolution probably has no simple resolution or just isn't a priority (for BT) maybe.
  My Question:
  (and I think I already know the answer)
  Has anyone got a sure fire way of configuring the HomeHub3 so the port forwarding works? 
  Or should I just throw in the towel now and buy a Dual Wan Router? 
  One last note:
  This morning my Infinity Broadband Speed dropped from
  38Mb down/6Mb Up (measured several times yesterday)
  to
  0.7Mb down/0.3Mb Up (yes those decimal points are in the right place)
  And I haven't got a clue why.
  I power cycled the HomeHub and it returned to normal. Does this happen to other people?
  Cheers
  Graeme.
  Graeme

  Bullitt wrote:
  the port on your network is defined by lan ip address and port number eg 192.168.1.10:80
  you cannot forward this outbound port twice
  There is no "port on my network" A port is associated with a IP address not a network.
  My webserver listens an port 80 - requests from the Internet for http are port forwarded by the router (either BT Homehub or Virgin Superhub) to port 80 at address 192.168.0.5 (in my case). 
  If I am trying to access my webserver from the Internet, I point my browser at the WAN IP address of my router (again it doesn't matter which one - BT or Virgin) and the router port forwards the request to my Webserver.  Each router can do this independently. 
  "you cannot forward this outbound port twice"
  As explained above - It's an inbound port not an outbound port.
  I appreciate you are trying to be helpful but just telling me something is not possible without explaining why its not possible doesn't really help me.
  As I said before, this was working fine, then it stopped working but only when trying to access my webserver via the BT Router. It still works fine from my Virgin Router. I used WireShark and port mirroring on my switch to prove that the Home Hub as stopped port forwarding inbound traffic to my webserver. 
  This is a problem with port forwarding on the Homehub, not my network setup. Looking at other posts on this forum - I'd suggest I'm not the only one having problems.
  To be honest, it's the least of my problems with the HomeHub right now. I'm far more concerned with the fact that twice today I've had to power cycle it because the throughput has dropped from 38Mbit-down/6Mbit-up to <1Mbit-down/<1Mbit-up. It's a known problem, BT are working on it, yet I still am paying full price for a product that should never had made it out of Beta test.
  Graeme

• Port forwarding to ip address only allows input of last digits

  I have the Linksys BEFW11S4 router and am trying to port forward to a static ip address but the port forwarding screen is hard coded to 192.168.1.__ and only allows me to enter the last 3 digits of the quartet. Does anyone know how I can get past this? I'm trying to connect a DVR server using this static ip address.

  If your ISP assigns you a static public IP address and you are required by your ISP to configure that on your router, then you have to configure the static IP, subnet mask, gateway IP and DNS servers in the internet connection section of the main setup page in the web interface of the router.
  You then assign a static local IP address like 192.168.1.25 to your DVR, subnet mask 255.255.255.0, gateway 192.168.1.1 and DNS 192.168.1.1 or the DNS servers of your ISP.
  You don't have to disable the DHCP server function in the router.

• Port forward only allows "Same as Incomming"

  I have a new actiontec mi 424 wr gen2 router and want to setup port forwarding. However it does not allow me to enter a port number in the port forwarding screen. Instead it only has the option of "Same as incomming". Does anyone know how to configure it so it accepts a port in the port forwarding option?

  Here is how I forwarded port 8081 to port 80 for 192.168.1.5 internal.
  Go to port forwarding and add.
  Enter 192.168.1.5 for the ip address.  Specify protocol and then add server ports.  Call it any name you want and select protocol (TCP probably)  and Select the destination port as 8081. then apply.  Now you will see Service Name: whatever and server ports TCP with Any--->8081  Hit apply again and you are back to add port forwarding rule with a rule name like TCP Any--> 8081.  Below that you will see forward to port with a drop down that should be on specify and default value of 80.  Apply that and you now have a rule that forwards port 8081 to port 80.   And you're right....that is a wacky way to have to port forward

• RV082 Port Forwarding or DMZ Configuration Assistance

  Greetings Community,
  I have an RV082 V2 with 2.0.2.01-tm and I am having trouble with getting my Sprint Airvana to connect properly to the mobile service.  Many suggestions I've read on the Sprint forums indicate putting the Airvana in the DMZ generally allows the device to work properly; however, none have the RV series routers for tips on how to do this appropriately.  This device used to work fine behind the RV082, but I reset it one day and it no longer works.
  The Airvana is a femtocell/router device with a WAN port and 3 LAN ports.  If I connect the Airvana directly to my cable modem, I get the appropriate connection and can then make calls through the device instead of through the Sprint connection; I live in a basement unit and get crappy signal without the device.  This proves the device works and that my ISP is not blocking the ports.  Sprint indicates the device uses UDP 53, 67, 68, 500 and 4500.  Their support sucks and they insist I put the Airvana before my router.  I absolutely do not want to use the Airvana as the router.  There are almost no configuration options in the router interface and it needs to be rebooted somewhat regularly, which would drop internet access throughout the house for 10-15 minutes while it reboots and finally establishes an internet connection.
  As soon as put the Airvana behind the RV082, I no longer get the appropriate connection.  I can, however, plug my computer into one of the LAN ports on the Airvana and connect to the internet in general.  I have the router assign a static IP to the Airvana, and tried forwarding the required UDP ports to the IP.  This did not fix the problem.
  I can certainly troubleshoot the port forwarding issues, but I would also like to look into putting the device into the DMZ, if possible.  I've not worked much in this area, so I am unsure how to appropriately configure the router to allow this to happen.  Is it possible to have the Airvana in the router DMZ without having a public IP for the device itself?  It seems this is something that can be done, but I could be mistaken.  If so, how is that done?
  Please feel free to ask any clarifying questions and I thank you in advance for any assistance you may provide.

  I apologize in the delay in getting back to this post; however, it dropped to the bottom of my priority list for a while.  As a workaround, I used the Airvana device as my router temporarily; however, I have the time again and would like to get it setup behind the RV082 again.
  It does not appear the device supports UPnP.  I had that enabled for some other applications already.
  According to http://tinyurl.com/AirvanaPorts I need the following UDP ports open: 53, 67, 68, 500, 4500.  Another suggestion from a Sprint rep was to also open/forward TCP 5060 and 5061.  I have the ports forwarded to the device as shown below and have confirmed the device has the correct IP address.  The device gets a valid internet connection (verified by plugging a computer into one of the LAN ports on the Airvana device; however, it still does not connect to the Sprint service like it should.  I am guessing there is another port and/or the Sprint article has incorrect information.
  To check this, I'm thinking I need to set the device up in the DMZ, but I'm not sure exactly what I need to do for proper configuration.  Is it as easy as enabling the DMZ port and plugging the device in, or are there other settings needed?  Is there anything else I may be missing for the Port Forwarding?

• How do I configure for port forwarding?

  I just relpaced my CISCO E3000 wireless router with an Apple Airport Extreme and need to set up port forwarding.  I find the Airport Utility confusing and very limited in capabilities.  How do I configure the router for Port Forwarding?

  Here's a document that you can follow:  https://discussions.apple.com/docs/DOC-3415
  However, I ran into an issue with setting this up and had to do a work-around: Custom Port Forwarding Config Not Working

• WRT54G V5 Port Forwarding Configuration Loss

  Hi All...
  Having a strange issue with my router item listed above. I go into the router and forward a list of about 12 ports for online gaming (in order to improve my NAT to "open"). Everything works fine for about ten minutes and then my NAT goes from Open to Moderate, which presents a whole slew of issues (bans you from certain servers, inhibits the use of voice with certain users on xbox 360 etc etc). A moderate NAT is bad for 360.
  So... I go into my router to check that the settings are there and they indeed are and using a diagnostic tool shows the ports are no longer open. So... apparently the linksys box has altered the configuration somehow that is not present in the GUI. If I save the settings again it does not reopen the ports so I am forced to restore the configuration file I created just after making the port forwards for the first time.
  So... The box reboots and the ports open back up... until about ten minutes pass and the ports close down once again. So in a nutshell, the configuration of my router is changing on its own and I don't know how to stop it. (Its alive!!!! hahha).
  Does anyone out there have any experience with this or the technical knowledge to assist? Linksys tech support and xbox tech support has been..... well.... not so helpful.
  Thank you for your time (sorry for the long post!)
  Brad G.

  well.....change the MTU settings to 1365 and enable DMZ instead of port forwarding.....ensure that the x-box has a static ip add and dns address....
  also, check the firmware on the router...if it is below v 1.01.1 , upgrade the firmware on the router...reset the router and reconfigure then

• WRT120N - DMZ works, port forwarding doesn't work; only one device allowed in DMZ

  Hi,
  I have an WRT120N router and two DVRs.  I can get either one of the DVRs to work just fine if I put it in the DMZ.  Neither one works when I enable port forwarding.  Since I cannot have two devices in the DMZ with this router, I cannot use that approach (throwing them in the DMZ) as a viable solution.
  I need help finding out what I am doing incorrectly with the port forwarding.  Basically I am creating an entry for each port of each device, going to the correct IP address of that device.  I have tried both protocols as well as just TCP.  This does not work.  Just for fun, I tried using the port range forwarding and this does not work either.  The only thing that works is if I throw either of the devices in the DMZ.
  So what I have essentially is this:
  DEVICE1 / 192.168.0.120 (internal) / PORT 999 / works great in DMZ but not in port fwd
  DEVICE2 / 192.168.0.121 (internal) / PORT 456 / works great in DMZ but not in port fwd
  I have used Wireshark from a remote computer to observe what happens when I navigate to the URL that I need, such as http://myjunk.ddnsprovider.xyz:999 (where 999 is the port on which the device in question serves).  I don't see anything out of the ordinary.  (I assume there is no way to run a packet sniffer on the router.)  (Can we "telnet" into the router, btw?)
  So either I am doing something wrong, or there is a need for a router software update, or the router is blocking some other protocol, etc.  Help is much appreciated!  BTW, tried with the router firewall off, too.  No go.
  Regards,
  Mike

  Whats the current firmware installed on your router? Have you tried to upgrade the firmware on your Router?