Starlight5
Posts: 24
Joined: Wed Apr 22, 2015 12:54 pm

Can't SSH from Internet

Thu May 07, 2015 8:25 am

Headless Pi2 with latest Raspbian, connected to router via ethernet
UFW, allowing all connections on port 22, and any port from local subnetwork
Wi-Fi router, with reserved address for Raspberry Pi, connections on 22 port forwarded to raspberry pi's address, and dynamic dns running.

Can't SSH from Internet, neither to dns name, nor to ip address - no response. Can SSH over local network. Tried 2 routers of different makes, and connecting pi2 directly, with appropriate settings, no difference. How do I troubleshoot that?

drgeoff
Posts: 9743
Joined: Wed Jan 25, 2012 6:39 pm

Re: Can't SSH from Internet

Thu May 07, 2015 8:30 am

ISP blocking some inbound ports?

Double NAT? (ISP not giving you a publicly routeable IP address.) Does what you router says is its WAN address correspond to the result from a DNS lookup on your URL?

User avatar
RaTTuS
Posts: 10412
Joined: Tue Nov 29, 2011 11:12 am
Location: North West UK

Re: Can't SSH from Internet

Thu May 07, 2015 8:35 am

by being more exact in what you tell us
are you using the correct IP addrerss [i.e. your public facing one http://www.whatsmyip.org/ ]
have you correctly setup the forwarding to the RPi on your router

what error messaged do you get
what error messages do you get with extended debugging on ssh

does your IP allow port 22 incoming
How To ask Questions :- http://www.catb.org/esr/faqs/smart-questions.html
WARNING - some parts of this post may be erroneous YMMV

1QC43qbL5FySu2Pi51vGqKqxy3UiJgukSX
Covfefe

Starlight5
Posts: 24
Joined: Wed Apr 22, 2015 12:54 pm

Re: Can't SSH from Internet

Sat May 09, 2015 6:44 am

drgeoff, RaTTuS,

Thank you for your answers.

Pi2's ufw config:

Code: Select all

To                         Action      From
--                         ------      ----
655                        ALLOW       Anywhere
Anywhere                   ALLOW       192.168.0.0/24
Anywhere                   ALLOW       192.168.1.0/24
22                         ALLOW       Anywhere
Router forwarding:
router.png
router.png (8.93 KiB) Viewed 1177 times
Can't connect to my tinc server (port 655) either. I tried putting tinc server on port 80 (and adjusting tinc client's hosts accordingly), didn't work.
ConnectBot's log:

Code: Select all

Connecting to <my_current_ip>:22 via ssh
Connection Lost
Premature connection close
WAN address is in 10.0.0.0 range.
I also suspect ISP. Their support is evading me, promising to call back later on my issue every time I call, for the whole week already, so I'm not entirely sure, yet.

User avatar
DougieLawson
Posts: 35804
Joined: Sun Jun 16, 2013 11:19 pm
Location: Basingstoke, UK
Contact: Website Twitter

Re: Can't SSH from Internet

Sat May 09, 2015 11:10 am

If your WAN address is a 10.x.x.x then your connection to the public internet is double NAT'd and you can't run a port forwarded server as it can't be connected to from the public internet.

Look at using Weaved IoT to get a tunnelled connection.
Note: Having anything humorous in your signature is completely banned on this forum. Wear a tin-foil hat and you'll get a ban.

Any DMs sent on Twitter will be answered next month.

This is a doctor free zone.

Starlight5
Posts: 24
Joined: Wed Apr 22, 2015 12:54 pm

Re: Can't SSH from Internet

Sat May 09, 2015 4:22 pm

DougieLawson,

Thank you for explanation and suggestion. Will I be able to use tinc over Weaved IoT? (that's the ultimate goal, tried sshing for testing purposes)

User avatar
kusti8
Posts: 3439
Joined: Sat Dec 21, 2013 5:29 pm
Location: USA

Re: Can't SSH from Internet

Sat May 09, 2015 4:52 pm

Starlight5 wrote:DougieLawson,

Thank you for explanation and suggestion. Will I be able to use tinc over Weaved IoT? (that's the ultimate goal, tried sshing for testing purposes)
Not sure about tinc (or what it is...ah, that's what it is), but you can forward any port through Weaved.
There are 10 types of people: those who understand binary and those who don't.

User avatar
default_user8
Posts: 658
Joined: Mon Nov 18, 2013 3:11 am

Re: Can't SSH from Internet

Sat May 09, 2015 6:39 pm

The original version of connectbot wouldnt work for me, I had to use the VXconnectbot version and it works like a charm.
Two heads are better than one, unless one's a goat head.

Return to “Troubleshooting”