Raspberry Pi Forums

Hi,
I have been using SSH on my local network to connect to my Raspberry Pi from a Samsung tablet and use python from there, and it worked really well. Now i was thinking if i could use my Raspberry Pi via smartphone to stay always connected and i installed JuiceSSH, but this is not important. I searched for guides/tutorials and i tried all of them without results. This is my situation:
I can connect to my Raspberry Pi on local network using 192.168.0.107:22
I can connect to my Raspberry Pi on local netowrk using EXTIP:FORWARDEDPORT
I can connect to my Raspberry Pi on local network using noipaddress:FORWARDEDPORT
I CAN'T connect to my Raspberry Pi on different network (smartphone's data connection) using any of the last two.

I forwarded port 10922 in my router to redirect traffic to 192.168.0.107:22, TCP and UDP, so if I use EXTIP or noipaddress I use that port, but it works only on the same WiFi. I would like to know what is the problem and/or how can I solve it, because many people do this and it works for them.

Try an online port scanner to see if your port(s) are open:
http://www.t1shopper.com/tools/port-scan/

If not the possible reasons are:
1. Your router is not setup properly.
2. Your ISP blocks common ports ... 80, 22 etc (Try a non standard port)
3. Your ISP is using NAT and not giving you a public IP address.
(Check that the Internet IP shown in your router status page is NOT in the private IP ranges).

In my router i enabled something like NAT because it said I need it for Port Forwrding to take effect.
Is 10922 a standard port that may be blocked?
In my router settings my router has a public IP and i can connect to it with port 10922 and i am redirected to my Raspberry Pi.
I don't think I setup my router wrongly because if I try to connect to one of the external IPs i must use port 10922 and not 22.
I have got a TL-WD4300 Tp-Link router, i was wondering if there may be a firewall blocking extrnal connections?

Standard ports are 1 to 1023 inclusive

10922 is nonstandard.

If the port is shown as open using the on-line port scan tool, then it is not being blocked by a firewall.
Have you tried SSH directly using the IP:port address instead of the NOIP address?

I don't know which IP I should use on the port scan tool. I tried connecting using my Raspi's external IP address (which i get using curl mioip.it) and using port 10922 i can connect, using 22 i can't; all this on the same WiFi.
I can connect to it using local IP address and port 22 too.
Do you mean I should change my Raspberry Pi's SSH port so on my router port 10922 will redirect to port 10922 instead of 22?

Run this python script

Do i need to check the Public IP on the port scan tool?
If yes, i checked this ports:
I added the *** for not being attacked, but i checked ports on the right IP.

"78.134.55.*** isn't responding on port 10922 ()" <-- This means the port is NOT open.

SSH will not work until you figure out why the port is not open an fix that if possible.
Likely the ISP is blocking ports. Try a different port.

Have you got 192.168.0.107 port forwarded in your router/gateway at 192.168.0.1?
Are the right ports defined in the forwarding table?
Is 192.168.0.107 defined as a fixed IP address?

I tried port 5395 and 62881 with no results. I'm not really good at router configuration and I can't manage how to get it working. Maybe ISP/router is blocking all external connections? Thanks for the help.

DougieLawson wrote:Have you got 192.168.0.107 port forwarded in your router/gateway at 192.168.0.1?
Are the right ports defined in the forwarding table?

I access my router typing in my browser 192.168.0.1 and Raspberry Pi's internal IP is reserved and not affected by DHCP.

DougieLawson wrote:Is 192.168.0.107 defined as a fixed IP address?

If for fixed you mean static, then it is, it has a reserved IP address which is 192.168.0.107 and for external connections i would like to use No-IP because the external IP would change and I would have to set it every time this happens.

http://www.yougetsignal.com/tools/open-ports/

Gives you your external ip address, then you can enter your port number and check if it's open.
I use no-ip to access my pi without any issues, keep at it you'll figure it out.

NoIP needs to point to your dynamic public address 78.134.55.*** not to the 192.168.0.107 static address.
You'll also want to use something like http://www.dnsomatic.com to update all of your dynamic services when your public address changes.

In my raspberry pi I have already installed No-IP duc client and it updates regularly.
The problem is: I can connect to my No-IP address port 10922 (or another forwarded port that points to 22) on the same WiFi which the Raspberry Pi is connected to, but using my smartphone's data plan it looks unreachable.
In the port check tool i get ports 22 and 10922/forwardedport closed on my Raspberry Pi's external IP, this may be the problem but then why can I connect to Raspberry Pi using the noip address only on port 10922 (which i forwarded) and not port 22?
I really don't know how to figure this out.
Thank you all for the help

What do you get for the first few hops from traceroute -n google.com?

What do you get from http://ping.eu/traceroute/ back to your public IP address?

Are you using your data connection on your phone as your internet connection? If you are that is your problem, most mobil data connections don't allow port forwarding on regular consumer plans. They only allow port forwarding on business plans. This statement is whay i'm asking "but using my smartphone's data plan it looks unreachable".

PsykoRayZ4 wrote:The problem is: I can connect to my No-IP address port 10922 (or another forwarded port that points to 22) on the same WiFi which the Raspberry Pi is connected to, but using my smartphone's data plan it looks unreachable.

Is your router/firewall configured to do some Hairpin NAT (a.k.a NAT reflection, NAT Loopback...) ? In Which case, on top of the DNAT (destination NAT) , a SNAT (source NAT) rule will translate your noip (public) address to a local address when you try to connect to the rpi from inside your lan (WiFi). And you will get connected as if you would have "dialed" your rpi with its lan address. No difference. To me, NAT Hairpin is totally useless. It only brings confusion. You think that you access a device on your lan going through "the internet" while your (masquareded) packet stays inside your lan. It never gets pass your router.

PsykoRayZ4 wrote:(...) but then why can I connect to Raspberry Pi using the noip address only on port 10922 (which i forwarded) and not port 22?
I really don't know how to figure this out.

If you successfully connect to the rpi using public_address:10922 from inside your lan, see above. If you have done a DNAT from port 10922 to port 22 you must ssh to port 10922 and not 22 when you connect from the outside (or from inside your lan using your public address with Haipin activated).

DNAT is done in the PREROUTING chain in netfilter talk that your router might use. That is before the firewall rules you might have in the INPUT chain. Check your firewall rules to see if it doesn't dump packets coming from the outside with a destination port 10922. Firewall might be the culprit. Usually, on a firewall based on netfilter (iptables), port forwarding requires two rules: one for the DNAT (prerouting chain) and one for the INPUT chain to punch a hole in your firewall. Your router might follow the same logic.

Sorry if I didn't answer but my Raspberry Pi had some strange problems probably caused by the Sd Card. Tomorrow I'm reflashing Raspbian and I will tell you the results.