calculon
Posts: 23
Joined: Tue Jun 26, 2012 9:07 am

SSH, port forwarding and no-ip - perplexed!

Sat Oct 14, 2017 2:54 pm

Hi, I’m running a Pi as a Linux server and thought I would change the SSH port number for a little added security. It also has a dynamic ip address from no-ip. I changed the ssh port number line in sshd_config, forwarded 22 to the new port on my router and logged in from putty using the server’s internal 192.168.x.x address with the new port number. Success! But when I ues the no-ip address the new port number does not work. 22, however, still does. How does this happen, when I have changed the config file?

drgeoff
Posts: 7402
Joined: Wed Jan 25, 2012 6:39 pm

Re: SSH, port forwarding and no-ip - perplexed!

Sat Oct 14, 2017 3:08 pm

calculon wrote:
Sat Oct 14, 2017 2:54 pm
forwarded 22 to the new port on my router
That is the reason.

If you want to use port x on the no-ip address and port y on the RPi, you set the router to forward port x to port y.

If you want to use port x on the no-ip address and port x on the RPi, you set the router to forward port x to port x.

calculon
Posts: 23
Joined: Tue Jun 26, 2012 9:07 am

Re: SSH, port forwarding and no-ip - perplexed!

Sat Oct 14, 2017 3:48 pm

Thanks, that worked (but you knew it would!)

I don’t think I’ll ever get my head round which part of the port forwarding process changes what going to what... it seemed to me I should be forwarding port 22 traffic for the Pi’s ip address to the new port but obviously that is incorrect.

I also don’t see how I can still log in to the no-ip.address:22 when I have changed the port number from 22 in the config file.

But thank you very much for the answer!

drgeoff
Posts: 7402
Joined: Wed Jan 25, 2012 6:39 pm

Re: SSH, port forwarding and no-ip - perplexed!

Sat Oct 14, 2017 5:11 pm

calculon wrote:
Sat Oct 14, 2017 3:48 pm
I also don’t see how I can still log in to the no-ip.address:22 when I have changed the port number from 22 in the config file.
Because when you set the router to forward port x to port y it is actually also doing a port translation. Your ssh traffic into external_address:x is changed by the router to internal_address:y.

User avatar
davidcoton
Posts: 2375
Joined: Mon Sep 01, 2014 2:37 pm
Location: Cambridge, UK

Re: SSH, port forwarding and no-ip - perplexed!

Sat Oct 14, 2017 6:07 pm

If you want to increase security from "outside", the internal (router to Pi) port makes little diffference. That only improves security from computers on your network.

Almost certainly what you want (and seem to have achieved) is to change the external port number, which you then forward to the correct internal port. If you forward external port 22 to a random internal port, you have added nothing to your external security.
"If it ain't broke, fix it until it is."
“Raspberry Pi is a trademark of the Raspberry Pi Foundation”
The Pink Unicorn is a symbol of commitment to sensible discussion of future versions of the Raspberry Pi ™

calculon
Posts: 23
Joined: Tue Jun 26, 2012 9:07 am

Re: SSH, port forwarding and no-ip - perplexed!

Sun Oct 15, 2017 11:16 am

Thanks to both of you - I think it’s making sense slowly. I think I need to find a simple explanation of port forwarding somwhere - I understand the principle, it’s the terminology that defeats me. I’m never sure if the ports under discussion are on the source computer, router or destination computer.

Can I ask an associated question? I have another Pi at a remote site behind a 3G dongle. It reverse SSH’s into the server and has a -p 443 option in its tunnel setup command line. Yesterday as part of trying to work out my first problem I removed a port forwarding rule in the router from external 443 to server 22. I checked at the time and the remote site was still accessible. Today it is not. It is set up to reboot every night. Is it possible that the port stayed open despite the rule change as it was in use and only closed when the tunnel shut down on reboot?

If that’s possible I will reinstate the rule and see what happens tomorrow - otherwise another mystery (to me, anyway!)

User avatar
davidcoton
Posts: 2375
Joined: Mon Sep 01, 2014 2:37 pm
Location: Cambridge, UK

Re: SSH, port forwarding and no-ip - perplexed!

Sun Oct 15, 2017 11:24 am

calculon wrote:
Sun Oct 15, 2017 11:16 am
I’m never sure if the ports under discussion are on the source computer, router or destination computer.
port forwarding is always concerned with inbound connections, so you are connecting an external port to an internal device and port.
calculon wrote:
Sun Oct 15, 2017 11:16 am
Is it possible that the port stayed open despite the rule change as it was in use and only closed when the tunnel shut down on reboot?
Yes, it is quite likely that the the rule change is not actioned until the service restarts, which of course happens at reboot.
"If it ain't broke, fix it until it is."
“Raspberry Pi is a trademark of the Raspberry Pi Foundation”
The Pink Unicorn is a symbol of commitment to sensible discussion of future versions of the Raspberry Pi ™

calculon
Posts: 23
Joined: Tue Jun 26, 2012 9:07 am

Re: SSH, port forwarding and no-ip - perplexed!

Sun Oct 15, 2017 12:06 pm

OK, thanks. Hold on though, now I’ve changed the SSH port number in the server Pi config from 22 to (let’s say) 999 does that now mean I have to forward 443 to 999 on the router rather than 443 to 22 as it was before? And if it does, can I have 443 going to 999 as well as 999 going to 999 (which I need, as pointed out in the second post?) It might be easier to abandon all this and go back to where I was yesterday morning...

EDIT: I’ve answered my own questions... I forwarded 443 to 999, and kept 999 to 999. The tunnel came back up as soon as the cron job resent the ssh command. Thanks again.

Return to “Beginners”

Who is online

Users browsing this forum: DPaul and 57 guests