×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

WRVS4400n port forwarding (SSH access)

Answered Question
Apr 24th, 2012
User Badges:

I have a WRVS4400n and a CentOS server that I need to enable a SSH access to from WAN.

I created a single port forward rule to open port 22 and forward to server (which address is 192.168.41.3)

However ssh connect doesn't happen, the command "ssh user@{external_IP}" times out after 20 seconds.

Wondering why...

If I connect my server directly to modem through outside interface - I have no problems connecting to it. Once it's behind router - no luck.

I even added same rule for UDP, not sure if it's needed, but it definitely didn't hepl.

The router is on firmware version 2.0.1.3, version on a bottom is 2.

Any suggestions?

Correct Answer by rmanthey about 5 years 3 months ago

Vladyslav,


The reason the server is not responding to the port forward is because if the traffic is unknown to that subnet it is not being sent to the 41.1 address it sounds like. If you can't ping any other subnet then the local LAN subnet on the server you will not be able to communicate with a public IP or even a PC through a VPN tunnel, because the destination IP address is outside the LAN subnet. This was the reason for asking if the server could ping the internet.


Is it possible to remove the default gateway on the eth0 interface just in case it is causing problems with the route statements on the server.


Is this a linux server?  if so can you run the route -n command to see what your routing table looks like?



Cisco Small Business Support Center

Randy Manthey

CCNA, CCNA - Security

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
rmanthey Tue, 04/24/2012 - 09:45
User Badges:
  • Bronze, 100 points or more

Hello Vladyslav,


Can the server ping the internet?


What is the default gateway set to on the CentOS?




Cisco Small Business Support Center

Randy Manthey

CCNA, CCNA - Security

vlad1977cisco Tue, 04/24/2012 - 18:26
User Badges:

Hi Randy Manthey, Thanks for quick response. The server has 2 interfaces:  eth0 (outside, WAN) currently down. When it was up it had a static IP, default gateway and mask assigned by ISP. It was plugged into the cable modem at that time, it was accessible.  eth1 (inside, LAN), up, address 192.168.41.3, default gateway 192.168.41.1 (which is above mentioned Cisco router WRVS4400n). It can ping all machines on LAN, including gateway. It is accessible to all machines on LAN and can be pinged by the Cisco router. It CANNOT ping any IP address on WAN (I understand this is because eth0 is down).  Let me know if you need any other info. Thank you.


Edit: I got home (the router is in one of my offices) and scanned the router with nmap:


nmap -v -sT -PN XXX.YYY.ZZZ.88

Starting Nmap 5.21 ( http://nmap.org ) at 2012-04-24 23:24 EDT

Initiating Parallel DNS resolution of 1 host. at 23:24

Completed Parallel DNS resolution of 1 host. at 23:24, 0.04s elapsed

Initiating Connect Scan at 23:24

Scanning wsip-XXX-YYY-ZZZ-88.nn.nn.nnn.net (XXX.YYY.ZZZ.88) [1000 ports]

Discovered open port 8080/tcp on XXX.YYY.ZZZ.88

Completed Connect Scan at 23:24, 6.06s elapsed (1000 total ports)

Nmap scan report for wsip-XXX-YYY-ZZZ-88.nn.nn.nnn.net (XXX.YYY.ZZZ.88)

Host is up (0.033s latency).

Not shown: 999 filtered ports

PORT     STATE SERVICE

8080/tcp open  http-proxy

Read data files from: /usr/share/nmap

Nmap done: 1 IP address (1 host up) scanned in 6.14 seconds


Port 8080 - is a port for remoute router administration.

Correct Answer
rmanthey Wed, 04/25/2012 - 06:39
User Badges:
  • Bronze, 100 points or more

Vladyslav,


The reason the server is not responding to the port forward is because if the traffic is unknown to that subnet it is not being sent to the 41.1 address it sounds like. If you can't ping any other subnet then the local LAN subnet on the server you will not be able to communicate with a public IP or even a PC through a VPN tunnel, because the destination IP address is outside the LAN subnet. This was the reason for asking if the server could ping the internet.


Is it possible to remove the default gateway on the eth0 interface just in case it is causing problems with the route statements on the server.


Is this a linux server?  if so can you run the route -n command to see what your routing table looks like?



Cisco Small Business Support Center

Randy Manthey

CCNA, CCNA - Security

vlad1977cisco Wed, 04/25/2012 - 09:55
User Badges:

Solved.

I initially set up interfaces with system-config-network command. And configuration was successfully saved. That's what made me believing I have no problems on that side. But I don't believe I restarted networking on server. So... that was a culprit. /etc/init.d/network restart did the trick.

Thank you, Randy.

Actions

This Discussion

Related Content