cannot local login ssh server using router ip.

Hi,

I ran a sshd on fc3 in my homenetwork, which i can local login using
ssh without any problem.

i can also remote login to home (i enable nat port 22 at my router)
so i can also do that .

however, at my local network, i cannot login using my router ip...

is it something related to local loop back? how to solve this
problem?

Thanks,

Carson

<(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...

> I ran a sshd on fc3 in my homenetwork, which i can local login using
> ssh without any problem.
>
> i can also remote login to home (i enable nat port 22 at my router)
> so i can also do that .
>
> however, at my local network, i cannot login using my router ip...
>
> is it something related to local loop back? how to solve this
> problem?

Is "i cannot login" really the best description of the problem you can
manage? What happens when you try? Does it timeout? Does ping work? Does
traceroute work?

DS

If you want help it is usually a good idea to put some effort into the
question.

I *think* this is what you are saying. If your router is at
192.168.1.1 on your local network and assigned 9.20.35.21 (random) from
your ISP then you can ssh to 9.20.35.21 and it will connect, but if you
ssh to 192.168.1.1 it won't work (probably a permission denied).

If this is the problem, then here is my reasoning. Your router will be
listening for ssh packets to forward only on its external interface (ie
the one with 9.20.35.21). It does not listen to 22 on its internal
interface 192.168.1.1 because that doesn't make sense.

If you want to ssh within your local network just use the computer's IP
address, no need to go through the router.

Hope this helps (if it was your problem)

BTW what do you mean by router...linksys/dlink or linux box?

Sorry folks, I missed to much details, let me draw a diagram.

it works like this.

192.168.0.2 192.168.0.3
------------- --------------------
| winxp | <------------------>| FC3 (sshd) |
------------ --------------------
| 192.68.0.1 |
| ---------------- |
-------> | Buffalo Router| <------
-----------------
|123.123.33.3
|
|
---------------
| internet |
---------------

so what i mean is,
(on 192.168.0.2), i ssh 192.168.0.3, i can do it without problem.
(on 192.168.0.3), i ssh 192.168.0.3, i can do it without problem.
At outside (WAN side), I can ssh 123.123.33.3, (i have enabled port
forwarding) so that it will forward me to 192.168.0.3
However, if I on any 192.168.0.x, I do ssh 123.123.33.3, i got
ssh: connect to host 123.123.33.3 port 22: Connection refused

So , basically, in the LAN side, i can't ssh to my wan ip to login my
fc3.
but, on the WAN side, I can login my fc3 using ssh.

very strange to me...

Thanks!

Carson

<(E-Mail Removed)> wrote in message
news:(E-Mail Removed) ups.com

> Sorry folks, I missed to much details, let me draw a diagram.
....
> so what i mean is,
> (on 192.168.0.2), i ssh 192.168.0.3, i can do it without problem.
> (on 192.168.0.3), i ssh 192.168.0.3, i can do it without problem.
> At outside (WAN side), I can ssh 123.123.33.3, (i have enabled port
> forwarding) so that it will forward me to 192.168.0.3
> However, if I on any 192.168.0.x, I do ssh 123.123.33.3, i got
> ssh: connect to host 123.123.33.3 port 22: Connection refused

"man 5 sshd_config" states:
....
UseDNS Specifies whether sshd should lookup the remote host name and
check that the resolved host name for the remote IP address
maps
back to the very same IP address. The default is ``yes''.

Since you are using NAT, it is assumed that the "remote host" is
123.123.33.3, but:

$ nslookup -sil 123.123.33.3
** server can't find 3.33.123.123.in-addr.arpa: NXDOMAIN

so that may be the nature of the problem.

(E-Mail Removed) wrote:
> Sorry folks, I missed to much details, let me draw a diagram.
>
> it works like this.
>
> 192.168.0.2 192.168.0.3
> ------------- --------------------
> | winxp | <------------------>| FC3 (sshd) |
> ------------ --------------------
> | 192.68.0.1 |
> | ---------------- |
> -------> | Buffalo Router| <------
> -----------------
> |123.123.33.3
> |
> |
> ---------------
> | internet |
> ---------------
>
> so what i mean is,
> (on 192.168.0.2), i ssh 192.168.0.3, i can do it without problem.
> (on 192.168.0.3), i ssh 192.168.0.3, i can do it without problem.
> At outside (WAN side), I can ssh 123.123.33.3, (i have enabled port
> forwarding) so that it will forward me to 192.168.0.3
> However, if I on any 192.168.0.x, I do ssh 123.123.33.3, i got
> ssh: connect to host 123.123.33.3 port 22: Connection refused
>
> So , basically, in the LAN side, i can't ssh to my wan ip to login my
> fc3.
> but, on the WAN side, I can login my fc3 using ssh.
>

The router will do port 22 forwarding only from the WAN
port, so your NAT'ed packets do not know to go on along
the port forward route to 192.168.0.3.

This is the same problem as the often asked question
of accessing a local web server with the public address.

--

Tauno Voipio
tauno voipio (at) iki fi

Hi Tauno,

if that's the case, what should i do? it would be nice i can use the
wan ip. so I just need to type one number and don't need to change if i
go back and forth between lan and wan.

Carson

(E-Mail Removed) wrote:
> Hi Tauno,
>
> if that's the case, what should i do? it would be nice i can use the
> wan ip. so I just need to type one number and don't need to change if i
> go back and forth between lan and wan.

There are two possible solutions:

- Make the router port forward from the internal
network to the server box. This depends on the
router software if it's possible.

- Use the computer DNS name instead of an IP
and tweak the DNS service for internal network
to point to the SSH host directly. This can be
done with a DNS forwarder in the router if it's
smart enough; or by usinh the /etc/hosts files
in the computers in the internal network.

HTH

--

Tauno Voipio
tauno voipio (at) iki fi