- Joined
- Jul 18, 2012
I'm trying to SSH into a UNIX box in my home network from work but the connection is timing out. I looked at my port forwarding settings everything seems to be ok.
Port forwarding works fine if I turn off the OpenVPN client.
Can you please help find a fix to my problem that doesn't involve turning off OpenVPN client? if it's fixable of course.
Thanks a lot!
some info:
1. I can access the DDWRT Web Admin website remotely.
2. OpenVPN client is active. I have used Policy-based Routing setting to be able to access my router Web admin remotely.
3. iptable commands (all commands were run using DDWRT Administration => Commands unless stated otherwise)
4. result of route -n
5. result of ping commands
7. result of ssh command. This was run remotely (at work).
Port forwarding works fine if I turn off the OpenVPN client.
Can you please help find a fix to my problem that doesn't involve turning off OpenVPN client? if it's fixable of course.
Thanks a lot!
some info:
1. I can access the DDWRT Web Admin website remotely.
2. OpenVPN client is active. I have used Policy-based Routing setting to be able to access my router Web admin remotely.
3. iptable commands (all commands were run using DDWRT Administration => Commands unless stated otherwise)
Code:
#iptables -t nat -vnL PREROUTING
Chain PREROUTING (policy ACCEPT 3771 packets, 268K bytes)
pkts bytes target prot opt in out source destination
469 29996 DNAT tcp -- * * 0.0.0.0/0 ISP-provided-static-IP tcp dpt:443 to:192.168.1.1:443
2 112 DNAT icmp -- * * 0.0.0.0/0 ISP-provided-static-IP to:192.168.1.1
0 0 DNAT udp -- ppp0 * 0.0.0.0/0 ISP-provided-static-IP udp dpt:56010 to:192.168.1.31:56010
0 0 DNAT tcp -- ppp0 * 0.0.0.0/0 ISP-provided-static-IP tcp dpt:56010 to:192.168.1.31:56010
7 448 DNAT tcp -- * * 0.0.0.0/0 ISP-provided-static-IP tcp dpt:3283 to:192.168.1.11:3283
0 0 DNAT udp -- * * 0.0.0.0/0 ISP-provided-static-IP udp dpt:3283 to:192.168.1.11:3283
10 592 DNAT tcp -- * * 0.0.0.0/0 ISP-provided-static-IP tcp dpt:5900 to:192.168.1.11:5900
0 0 DNAT udp -- * * 0.0.0.0/0 ISP-provided-static-IP udp dpt:5900 to:192.168.1.11:5900
0 0 DNAT tcp -- * * 0.0.0.0/0 ISP-provided-static-IP tcp dpt:322 to:192.168.1.13:322
0 0 DNAT udp -- * * 0.0.0.0/0 ISP-provided-static-IP udp dpt:322 to:192.168.1.13:322
3 192 DNAT tcp -- * * 0.0.0.0/0 ISP-provided-static-IP tcp dpt:522 to:192.168.1.15:522
2 56 DNAT udp -- * * 0.0.0.0/0 ISP-provided-static-IP udp dpt:522 to:192.168.1.15:522
2320 145K TRIGGER 0 -- * * 0.0.0.0/0 ISP-provided-static-IP TRIGGER type:dnat match:0 relate:0
#iptables -vnL FORWARD
Chain FORWARD (policy ACCEPT 330 packets, 22973 bytes)
pkts bytes target prot opt in out source destination
311 15092 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
6222 430K lan2wan 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT 0 -- br0 br0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.1.31 udp dpt:56010
0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.1.31 tcp dpt:56010
7 448 ACCEPT tcp -- * * 0.0.0.0/0 192.168.1.11 tcp dpt:3283
0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.1.11 udp dpt:3283
10 600 ACCEPT tcp -- * * 0.0.0.0/0 192.168.1.11 tcp dpt:5900
0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.1.11 udp dpt:5900
0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.1.13 tcp dpt:322
0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.1.13 udp dpt:322
3 192 ACCEPT tcp -- * * 0.0.0.0/0 192.168.1.15 tcp dpt:522
2 56 ACCEPT udp -- * * 0.0.0.0/0 192.168.1.15 udp dpt:522
0 0 TRIGGER 0 -- ppp0 br0 0.0.0.0/0 0.0.0.0/0 TRIGGER type:in match:0 relate:0
6200 429K trigger_out 0 -- br0 * 0.0.0.0/0 0.0.0.0/0
5870 406K ACCEPT 0 -- br0 * 0.0.0.0/0 0.0.0.0/0 state NEW
4. result of route -n
Code:
#route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.20.21.18 0.0.0.0 UG 0 0 0 ppp0
10.20.21.18 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
10.208.111.17 0.0.0.0 255.255.255.255 UH 0 0 0 tun1
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 br0
5. result of ping commands
6. result of nmap command. This was run remotely (at work).#ping -c 5 192.168.1.13
PING 192.168.1.13 (192.168.1.13): 56 data bytes
64 bytes from 192.168.1.13: seq=0 ttl=64 time=1.887 ms
64 bytes from 192.168.1.13: seq=1 ttl=64 time=0.615 ms
64 bytes from 192.168.1.13: seq=2 ttl=64 time=0.628 ms
64 bytes from 192.168.1.13: seq=3 ttl=64 time=0.580 ms
64 bytes from 192.168.1.13: seq=4 ttl=64 time=0.555 ms
--- 192.168.1.13 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 0.555/0.853/1.887 ms
#ping -c 5 192.168.1.15
PING 192.168.1.15 (192.168.1.15): 56 data bytes
64 bytes from 192.168.1.15: seq=0 ttl=64 time=0.758 ms
64 bytes from 192.168.1.15: seq=1 ttl=64 time=0.378 ms
64 bytes from 192.168.1.15: seq=2 ttl=64 time=0.359 ms
64 bytes from 192.168.1.15: seq=3 ttl=64 time=0.402 ms
64 bytes from 192.168.1.15: seq=4 ttl=64 time=0.440 ms
--- 192.168.1.15 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 0.359/0.467/0.758 ms
Code:
08:52:21 Tue Jul 21
root@mymacbook : ~
=> nmap -sT -sU -p 522 ISP-provided-static-IP
Starting Nmap 6.49BETA4 ( https://nmap.org ) at 2015-07-21 08:52 ACST
Nmap scan report for ISP-provided-static-IP (ISP-provided-static-IP)
Host is up (0.00034s latency).
rDNS record for ISP-provided-static-IP: ISP-provided-static-IP
PORT STATE SERVICE
522/tcp filtered ulp
522/udp open|filtered ulp
Nmap done: 1 IP address (1 host up) scanned in 0.51 seconds
7. result of ssh command. This was run remotely (at work).
Code:
08:52:28 Tue Jul 21
root@mymacbook : ~
=> ssh -p 522 myuser@ISP-provided-static-IP
ssh: connect to host ISP-provided-static-IP port 522: Operation timed out