Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Debian User (http://www.linux-archive.org/debian-user/)
-   -   newbie question on port forwarding(and ssh, netcat) (http://www.linux-archive.org/debian-user/711283-newbie-question-port-forwarding-ssh-netcat.html)

Joe 10-10-2012 06:44 PM

newbie question on port forwarding(and ssh, netcat)
 
On Wed, 10 Oct 2012 08:35:13 -0700 (PDT)
houkensjtu <houkensjtu@gmail.com> wrote:

> Hi debianer!
> I am a newbie both of debian and networking...
> Recently I am trying to connect my home laptop(I have a router in my
> home) from office. I read several articles on port forwarding. And I
> succeeded in opening an 22 port on my router, also I started ssh
> server on my home laptop.
>
> (suppose my username at home is USER, and my laptop is called DEBIAN)
>
> I did several experiment and I got confusing in some of its result.
>
> 1. ssh USER@DEBIAN
>
> works well!!
>
> 2. nc -vz my_home_external_ip 22
> [my_home_external_ip] 22 (ssh) : Connection refused
>
> I cant understand why is it. Because I have actually succeeded in
> test 1!
>
> 3. ssh -l USER my_home_external_ip
> ssh: connect to host my_home_external_ip port 22: Connection refused
> This also doesnt work! I thought it should be equivalent to test 1,
> but things just dont work.
>
> Any one can explain this?
>
>

Not yet. Many commercial networks operate firewalls affecting the
connections leaving the network so as yet you don't know which end of
the connection has an issue.

Divide the problem into two parts: the simplest way to check port
forwarding is to use an external website from home, that way you can
change things without travelling from your office, and you know the
other end will have no firewall problems.

A simple and slightly alarming but fairly reliable site is
http://grc.com. Click on Shields Up!!, scroll down over halfway and
click the heading Shields Up!, then Proceed, and Continue, then Common
Ports (you can enter 22 manually, but the Common Ports is a quick test
and just one click is needed).

You're looking for 22 shown as Open, and probably all others as
Stealth. Ignore all the dire warnings, this is a site for Windows users
and they need to be scared.

If 22 is not shown as Open, then you either haven't got the forwarding
right, or sshd isn't running as you expect. If the router looks right,
from your laptop try ssh <IP address of laptop>. This isn't the same as
ssh localhost, as the ssh server treats different interfaces separately.

If all is well at this end, but there is still a problem from your
office, then you need to ask about outgoing firewalling there.

However you resolve the initial problem, the ssh server is very heavily
targeted by the bad guys, using password checking bots. A quick and
dirty security measure is to forward a non-standard high numbered
external TCP port to <laptop>:22 (nearly all routers should be able to
do that) or to forward it to the same port of the laptop, and
reconfigure the ssh server to listen on that port (the Port xxx line(s)
in /etc/sshd_config). Remember to restart the ssh server if you need to
do this.

Six people will now leap in and say that's not going to improve
security, all the bad guys have to do is run a portscan to find your
server. However, scanning 65,000 ports of the same IP address across
the Internet is no small undertaking, and will certainly attract
attention, and I've never yet seen a bot attempt it. I don't get *any*
connection attempts to my ssh port, while 22 gets 10-100 a day.

The long-term solution is to disable passwords and use public-private
key pairs for authentication, which is not really difficult, but is
not for a complete beginner, and can certainly not be tried until you
have the system working reliably on passwords. A quick Google for ssh
public key tutorial turns up a vast number of sites to help with this.

If you need to work from Windows, by the way, the puTTY program is
pretty much the industry standard. There is also a Portable Apps
version of it, which does not write anything to the Windows machine.

--
Joe


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20121010194427.02ca496d@jretrading.com">http://lists.debian.org/20121010194427.02ca496d@jretrading.com

Brian 10-10-2012 10:55 PM

newbie question on port forwarding(and ssh, netcat)
 
On Wed 10 Oct 2012 at 08:35:13 -0700, houkensjtu wrote:

> I am a newbie both of debian and networking... Recently I am trying
> to connect my home laptop(I have a router in my home) from office. I
> read several articles on port forwarding. And I succeeded in opening
> an 22 port on my router, also I started ssh server on my home laptop.
>
> (suppose my username at home is USER, and my laptop is called DEBIAN)
>
> I did several experiment and I got confusing in some of its result.
>
> 1. ssh USER@DEBIAN
>
> works well!!

We assume this means you were able to log in with your password, so it
very much looks like you have set up port forwarding to the home machine
correctly. Would you please say how your office machine resolves the IP
number for DEBIAN.
>
> 2. nc -vz my_home_external_ip 22
> [my_home_external_ip] 22 (ssh) : Connection refused
>
> I cant understand why is it. Because I have actually succeeded in test
> 1!

What do get with

ssh USER@my_home_external_ip ?

> 3. ssh -l USER my_home_external_ip
> ssh: connect to host my_home_external_ip port 22: Connection refused
> This also doesnt work! I thought it should be equivalent to test 1,
> but things just dont work.

'Connection refused' would indicate there is a route to the host but
there is no daemon running on port 22.



--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/20121010225534.GJ30872@desktop

Brian 10-10-2012 11:01 PM

newbie question on port forwarding(and ssh, netcat)
 
On Wed 10 Oct 2012 at 19:44:27 +0100, Joe wrote:

[Some good advice snipped]

> However you resolve the initial problem, the ssh server is very heavily
> targeted by the bad guys, using password checking bots. A quick and
> dirty security measure is to forward a non-standard high numbered
> external TCP port to <laptop>:22 (nearly all routers should be able to
> do that) or to forward it to the same port of the laptop, and
> reconfigure the ssh server to listen on that port (the Port xxx line(s)
> in /etc/sshd_config). Remember to restart the ssh server if you need to
> do this.
>
> Six people will now leap in and say that's not going to improve
> security, all the bad guys have to do is run a portscan to find your
> server. However, scanning 65,000 ports of the same IP address across
> the Internet is no small undertaking, and will certainly attract
> attention, and I've never yet seen a bot attempt it. I don't get *any*
> connection attempts to my ssh port, while 22 gets 10-100 a day.

What you say about putting sshd of a port other than 22 is undoubtfully
correct. It gives peace of mind, a sense of combating the baddies, less
cruft in the logs and a reason to proselytise. What it doesn't give is a
more secure sshd. Not a single iota of security is gained with the
technique you advocate.

Five to go.

> The long-term solution is to disable passwords and use public-private
> key pairs for authentication, which is not really difficult, but is
> not for a complete beginner, and can certainly not be tried until you
> have the system working reliably on passwords. A quick Google for ssh
> public key tutorial turns up a vast number of sites to help with this.

If there was a security problem key-based authentification might provide
a solution. There isn't, so it doesn't.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/20121010230100.GK30872@desktop

houkensjtu 10-11-2012 12:07 AM

newbie question on port forwarding(and ssh, netcat)
 
Hi Joe!
Thank you for detailed reply!
Actually I found a switch which solved my problem and now all my experiments works perfectly. The command is:

echo "1">/proc/sys/net/ipv4/ip_forward

but...What is it?! Is there any other way to check and configure my laptop's status without writing directly to this file?
...well I know, linux is all about file...


Joe於 2012年10月11日星期四UTC+9上午3時50分02 寫道:
> On Wed, 10 Oct 2012 08:35:13 -0700 (PDT)
>
> houkensjtu <houkensjtu@gmail.com> wrote:
>
>
>
> > Hi debianer!
>
> > I am a newbie both of debian and networking...
>
> > Recently I am trying to connect my home laptop(I have a router in my
>
> > home) from office. I read several articles on port forwarding. And I
>
> > succeeded in opening an 22 port on my router, also I started ssh
>
> > server on my home laptop.
>
> >
>
> > (suppose my username at home is USER, and my laptop is called DEBIAN)
>
> >
>
> > I did several experiment and I got confusing in some of its result.
>
> >
>
> > 1. ssh USER@DEBIAN
>
> >
>
> > works well!!
>
> >
>
> > 2. nc -vz my_home_external_ip 22
>
> > [my_home_external_ip] 22 (ssh) : Connection refused
>
> >
>
> > I cant understand why is it. Because I have actually succeeded in
>
> > test 1!
>
> >
>
> > 3. ssh -l USER my_home_external_ip
>
> > ssh: connect to host my_home_external_ip port 22: Connection refused
>
> > This also doesnt work! I thought it should be equivalent to test 1,
>
> > but things just dont work.
>
> >
>
> > Any one can explain this?
>
> >
>
> >
>
>
>
> Not yet. Many commercial networks operate firewalls affecting the
>
> connections leaving the network so as yet you don't know which end of
>
> the connection has an issue.
>
>
>
> Divide the problem into two parts: the simplest way to check port
>
> forwarding is to use an external website from home, that way you can
>
> change things without travelling from your office, and you know the
>
> other end will have no firewall problems.
>
>
>
> A simple and slightly alarming but fairly reliable site is
>
> http://grc.com. Click on Shields Up!!, scroll down over halfway and
>
> click the heading Shields Up!, then Proceed, and Continue, then Common
>
> Ports (you can enter 22 manually, but the Common Ports is a quick test
>
> and just one click is needed).
>
>
>
> You're looking for 22 shown as Open, and probably all others as
>
> Stealth. Ignore all the dire warnings, this is a site for Windows users
>
> and they need to be scared.
>
>
>
> If 22 is not shown as Open, then you either haven't got the forwarding
>
> right, or sshd isn't running as you expect. If the router looks right,
>
> from your laptop try ssh <IP address of laptop>. This isn't the same as
>
> ssh localhost, as the ssh server treats different interfaces separately.
>
>
>
> If all is well at this end, but there is still a problem from your
>
> office, then you need to ask about outgoing firewalling there.
>
>
>
> However you resolve the initial problem, the ssh server is very heavily
>
> targeted by the bad guys, using password checking bots. A quick and
>
> dirty security measure is to forward a non-standard high numbered
>
> external TCP port to <laptop>:22 (nearly all routers should be able to
>
> do that) or to forward it to the same port of the laptop, and
>
> reconfigure the ssh server to listen on that port (the Port xxx line(s)
>
> in /etc/sshd_config). Remember to restart the ssh server if you need to
>
> do this.
>
>
>
> Six people will now leap in and say that's not going to improve
>
> security, all the bad guys have to do is run a portscan to find your
>
> server. However, scanning 65,000 ports of the same IP address across
>
> the Internet is no small undertaking, and will certainly attract
>
> attention, and I've never yet seen a bot attempt it. I don't get *any*
>
> connection attempts to my ssh port, while 22 gets 10-100 a day.
>
>
>
> The long-term solution is to disable passwords and use public-private
>
> key pairs for authentication, which is not really difficult, but is
>
> not for a complete beginner, and can certainly not be tried until you
>
> have the system working reliably on passwords. A quick Google for ssh
>
> public key tutorial turns up a vast number of sites to help with this.
>
>
>
> If you need to work from Windows, by the way, the puTTY program is
>
> pretty much the industry standard. There is also a Portable Apps
>
> version of it, which does not write anything to the Windows machine.
>
>
>
> --
>
> Joe
>
>
>
>
>
> --
>
> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
>
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
> Archive: http://lists.debian.org/20121010194427.02ca496d@jretrading.com



Joe於 2012年10月11日星期四UTC+9上午3時50分02 寫道:
> On Wed, 10 Oct 2012 08:35:13 -0700 (PDT)
>
> houkensjtu <houkensjtu@gmail.com> wrote:
>
>
>
> > Hi debianer!
>
> > I am a newbie both of debian and networking...
>
> > Recently I am trying to connect my home laptop(I have a router in my
>
> > home) from office. I read several articles on port forwarding. And I
>
> > succeeded in opening an 22 port on my router, also I started ssh
>
> > server on my home laptop.
>
> >
>
> > (suppose my username at home is USER, and my laptop is called DEBIAN)
>
> >
>
> > I did several experiment and I got confusing in some of its result.
>
> >
>
> > 1. ssh USER@DEBIAN
>
> >
>
> > works well!!
>
> >
>
> > 2. nc -vz my_home_external_ip 22
>
> > [my_home_external_ip] 22 (ssh) : Connection refused
>
> >
>
> > I cant understand why is it. Because I have actually succeeded in
>
> > test 1!
>
> >
>
> > 3. ssh -l USER my_home_external_ip
>
> > ssh: connect to host my_home_external_ip port 22: Connection refused
>
> > This also doesnt work! I thought it should be equivalent to test 1,
>
> > but things just dont work.
>
> >
>
> > Any one can explain this?
>
> >
>
> >
>
>
>
> Not yet. Many commercial networks operate firewalls affecting the
>
> connections leaving the network so as yet you don't know which end of
>
> the connection has an issue.
>
>
>
> Divide the problem into two parts: the simplest way to check port
>
> forwarding is to use an external website from home, that way you can
>
> change things without travelling from your office, and you know the
>
> other end will have no firewall problems.
>
>
>
> A simple and slightly alarming but fairly reliable site is
>
> http://grc.com. Click on Shields Up!!, scroll down over halfway and
>
> click the heading Shields Up!, then Proceed, and Continue, then Common
>
> Ports (you can enter 22 manually, but the Common Ports is a quick test
>
> and just one click is needed).
>
>
>
> You're looking for 22 shown as Open, and probably all others as
>
> Stealth. Ignore all the dire warnings, this is a site for Windows users
>
> and they need to be scared.
>
>
>
> If 22 is not shown as Open, then you either haven't got the forwarding
>
> right, or sshd isn't running as you expect. If the router looks right,
>
> from your laptop try ssh <IP address of laptop>. This isn't the same as
>
> ssh localhost, as the ssh server treats different interfaces separately.
>
>
>
> If all is well at this end, but there is still a problem from your
>
> office, then you need to ask about outgoing firewalling there.
>
>
>
> However you resolve the initial problem, the ssh server is very heavily
>
> targeted by the bad guys, using password checking bots. A quick and
>
> dirty security measure is to forward a non-standard high numbered
>
> external TCP port to <laptop>:22 (nearly all routers should be able to
>
> do that) or to forward it to the same port of the laptop, and
>
> reconfigure the ssh server to listen on that port (the Port xxx line(s)
>
> in /etc/sshd_config). Remember to restart the ssh server if you need to
>
> do this.
>
>
>
> Six people will now leap in and say that's not going to improve
>
> security, all the bad guys have to do is run a portscan to find your
>
> server. However, scanning 65,000 ports of the same IP address across
>
> the Internet is no small undertaking, and will certainly attract
>
> attention, and I've never yet seen a bot attempt it. I don't get *any*
>
> connection attempts to my ssh port, while 22 gets 10-100 a day.
>
>
>
> The long-term solution is to disable passwords and use public-private
>
> key pairs for authentication, which is not really difficult, but is
>
> not for a complete beginner, and can certainly not be tried until you
>
> have the system working reliably on passwords. A quick Google for ssh
>
> public key tutorial turns up a vast number of sites to help with this.
>
>
>
> If you need to work from Windows, by the way, the puTTY program is
>
> pretty much the industry standard. There is also a Portable Apps
>
> version of it, which does not write anything to the Windows machine.
>
>
>
> --
>
> Joe
>
>
>
>
>
> --
>
> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
>
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
> Archive: http://lists.debian.org/20121010194427.02ca496d@jretrading.com



Joe於 2012年10月11日星期四UTC+9上午3時50分02 寫道:
> On Wed, 10 Oct 2012 08:35:13 -0700 (PDT)
>
> houkensjtu <houkensjtu@gmail.com> wrote:
>
>
>
> > Hi debianer!
>
> > I am a newbie both of debian and networking...
>
> > Recently I am trying to connect my home laptop(I have a router in my
>
> > home) from office. I read several articles on port forwarding. And I
>
> > succeeded in opening an 22 port on my router, also I started ssh
>
> > server on my home laptop.
>
> >
>
> > (suppose my username at home is USER, and my laptop is called DEBIAN)
>
> >
>
> > I did several experiment and I got confusing in some of its result.
>
> >
>
> > 1. ssh USER@DEBIAN
>
> >
>
> > works well!!
>
> >
>
> > 2. nc -vz my_home_external_ip 22
>
> > [my_home_external_ip] 22 (ssh) : Connection refused
>
> >
>
> > I cant understand why is it. Because I have actually succeeded in
>
> > test 1!
>
> >
>
> > 3. ssh -l USER my_home_external_ip
>
> > ssh: connect to host my_home_external_ip port 22: Connection refused
>
> > This also doesnt work! I thought it should be equivalent to test 1,
>
> > but things just dont work.
>
> >
>
> > Any one can explain this?
>
> >
>
> >
>
>
>
> Not yet. Many commercial networks operate firewalls affecting the
>
> connections leaving the network so as yet you don't know which end of
>
> the connection has an issue.
>
>
>
> Divide the problem into two parts: the simplest way to check port
>
> forwarding is to use an external website from home, that way you can
>
> change things without travelling from your office, and you know the
>
> other end will have no firewall problems.
>
>
>
> A simple and slightly alarming but fairly reliable site is
>
> http://grc.com. Click on Shields Up!!, scroll down over halfway and
>
> click the heading Shields Up!, then Proceed, and Continue, then Common
>
> Ports (you can enter 22 manually, but the Common Ports is a quick test
>
> and just one click is needed).
>
>
>
> You're looking for 22 shown as Open, and probably all others as
>
> Stealth. Ignore all the dire warnings, this is a site for Windows users
>
> and they need to be scared.
>
>
>
> If 22 is not shown as Open, then you either haven't got the forwarding
>
> right, or sshd isn't running as you expect. If the router looks right,
>
> from your laptop try ssh <IP address of laptop>. This isn't the same as
>
> ssh localhost, as the ssh server treats different interfaces separately.
>
>
>
> If all is well at this end, but there is still a problem from your
>
> office, then you need to ask about outgoing firewalling there.
>
>
>
> However you resolve the initial problem, the ssh server is very heavily
>
> targeted by the bad guys, using password checking bots. A quick and
>
> dirty security measure is to forward a non-standard high numbered
>
> external TCP port to <laptop>:22 (nearly all routers should be able to
>
> do that) or to forward it to the same port of the laptop, and
>
> reconfigure the ssh server to listen on that port (the Port xxx line(s)
>
> in /etc/sshd_config). Remember to restart the ssh server if you need to
>
> do this.
>
>
>
> Six people will now leap in and say that's not going to improve
>
> security, all the bad guys have to do is run a portscan to find your
>
> server. However, scanning 65,000 ports of the same IP address across
>
> the Internet is no small undertaking, and will certainly attract
>
> attention, and I've never yet seen a bot attempt it. I don't get *any*
>
> connection attempts to my ssh port, while 22 gets 10-100 a day.
>
>
>
> The long-term solution is to disable passwords and use public-private
>
> key pairs for authentication, which is not really difficult, but is
>
> not for a complete beginner, and can certainly not be tried until you
>
> have the system working reliably on passwords. A quick Google for ssh
>
> public key tutorial turns up a vast number of sites to help with this.
>
>
>
> If you need to work from Windows, by the way, the puTTY program is
>
> pretty much the industry standard. There is also a Portable Apps
>
> version of it, which does not write anything to the Windows machine.
>
>
>
> --
>
> Joe
>
>
>
>
>
> --
>
> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
>
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
> Archive: http://lists.debian.org/20121010194427.02ca496d@jretrading.com



Joe於 2012年10月11日星期四UTC+9上午3時50分02 寫道:
> On Wed, 10 Oct 2012 08:35:13 -0700 (PDT)
>
> houkensjtu <houkensjtu@gmail.com> wrote:
>
>
>
> > Hi debianer!
>
> > I am a newbie both of debian and networking...
>
> > Recently I am trying to connect my home laptop(I have a router in my
>
> > home) from office. I read several articles on port forwarding. And I
>
> > succeeded in opening an 22 port on my router, also I started ssh
>
> > server on my home laptop.
>
> >
>
> > (suppose my username at home is USER, and my laptop is called DEBIAN)
>
> >
>
> > I did several experiment and I got confusing in some of its result.
>
> >
>
> > 1. ssh USER@DEBIAN
>
> >
>
> > works well!!
>
> >
>
> > 2. nc -vz my_home_external_ip 22
>
> > [my_home_external_ip] 22 (ssh) : Connection refused
>
> >
>
> > I cant understand why is it. Because I have actually succeeded in
>
> > test 1!
>
> >
>
> > 3. ssh -l USER my_home_external_ip
>
> > ssh: connect to host my_home_external_ip port 22: Connection refused
>
> > This also doesnt work! I thought it should be equivalent to test 1,
>
> > but things just dont work.
>
> >
>
> > Any one can explain this?
>
> >
>
> >
>
>
>
> Not yet. Many commercial networks operate firewalls affecting the
>
> connections leaving the network so as yet you don't know which end of
>
> the connection has an issue.
>
>
>
> Divide the problem into two parts: the simplest way to check port
>
> forwarding is to use an external website from home, that way you can
>
> change things without travelling from your office, and you know the
>
> other end will have no firewall problems.
>
>
>
> A simple and slightly alarming but fairly reliable site is
>
> http://grc.com. Click on Shields Up!!, scroll down over halfway and
>
> click the heading Shields Up!, then Proceed, and Continue, then Common
>
> Ports (you can enter 22 manually, but the Common Ports is a quick test
>
> and just one click is needed).
>
>
>
> You're looking for 22 shown as Open, and probably all others as
>
> Stealth. Ignore all the dire warnings, this is a site for Windows users
>
> and they need to be scared.
>
>
>
> If 22 is not shown as Open, then you either haven't got the forwarding
>
> right, or sshd isn't running as you expect. If the router looks right,
>
> from your laptop try ssh <IP address of laptop>. This isn't the same as
>
> ssh localhost, as the ssh server treats different interfaces separately.
>
>
>
> If all is well at this end, but there is still a problem from your
>
> office, then you need to ask about outgoing firewalling there.
>
>
>
> However you resolve the initial problem, the ssh server is very heavily
>
> targeted by the bad guys, using password checking bots. A quick and
>
> dirty security measure is to forward a non-standard high numbered
>
> external TCP port to <laptop>:22 (nearly all routers should be able to
>
> do that) or to forward it to the same port of the laptop, and
>
> reconfigure the ssh server to listen on that port (the Port xxx line(s)
>
> in /etc/sshd_config). Remember to restart the ssh server if you need to
>
> do this.
>
>
>
> Six people will now leap in and say that's not going to improve
>
> security, all the bad guys have to do is run a portscan to find your
>
> server. However, scanning 65,000 ports of the same IP address across
>
> the Internet is no small undertaking, and will certainly attract
>
> attention, and I've never yet seen a bot attempt it. I don't get *any*
>
> connection attempts to my ssh port, while 22 gets 10-100 a day.
>
>
>
> The long-term solution is to disable passwords and use public-private
>
> key pairs for authentication, which is not really difficult, but is
>
> not for a complete beginner, and can certainly not be tried until you
>
> have the system working reliably on passwords. A quick Google for ssh
>
> public key tutorial turns up a vast number of sites to help with this.
>
>
>
> If you need to work from Windows, by the way, the puTTY program is
>
> pretty much the industry standard. There is also a Portable Apps
>
> version of it, which does not write anything to the Windows machine.
>
>
>
> --
>
> Joe
>
>
>
>
>
> --
>
> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
>
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
> Archive: http://lists.debian.org/20121010194427.02ca496d@jretrading.com



Joe於 2012年10月11日星期四UTC+9上午3時50分02 寫道:
> On Wed, 10 Oct 2012 08:35:13 -0700 (PDT)
>
> houkensjtu <houkensjtu@gmail.com> wrote:
>
>
>
> > Hi debianer!
>
> > I am a newbie both of debian and networking...
>
> > Recently I am trying to connect my home laptop(I have a router in my
>
> > home) from office. I read several articles on port forwarding. And I
>
> > succeeded in opening an 22 port on my router, also I started ssh
>
> > server on my home laptop.
>
> >
>
> > (suppose my username at home is USER, and my laptop is called DEBIAN)
>
> >
>
> > I did several experiment and I got confusing in some of its result.
>
> >
>
> > 1. ssh USER@DEBIAN
>
> >
>
> > works well!!
>
> >
>
> > 2. nc -vz my_home_external_ip 22
>
> > [my_home_external_ip] 22 (ssh) : Connection refused
>
> >
>
> > I cant understand why is it. Because I have actually succeeded in
>
> > test 1!
>
> >
>
> > 3. ssh -l USER my_home_external_ip
>
> > ssh: connect to host my_home_external_ip port 22: Connection refused
>
> > This also doesnt work! I thought it should be equivalent to test 1,
>
> > but things just dont work.
>
> >
>
> > Any one can explain this?
>
> >
>
> >
>
>
>
> Not yet. Many commercial networks operate firewalls affecting the
>
> connections leaving the network so as yet you don't know which end of
>
> the connection has an issue.
>
>
>
> Divide the problem into two parts: the simplest way to check port
>
> forwarding is to use an external website from home, that way you can
>
> change things without travelling from your office, and you know the
>
> other end will have no firewall problems.
>
>
>
> A simple and slightly alarming but fairly reliable site is
>
> http://grc.com. Click on Shields Up!!, scroll down over halfway and
>
> click the heading Shields Up!, then Proceed, and Continue, then Common
>
> Ports (you can enter 22 manually, but the Common Ports is a quick test
>
> and just one click is needed).
>
>
>
> You're looking for 22 shown as Open, and probably all others as
>
> Stealth. Ignore all the dire warnings, this is a site for Windows users
>
> and they need to be scared.
>
>
>
> If 22 is not shown as Open, then you either haven't got the forwarding
>
> right, or sshd isn't running as you expect. If the router looks right,
>
> from your laptop try ssh <IP address of laptop>. This isn't the same as
>
> ssh localhost, as the ssh server treats different interfaces separately.
>
>
>
> If all is well at this end, but there is still a problem from your
>
> office, then you need to ask about outgoing firewalling there.
>
>
>
> However you resolve the initial problem, the ssh server is very heavily
>
> targeted by the bad guys, using password checking bots. A quick and
>
> dirty security measure is to forward a non-standard high numbered
>
> external TCP port to <laptop>:22 (nearly all routers should be able to
>
> do that) or to forward it to the same port of the laptop, and
>
> reconfigure the ssh server to listen on that port (the Port xxx line(s)
>
> in /etc/sshd_config). Remember to restart the ssh server if you need to
>
> do this.
>
>
>
> Six people will now leap in and say that's not going to improve
>
> security, all the bad guys have to do is run a portscan to find your
>
> server. However, scanning 65,000 ports of the same IP address across
>
> the Internet is no small undertaking, and will certainly attract
>
> attention, and I've never yet seen a bot attempt it. I don't get *any*
>
> connection attempts to my ssh port, while 22 gets 10-100 a day.
>
>
>
> The long-term solution is to disable passwords and use public-private
>
> key pairs for authentication, which is not really difficult, but is
>
> not for a complete beginner, and can certainly not be tried until you
>
> have the system working reliably on passwords. A quick Google for ssh
>
> public key tutorial turns up a vast number of sites to help with this.
>
>
>
> If you need to work from Windows, by the way, the puTTY program is
>
> pretty much the industry standard. There is also a Portable Apps
>
> version of it, which does not write anything to the Windows machine.
>
>
>
> --
>
> Joe
>
>
>
>
>
> --
>
> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
>
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
> Archive: http://lists.debian.org/20121010194427.02ca496d@jretrading.com


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 3e7d9081-b3cb-4a05-8144-32f54531e0af@googlegroups.com">http://lists.debian.org/3e7d9081-b3cb-4a05-8144-32f54531e0af@googlegroups.com

houkensjtu 10-11-2012 12:19 AM

newbie question on port forwarding(and ssh, netcat)
 
Brian於 2012年10月11日星期四UTC+9上午8時00分04 寫道:
> On Wed 10 Oct 2012 at 08:35:13 -0700, houkensjtu wrote:
>
>
>
> > I am a newbie both of debian and networking... Recently I am trying
>
> > to connect my home laptop(I have a router in my home) from office. I
>
> > read several articles on port forwarding. And I succeeded in opening
>
> > an 22 port on my router, also I started ssh server on my home laptop.
>
> >
>
> > (suppose my username at home is USER, and my laptop is called DEBIAN)
>
> >
>
> > I did several experiment and I got confusing in some of its result.
>
> >
>
> > 1. ssh USER@DEBIAN
>
> >
>
> > works well!!
>
>
>
> We assume this means you were able to log in with your password, so it
>
> very much looks like you have set up port forwarding to the home machine
>
> correctly. Would you please say how your office machine resolves the IP
>
> number for DEBIAN.
>
> >
>
> > 2. nc -vz my_home_external_ip 22
>
> > [my_home_external_ip] 22 (ssh) : Connection refused
>
> >
>
> > I cant understand why is it. Because I have actually succeeded in test
>
> > 1!
>
>
>
> What do get with
>
>
>
> ssh USER@my_home_external_ip ?
>
>
>
> > 3. ssh -l USER my_home_external_ip
>
> > ssh: connect to host my_home_external_ip port 22: Connection refused
>
> > This also doesnt work! I thought it should be equivalent to test 1,
>
> > but things just dont work.
>
>
>
> 'Connection refused' would indicate there is a route to the host but
>
> there is no daemon running on port 22.
>
>
>
>
>
>
>
> --
>
> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
>
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
> Archive: http://lists.debian.org/20121010225534.GJ30872@desktop

Thanks for great reply!!
I have to apologize for sth... I forgot to say that all these experiments were done in home on my laptop...omg
So, now I solved the problem with
echo "1">/proc/sys/net/ipv4/ip_forward

What is this file? Is there any other way to check or configure my laptop with out writing directly to this file?


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 46b9951a-dffd-4f59-aa06-f5e66332f2b7@googlegroups.com">http://lists.debian.org/46b9951a-dffd-4f59-aa06-f5e66332f2b7@googlegroups.com

Neal Murphy 10-11-2012 12:46 AM

newbie question on port forwarding(and ssh, netcat)
 
On Wednesday, October 10, 2012 08:19:25 PM houkensjtu wrote:
> Thanks for great reply!!
> I have to apologize for sth... I forgot to say that all these experiments
> were done in home on my laptop...omg So, now I solved the problem with
> echo "1">/proc/sys/net/ipv4/ip_forward
>
> What is this file? Is there any other way to check or configure my laptop
> with out writing directly to this file?

That is exactly how you tell linux to forward traffic between NICs.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 201210102046.03522.neal.p.murphy@alum.wpi.edu">htt p://lists.debian.org/201210102046.03522.neal.p.murphy@alum.wpi.edu

houkensjtu 10-11-2012 04:51 AM

newbie question on port forwarding(and ssh, netcat)
 
Thanks Joe, Brian, Murphy

As I post above, I forgot to say all these experiments were done in my home on my laptop...
Now I am in my office and re-do all this experiment.
To be short, now all experiment which is done with ip address works well, while if I do ssh USER@DEBIAN, it will say:

ssh: Could not resolve hostname debian: Name or service not known

I am wondering, who(or what device,server) will resolve the hostname? Is it possible to resolve my laptop's name from my office??

2012年10月11日木曜日 1時00分03秒 UTC+9 houkensjtu:
> Hi debianer!
>
> I am a newbie both of debian and networking...
>
> Recently I am trying to connect my home laptop(I have a router in my home) from office. I read several articles on port forwarding. And I succeeded in opening an 22 port on my router, also I started ssh server on my home laptop.
>
>
>
> (suppose my username at home is USER, and my laptop is called DEBIAN)
>
>
>
> I did several experiment and I got confusing in some of its result.
>
>
>
> 1. ssh USER@DEBIAN
>
>
>
> works well!!
>
>
>
> 2. nc -vz my_home_external_ip 22
>
> [my_home_external_ip] 22 (ssh) : Connection refused
>
>
>
> I cant understand why is it. Because I have actually succeeded in test 1!
>
>
>
> 3. ssh -l USER my_home_external_ip
>
> ssh: connect to host my_home_external_ip port 22: Connection refused
>
> This also doesnt work! I thought it should be equivalent to test 1, but things just dont work.
>
>
>
> Any one can explain this?
>
>
>
>
>
> --
>
> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
>
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
> Archive: http://lists.debian.org/95c24d80-4052-429d-8658-cf3f447ffae3@googlegroups.com


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 84255302-35f8-4009-9f05-af25a076dd23@googlegroups.com">http://lists.debian.org/84255302-35f8-4009-9f05-af25a076dd23@googlegroups.com

Valery Mamonov 10-11-2012 06:17 AM

newbie question on port forwarding(and ssh, netcat)
 
2012/10/11 houkensjtu <houkensjtu@gmail.com>

Thanks Joe, Brian, Murphy



As I post above, I forgot to say all these experiments were done in my home on my laptop...

Now I am in my office and re-do all this experiment.

To be short, now all experiment which is done with ip address works well, while if I do ssh USER@DEBIAN, it will say:



ssh: Could not resolve hostname debian: Name or service not known



I am wondering, who(or what device,server) will resolve the hostname? Is it possible to resolve my laptop's name from my office??



2012年10月11日木曜日 1時00分03秒 UTC+9 houkensjtu:

> Hi debianer!

>

> I am a newbie both of debian and networking...

>

> Recently I am trying to connect my home laptop(I have a router in my home) from office. I read several articles on port forwarding. And I succeeded in opening an 22 port on my router, also I started ssh server on my home laptop.


>

>

>

> (suppose my username at home is USER, and my laptop is called DEBIAN)

>

>

>

> I did several experiment and I got confusing in some of its result.

>

>

>

> 1. ssh USER@DEBIAN

>

>

>

> works well!!

>

>

>

> 2. nc -vz my_home_external_ip 22

>

> [my_home_external_ip] 22 (ssh) : Connection refused

>

>

>

> I cant understand why is it. Because I have actually succeeded in test 1!

>

>

>

> 3. ssh -l USER my_home_external_ip

>

> ssh: connect to host my_home_external_ip port 22: Connection refused

>

> This also doesnt work! I thought it should be equivalent to test 1, but things just dont work.

>

>

>

> Any one can explain this?

>

>

>

>

>

> --

>

> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org

>

> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

>

> Archive: http://lists.debian.org/95c24d80-4052-429d-8658-cf3f447ffae3@googlegroups.com





--

To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org

with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Archive: http://lists.debian.org/84255302-35f8-4009-9f05-af25a076dd23@googlegroups.com




Hello. You can use such services as no-ip.com or dyndns.org to create a DNS A-record for your home external IP-address. This DNS record will be resolved everywhere.
Also you can modify the 'hosts' file on your work computer (/etc/hosts in Linux and c:windows]system32driversetchosts in windows) and put the name of your home computer there. With second approach you'll be able to resolve the name on your work computer only.

--

Best regards,

Valery Mamonov.


All times are GMT. The time now is 03:22 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.