Aldo,
"Router" and "My PC" are not in the same network. Does your "File
Server" do NAT ??
Luis.-
On 07/02/18 16:41, Aldo Maggi wrote:
I'm having problems with ssh from the Wan while contacting my Pc in the
Lan.
It worked when I just had to go through the Router provided by the ISP
but problems arose when I've decided to use a small server which I want
to use as file server for our family Pc's, Laptops and smartphone + for
transferring there the webserver where I have my blog. My home lan
(limiting it to my Pc) is as follows:
WAN
|
----------
| Router |
----------
| 192.168.1.1
|
eno1 | 192.168.1.120
----------------
| |
| File Server |
| |
----------------
eno2 | 192.168.3.1
|
enp2s0 | 192.168.3.100
----------------
| |
| My Pc |
| |
----------------
From the File Server I can ssh my pc on port 2222
From the lan (which is in 192.168.1.0) it is not possible to ssh my pc
which is in the 192.168.3.0 net
File Server:
(in "ufw status" output I have left only what I have thought to be of
interest)
root@Casa-mia-1:~# ufw status
Status: active
To Action From
-- ------ ----
22/tcp ALLOW Anywhere
OpenSSH ALLOW Anywhere
SSH ALLOW Anywhere
Anywhere ALLOW 192.168.3.100
Anywhere ALLOW 192.168.3.0/24
2222/tcp ALLOW Anywhere
22/tcp (v6) ALLOW Anywhere (v6)
OpenSSH (v6) ALLOW Anywhere (v6)
SSH (v6) ALLOW Anywhere (v6)
2222/tcp (v6) ALLOW Anywhere (v6)
root@Casa-mia-1:~# iptables -t nat -L -n -v
Chain PREROUTING (policy ACCEPT 1081 packets, 70666 bytes)
pkts bytes target prot opt in out source
destination 0 0 DNAT tcp -- eno1 *
0.0.0.0/0 192.168.1.120 tcp dpt:2222
to:192.168.3.1:2222
Chain INPUT (policy ACCEPT 21 packets, 2919 bytes)
pkts bytes target prot opt in out source
destination
Chain OUTPUT (policy ACCEPT 125 packets, 8738 bytes)
pkts bytes target prot opt in out source
destination
Chain POSTROUTING (policy ACCEPT 125 packets, 8738 bytes)
pkts bytes target prot opt in out source
destination 885 56073 MASQUERADE all -- * eno1
192.168.3.0/24 0.0.0.0/0
root@Casa-mia-1:~# cat /etc/ufw/sysctl.conf |grep -i ip_forward
net/ipv4/ip_forward=1
My Pc:
root@aldomaggi:~# iptables -t nat -L -n
-v Chain PREROUTING (policy ACCEPT 0 packets, 0
bytes) pkts bytes target prot opt in out
source
destination
Chain INPUT (policy ACCEPT 0 packets, 0
bytes) pkts bytes target prot opt in out
source
destination
Chain OUTPUT (policy ACCEPT 0 packets, 0
bytes) pkts bytes target prot opt in out
source
destination
Chain POSTROUTING (policy ACCEPT 0 packets, 0
bytes) pkts bytes target prot opt in out
source destination
root@aldomaggi:~# cat /etc/ssh/sshd_config |grep -i port
#Porta non standard 2222
Port 2222
I thank you in advance for any help you can give me!
Aldo :-)