Can you check whether you can access your home pc from the 192.168.1.0/24 network? So, connect a device to your router on the LAN side, acquire an IP lease in the 192.168.1.0/24 network, and connect to 192.168.1.120 on port 2222.
If that doesn't work, can you insert extra logging rules in ufw? Packets that would be dropped then appear in /var/log/kern.log, which helps debugging your problem. ~ Gerdriaan On 7 February 2018 at 22:02, Aldo Maggi <[email protected]> wrote: > Luis, > > I'm sure it must a problem of Nat but if you look at the output > of "iptables -t nat -L -n -v" you can read this line (a bit mixed up!): > Chain PREROUTING (policy ACCEPT 1081 packets, 70666 bytes) >> > pkts bytes target prot opt in out source >> > destination 0 0 DNAT tcp -- eno1 * >> > 0.0.0.0/0 192.168.1.120 tcp dpt:2222 >> > to:192.168.3.1:2222 > > in my very very low knowledge, it should do Nat! But it doesn't :-( > > Thanks, > Aldo :-) > > > > > > Il giorno Wed, 7 Feb 2018 17:47:30 -0300 > Luis <[email protected]> ha scritto: > >> Aldo, >> >> "Router" and "My PC" are not in the same network. Does your "File >> Server" do NAT ?? >> >> Luis.- >> >> >> On 07/02/18 16:41, Aldo Maggi wrote: >> > I'm having problems with ssh from the Wan while contacting my Pc in >> > the Lan. >> > >> > It worked when I just had to go through the Router provided by the >> > ISP but problems arose when I've decided to use a small server >> > which I want to use as file server for our family Pc's, Laptops and >> > smartphone + for transferring there the webserver where I have my >> > blog. My home lan (limiting it to my Pc) is as follows: >> > >> > >> > WAN >> > | >> > ---------- >> > | Router | >> > ---------- >> > | 192.168.1.1 >> > | >> > eno1 | 192.168.1.120 >> > ---------------- >> > | | >> > | File Server | >> > | | >> > ---------------- >> > eno2 | 192.168.3.1 >> > | >> > enp2s0 | 192.168.3.100 >> > ---------------- >> > | | >> > | My Pc | >> > | | >> > ---------------- >> > >> > From the File Server I can ssh my pc on port 2222 >> > From the lan (which is in 192.168.1.0) it is not possible to ssh >> > my pc which is in the 192.168.3.0 net >> > >> > >> > File Server: >> > (in "ufw status" output I have left only what I have thought to be >> > of interest) >> > root@Casa-mia-1:~# ufw status >> > Status: active >> > >> > To Action From >> > -- ------ ---- >> > 22/tcp ALLOW Anywhere >> > OpenSSH ALLOW Anywhere >> > SSH ALLOW Anywhere >> > Anywhere ALLOW 192.168.3.100 >> > Anywhere ALLOW 192.168.3.0/24 >> > 2222/tcp ALLOW Anywhere >> > 22/tcp (v6) ALLOW Anywhere (v6) >> > OpenSSH (v6) ALLOW Anywhere (v6) >> > SSH (v6) ALLOW Anywhere (v6) >> > 2222/tcp (v6) ALLOW Anywhere (v6) >> > >> > >> > root@Casa-mia-1:~# iptables -t nat -L -n -v >> > Chain PREROUTING (policy ACCEPT 1081 packets, 70666 bytes) >> > pkts bytes target prot opt in out source >> > destination 0 0 DNAT tcp -- eno1 * >> > 0.0.0.0/0 192.168.1.120 tcp dpt:2222 >> > to:192.168.3.1:2222 >> > >> > Chain INPUT (policy ACCEPT 21 packets, 2919 bytes) >> > pkts bytes target prot opt in out source >> > destination >> > >> > Chain OUTPUT (policy ACCEPT 125 packets, 8738 bytes) >> > pkts bytes target prot opt in out source >> > destination >> > >> > Chain POSTROUTING (policy ACCEPT 125 packets, 8738 bytes) >> > pkts bytes target prot opt in out source >> > destination 885 56073 MASQUERADE all -- * eno1 >> > 192.168.3.0/24 0.0.0.0/0 >> > >> > root@Casa-mia-1:~# cat /etc/ufw/sysctl.conf |grep -i ip_forward >> > net/ipv4/ip_forward=1 >> > >> > My Pc: >> > >> > root@aldomaggi:~# iptables -t nat -L -n >> > -v Chain PREROUTING (policy ACCEPT 0 packets, 0 >> > bytes) pkts bytes target prot opt in out >> > source >> > destination >> > Chain INPUT (policy ACCEPT 0 packets, 0 >> > bytes) pkts bytes target prot opt in out >> > source >> > destination >> > Chain OUTPUT (policy ACCEPT 0 packets, 0 >> > bytes) pkts bytes target prot opt in out >> > source >> > destination >> > Chain POSTROUTING (policy ACCEPT 0 packets, 0 >> > bytes) pkts bytes target prot opt in out >> > source destination >> > >> > root@aldomaggi:~# cat /etc/ssh/sshd_config |grep -i port >> > #Porta non standard 2222 >> > Port 2222 >> > >> > I thank you in advance for any help you can give me! >> > >> > Aldo :-) >> > >> > >> > >> > >> >
