Portforwarding

Hello.
My problem is, to forward from wan through myport to lan myport. (7000)

I have 2 servers:
server1, user1: This is Openwrt on Raspberry, and I can acces this from wan with global-ip.
server2, user2: This is behind a firewall, and I cant acces it from wan.

I want acces server 2 from wan, therefore:
I have set up a ssh -R tunnel on server2 something like this:
autossh -vv -M 0 -R 7000:localhost:22 user1@server1-global-ip
and it works :
"debug1: remote forward success for: listen 7000, connect localhost:22"
"debug1: All remote forwarding requests processed"

On server1 I can ssh to server2: ssh user2@localhost -p 7000
It works fine, and I get connected to server2.

On server1 with Openwrt I have portforwarded 7000 on the wan to 7000 on the lan-ip (192.168.1.1) with Openwrt.
When I from wan do: ssh -v user2@server1-global-ip -p 7000
I get:
OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n 7 Dec 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to server1 [global-ip] port 7000.
debug1: connect to address global-ip port 7000: Connection refused
ssh: connect to host server1 port 7000: Connection refused

So... it dont work.
I have tryed many things, but without result....
It looks like the port forwarding is not accepted on 192.168.1.1, but why?

Please.... Can anyone here help?

Shouldn't you be port forwarding to the IP of the server instead of the IP of the router assuming 192.168.1.1 is the IP of the router

Hey, and thanks for your respons.

Maybe, but I dont understand.

The ssh-server (dropbear) is openwrt, whitch as default has the adress on lan: 192.168.1.1.

My tunnel is listen on user1@server1-global-ip port 7000.

When I ssh to user1@server1-global-ip, and after that, ssh to user2@localhost -p 7000 I connect to server2.

After ssh to user1@server1-global-ip, my ifconfig says:

root@OpenWrt:~# ifconfig
br-lan Link encap:Ethernet HWaddr B8:27:EB:A2:A4:13
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::ba27:ebff:fea2:a413/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:323640 errors:0 dropped:0 overruns:0 frame:0
TX packets:105873 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:24567699 (23.4 MiB) TX bytes:197628494 (188.4 MiB)

eth0 Link encap:Ethernet HWaddr B8:27:EB:A2:A4:13
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

eth1 Link encap:Ethernet HWaddr 00:E0:4C:68:05:48
inet addr:10.179.72.74 Bcast:10.179.72.95 Mask:255.255.255.224
inet6 addr: fe80::2e0:4cff:fe68:548/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:307777 errors:0 dropped:0 overruns:0 frame:0
TX packets:220918 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:276691076 (263.8 MiB) TX bytes:45225535 (43.1 MiB)

eth2 Link encap:Ethernet HWaddr 00:E0:4C:68:05:B4
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:323268 errors:0 dropped:0 overruns:0 frame:0
TX packets:169696 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:28942527 (27.6 MiB) TX bytes:197265129 (188.1 MiB)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:396440 errors:0 dropped:0 overruns:0 frame:0
TX packets:396440 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:44678727 (42.6 MiB) TX bytes:44678727 (42.6 MiB)

wlan0 Link encap:Ethernet HWaddr 74:DA:38:7D:D8:F8
inet6 addr: fe80::76da:38ff:fe7d:d8f8/64 Scope:Link
inet6 addr: fe80::76da:38ff:fe7d:d8f8/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1114 errors:0 dropped:0 overruns:0 frame:0
TX packets:213679 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:204160 (199.3 KiB) TX bytes:15478941 (14.7 MiB)

What other adress could it be?

Consider to set up a VPN as a more resilient, secure, scalable and convenient approach.

1 Like

@kapser, welcome to the communtiy!

I agree with @mbo2o:

You should be able to just create a port forward directly to server 2.

OK, but how should it be done?

Server2 is behind a router/firewall and I cant contact it direct. Therefore I have set up a remote
ssh tunnel on server2, that listen on server1's localhost port 7000 and forward to port 22 on server2.

I found a solution!
And it was here:


Many thanks to jakuje........

I have to specify the gateway's ip in the remote tunnel call, so now it looks so:
autossh -vv -M 0 -R server1-global-ip:7000:localhost:22 user1@server1-global-ip
or it could just be:
autossh -vv -M 0 -R *:7000:localhost:22 user1@server1-global-ip (to allow all)

It works, and I can ssh to server2 from outside lan with: ssh user2@server1-global-ip -p 7000

Thanks to all of you.

1 Like

Oh!

Server2 is on the Internet and behind a (different) firewall that you don't control!

That makes sense - glad you got it working.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.