Prev: ping problem ...
Next: VLAN
From: dongarbage on 26 Sep 2006 10:07
Hi,

I'm having some trouble connecting to my ubuntu linux machine via ssh.
Here's the problem:
I have verizon dsl with a westell modem. Verizon assigns a dynamic IP
address to me on occasion. I get the dynamic IP address (X.X.X.X) for
my machine from showipaddress.com. I can ssh to the machine from a
machine outside my home's local network with no problem. I can ssh to
the machine from itself and machines local to my home's local network
but only using "localhost" and the machine's local ip address
(192.168.Y.Y). When I try to ssh to my machine using the dynamic IP
address of verizon from inside my home's network, I get a connection
refused.

What's the problem here? Why can I ssh to the machine from outside the
network and ssh to the machine from inside the network using only the
local ip address? And, why can I not ssh to the machine from inside the
local network using the dynamic IP address given by verizon?

Thanks,
Don

From: Andrzej Adam Filip on 26 Sep 2006 13:02
dongarbage(a)hotmail.com writes:

> I'm having some trouble connecting to my ubuntu linux machine via ssh.
> Here's the problem:
> I have verizon dsl with a westell modem. Verizon assigns a dynamic IP
> address to me on occasion. I get the dynamic IP address (X.X.X.X) for
> my machine from showipaddress.com. I can ssh to the machine from a
> machine outside my home's local network with no problem. I can ssh to
> the machine from itself and machines local to my home's local network
> but only using "localhost" and the machine's local ip address
> (192.168.Y.Y). When I try to ssh to my machine using the dynamic IP
> address of verizon from inside my home's network, I get a connection
> refused.
>
> What's the problem here? Why can I ssh to the machine from outside the
> network and ssh to the machine from inside the network using only the
> local ip address? And, why can I not ssh to the machine from inside the
> local network using the dynamic IP address given by verizon?

You can use tcptraceroute program (not traceroute) to find out if there
is a firewall between blocking the access.

--
[pl2en: Andrew] Andrzej Adam Filip : anfi(a)priv.onet.pl : anfi(a)xl.wp.pl
From: Moe Trin on 27 Sep 2006 16:06
On 26 Sep 2006, in the Usenet newsgroup comp.os.linux.networking, in article
<1159279637.053076.218200(a)d34g2000cwd.googlegroups.com>,
dongarbage(a)hotmail.com wrote:

>I have verizon dsl with a westell modem. Verizon assigns a dynamic IP
>address to me on occasion. I get the dynamic IP address (X.X.X.X) for
>my machine from showipaddress.com. I can ssh to the machine from a
>machine outside my home's local network with no problem.

Your westell modem is acting as a NAT router, taking packets from the
Internet addressed to the apparent SSH server on (example) 70.19.144.200:22
and forwarding them to the actual SSH daemon on 192.168.Y.Y. Normal,
though sometimes restricted by some ISPs.

>I can ssh to the machine from itself and machines local to my home's
>local network but only using "localhost" and the machine's local ip
>address (192.168.Y.Y).

and if you ran a traceroute or sniffed the wire with tcpdump, you'd see the
packets going direct to the SSH server.

>When I try to ssh to my machine using the dynamic IP address of verizon
>from inside my home's network, I get a connection refused.

Tcpdump, or traceroute would provide the clues here. You are trying to
connect to the _apparent_ server on the outside of your westell modem
(which gets forwarded to 192.168.Y.Y). The router knows that your
192.168.Y.Y can't appear on the Internet, and is NATing that to an
Internet address such as 70.19.144.200, then realizes you are trying to
connect to the inside server from an inside address, and is getting pissed
that you are wasting it's time and CPU cycles. The tcpdump output _might_
show it sending back an ICMP Type 5 (Redirect) message telling you to send
your packets directly and not bother the router. This is normal behavior
of any routing system when it discovers the the source and destination of
a packet are on the same hardware interface.

Solution: Don't do that.

Old guy
 | 
Pages: 1
Prev: ping problem ...
Next: VLAN