Networks

Question

New router not handling ssh tunnelling

By rogerberkshire ·
Tags: Networking
For about two years I have been using reverse SSH tunnelling a great deal with no problem as below. All PC operating systems are LINUX.

The remote (target) PC is permanently on and is behind a firewalled NAT router which has a dynamic ISP-assigned IP address. That router is not mine and cannot be touched or reconfigured.

Locally I have another firewalled NAT router but with a fixed internet-facing IP. It is configured to forward its port 31416 to port 31416 on a small local ssh server whose ssh daemon listens only on port 22.

At power-up the remote PC runs a script which, among other things, uses ssh -R ... to establish a Remote reverse ssh tunnel to LAN-facing port 31416 on my local router which then forwards it as above to port 31416 on the local ssh server. In this way, from a PC on my LAN I can connect to either the local server by ssh to its default port on which its daemon listens, or to the remote PC by ssh to port 3146 on the server

This has served reliably for years until my local router, a LINKSYS EA6350 failed and was directly replaced with a FRITZ!Box 7530 which I configured to replicate the old one. No physical or configuration changes have been made to any of the devices involved and the change has been totally transparent except that the tunnelling to the remote PC does not work.

The ssh -P 31416 john@sshserver gets a message "Connection refused" so fast that it suggests to me that the server port 31416 is not forwarded and the problem is local.

It seems clear that a good test would be to try an ssh connection from the remote PC to the local server, without tunnelling, but unfortunately there is nobody at the remote site who could assist with tests involving the headless PC. I can travel there but it's a whole day's round trip, so I'd like to be sure that I'm wrong about it being a local problem before setting out, if possible.

I have two inter-related questions:

1 Is there a functionality which a router may or may not have, and as a result would or would not be able to handle this scenario? I notice that the FRITZ!Box manual talks of "Port sharing" but does not mention "Port forwarding", although configuration allows a WAN port to be associated with a specific port (or range) on a LAN device.

2 Whatever actually happens between (in my setup) the local router and the local server, whose daemon is NOT listening on port 31416, to enable the server to "offer" that port for connection by other local devices? I have ofte
Thread display: Collapse - | Expand +

All Answers

Collapse -

Besides what you noted:

by rproffitt Moderator In reply to New router not handling s ...

"To guarantee the security of devices in the FRITZ!Box home network and avoid internet performance issues, if no data is exchanged across a TCP connection for 15 minutes, or no data is exchanged across a UDP connection for 5 minutes, the FRITZ!Box automatically deletes the respective connection(s) from its NAT table ("NAT Timeout"). This means that all of the ports that were used by these connections are closed and the internet connection of the corresponding application is cleared."

Given what I've read about this box, a big nod to OpenWRT:
https://forum.openwrt.org/t/install-openwrt-on-an-avm-fritz-box-7530/53338/3

Related Discussions

Related Forums