Topic: Port Forwarding problem

[mickor]

I use SME 6.0.1-01 and I try to redirect an internet incoming SSH to an internal unix server old character application.

In server-manager menu, I have given (and validated):
Protocole : TCP
Port(s) source : 22
Destination Ip Address : 172.16.1.1 (unix box)
Destination Port(s) : 22

In /var/log/messages I can see:
Nov 30 15:23:02 sme /etc/e-smith/web/panels/manager/cgi-bin/portforwarding[27779]: /home/e-smith/configuration: NEW masq=service|Logging|most|Stealth|no|TCPForwards|22,172.16.1.1:22|UDPForwards||pptp|yes|status|enabled
Nov 30 15:23:02 sme e-smith[27781]: Processing event: remoteaccess-update

"iptables -L" contains:

Chain ForwardedTCP (1 references)
target prot opt source destination
ForwardedTCP_27912 all -- anywhere anywhere
denylog tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN

Chain ForwardedTCP_27912 (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere 172.16.1.1 tcp dpt:ssh


And yet internet ssh remains bloqued, in /var/log/messges I get denylog entry for each attemp:

Nov 30 15:40:57 sme kernel: denylog:IN=eth1 OUT=eth0 SRC=82.231.255.33 DST=172.16.1.1 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=65259 PROTO=TCP SPT=23049 DPT=22 WINDOW=24820 RES=0x00 RST URGP=0
Nov 30 15:41:45 sme kernel: denylog:IN=eth1 OUT=eth0 SRC=82.231.255.33 DST=172.16.1.1 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=65259 PROTO=TCP SPT=23064 DPT=22 WINDOW=24820 RES=0x00 RST URGP=0


What am I doing wrong? Any tip to overcome that?

Thanx for help

[mdo]

Port 22 is used for the ssh service on the SME server itself and I would leave this as it is.

To do what you want I would setup for example:

Protocole : TCP
Port(s) source : 2222
Destination Ip Address : 172.16.1.1 (unix box)
Destination Port(s) : 22

Then try to connect from the outside with SSH to port 2222. That way you can still use 22 to control your SME server.

Regards,
Michael

[mickor]

Hi Michael,

So have I done but when I try, from an other internet-side unix box, the cmd
ssh -p 2222 "my_outer_IP_address"
 I get always timout error.

and /var/log/messages inhalts new lines:
Dec  1 19:15:26 sme kernel: denylog:IN=eth1 OUT=eth0 SRC=82.231.255.33 DST=172.16.1.1 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=65259 PROTO=TCP SPT=21428 DPT=22 WINDOW=24820 RES=0x00 RST URGP=0
Dec  1 19:16:14 sme kernel: denylog:IN=eth1 OUT=eth0 SRC=82.231.255.33 DST=172.16.1.1 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=65259 PROTO=TCP SPT=15889 DPT=22 WINDOW=24820 RES=0x00 RST URGP=0
Dec  1 19:17:18 sme kernel: denylog:IN=eth1 OUT=eth0 SRC=82.231.255.33 DST=172.16.1.1 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=65259 PROTO=TCP SPT=15890 DPT=22 WINDOW=24820 RES=0x00 RST URGP=0


Thanx for help

[raem]

mickor

Another way may be to do this:

Add the internal unix server (IP) to the sme server Hostanames panel eg unixserver

Then ssh to your sme server, then at the command line ssh to the internal unix server using the hostname eg
ssh unixserver


If you still want/need to forward ports then before forwarding a port you must stop using that port, so you should disable ssh in sme server first and then setup the new portforward.

[mickor]

Hi all

I apologize, my unixbox's gateway wasn't the sme.

Since I corrected that all works fine.

Now I can:
ssh -p 2222 "my_outer_IP_address"
My unix box without difficulty nor timout.

Thanks for help