Home Network Community > 5G/4G Wi-Fi Routers/MiFi > [FIXED] SSH working partly
< 5G/4G Wi-Fi Routers/MiFi

[FIXED] SSH working partly

[FIXED] SSH working partly

[FIXED] SSH working partly
[FIXED] SSH working partly
Monday - last edited 18 hours ago
Tags: #Network Connectivity
Model: Archer MR600  
Hardware Version: V3
Firmware Version: 1.2.0 0.9.1 v0001.0 Build 240716 Rel.54691n

Good evening, guys, I've recently bought this router to bypass some issues I had been experiencing on my Virgin Media Hub 3 for several years.
On my LAN/WLAN there are many machines, one macmini, one raspberry, one enigma2 satellite device, just to mention a few.
Ok, the first thing I've done has been to set up a port forwarding rule to allow SSH connections on a port different from the default 22.

This is the situation so far, just to be clear:
- From laptop (macbook Pro) to satellite decoder: OK,  both on local and external connections;
- From laptop (macbook Pro) to NAS: OK,  both on local and external connections;
- From laptop (macbook Pro) to macmini: OK,  both on local and external connections;
- From laptop (macbook Pro) to raspberry PI: OK only on external connections, not on local ones.

Just to give you an example:

Macandy:~ alutri$ ssh -p552 192.168.0.x
ssh: connect to host xxx port 552: Connection refused

Macandy:~ alutri$ ssh -p552 username@public_ip_address
OK!

To be honest, I don't have a clue, I've used the same settings on different routers for many years with no problems.
I'm afraid it might be a router firmware bug.
Could you help me please?
I'm also posting the relevant setting from the route interface.
Thank you very much...

 

 

  0      
 
  0      
 
#1
Options
1 Accepted Solution
Re:SSH working partly-Solution
Yesterday - last edited 18 hours ago

So, I decided to dedicate more time to the issue.
In the end it turned out it was a problem regarding the RPi firewall configuration.
After launching the command iptables -S on the host, I recognized there was a setting blocking all the local ssh connections from my macbook pro when a specific circumstance (ICMP not reachable) was being met.
I deleted the rule this way: iptables -D f2b-sshd -s 192.168.0.17/32 -j REJECT --reject-with icmp-port-unreachable.
Now it works like a charm.
Hope this fix can help somebody else facing the same issues.

Recommended Solution
  0  
  0  
#10
Options
9 Reply
Re:SSH working partly
Monday

  @Burroughs70 

 

For a local SSH connection to the RPi wouldn't it be:  Macandy:~ alutri$ ssh -p22 192.168.0.x

and just for an external SSH connection to be Macandy:~ alutri$ ssh -p552 192.168.0.x

If this was helpful click on the arrow pointing upward to make it blue. If this solves your issue, click the star to make it blue and mark the post as a "Recommended Solution".
  0  
  0  
#2
Options
Re:SSH working partly
Tuesday

  @terziyski 

Hi, pal, thanks for your reply.
As the RPi is reachable from the Internet as well, for obvious security reasons I cannot use the defaul port 22.

  0  
  0  
#3
Options
Re:SSH working partly
Tuesday

  @Burroughs70 

 

For a local SSH access you can use the original TCP port 22. If you use TCP port 552 for external access the port-forwarding rule would look like:

If you insist to move the defualt SSH service TCP port 22 to a custom port use a port above the well know ports of 1024 (for example 8022).

If this was helpful click on the arrow pointing upward to make it blue. If this solves your issue, click the star to make it blue and mark the post as a "Recommended Solution".
  0  
  0  
#4
Options
Re:SSH working partly
Tuesday

I've used a different port (1066 to be precise), changed the settings on both the SSH server and the router but I'm not able to login.
If I launch nmap I got contradictory responses, which I'll show now:

- Macandy:~ alutri$ nmap -p 552 192.168.0.120 -Pn
[...]

PORT    STATE  SERVICE
552/tcp closed deviceshare

 

pi@glasgy:~ $ nmap -p 552 192.168.0.120
[...]

PORT    STATE SERVICE
552/tcp open  deviceshare

 

The first command was launched from the laptop (macbook pro), the second one once logged in in the RPi host.

  0  
  0  
#5
Options
Re:SSH working partly
Yesterday - last edited Yesterday

  @Burroughs70 

 

How about the standard SSH service 22 TCP port. Does this work when the RPi SSH service port is back on 22 TCP ?

If this was helpful click on the arrow pointing upward to make it blue. If this solves your issue, click the star to make it blue and mark the post as a "Recommended Solution".
  1  
  1  
#6
Options
Re:SSH working partly
Yesterday

  @terziyski 
If I switch to port 22 the connection times out: no reply at all.

  0  
  0  
#7
Options
Re:SSH working partly
Yesterday - last edited Yesterday

  @Burroughs70 

 

This sounds weird. If your RPi SSH service is on its standard port 22 TCP, you should be able to access it locally from your laptop (wired or wireless).

All MR600 client connections (wired or wireless) should be bridged, so there should be no reaason for time out when connecting to RPi from your laptop.

Did you configure any Service filtering on your MR600:

 

 

If that's not the case, then most probably this issue is connected with the IP address reservation record for RPi.

I see that you have it with several different IP addresses - 192.168.0.120, 192.168.0.121 (in port-forwarding table) and 192.168.0.116 (as IP address reservation) in your other thread.

When configuring IP address reservation make sure that the reserved IP addresses are within the MR600 LAN DHCP server pool.

If this was helpful click on the arrow pointing upward to make it blue. If this solves your issue, click the star to make it blue and mark the post as a "Recommended Solution".
  0  
  0  
#8
Options
Re:SSH working partly
Yesterday

  @terziyski 
First of all, I'd like to thank you for all your help you're providing.
No, no filtering service is off; unfortunately the biggest problem I'm experiencing with this router is not about the SSH connection, but the IP reservation.
All these issues don't make any sense to me, to be honest I think the firmware is buggy.
It would be great to try a beta and see how it behaves.
Just to sum things up, the only "strange" thing I've done after my purchase was to upgrade the firmware before starting the configuration, but upgrading a firmware should be a good practice not the origin of all problems.
I'm thinking about returning the item.

  0  
  0  
#9
Options
Re:SSH working partly-Solution
Yesterday - last edited 18 hours ago

So, I decided to dedicate more time to the issue.
In the end it turned out it was a problem regarding the RPi firewall configuration.
After launching the command iptables -S on the host, I recognized there was a setting blocking all the local ssh connections from my macbook pro when a specific circumstance (ICMP not reachable) was being met.
I deleted the rule this way: iptables -D f2b-sshd -s 192.168.0.17/32 -j REJECT --reject-with icmp-port-unreachable.
Now it works like a charm.
Hope this fix can help somebody else facing the same issues.

Recommended Solution
  0  
  0  
#10
Options

Information

Helpful: 0

Views: 140

Replies: 9

Tags

Network Connectivity
About Us
Press
Copyright © TP-Link Systems Inc. All rights reserved.