ssh with WAN IP timeout

jkjkjk

2/28/23, 9:43 PM

I have trouble setting up ssh clone for gitea. I use port 2222:22 for the docker, and port forwarding is set up on my router. I could ssh git@localhost -p 2222, but could not ssh git@<public_ip> -p 2222 with error Connection timed out

I have checked the port forwarding work by launching a http server by python3 -m http.server 2222 and open http://<public_ip>:2222 and it works.

I am running the docker image within openmediavault, which runs as a VM in proxmox. I don't touch firewall settings for both of them. Any idea?

Problem solved without any modification. Maybe the problem comes from xfinity.

118

0 + 0

ssh

port-forwarding

linux-networking

Nikita Kipriyanov

2/28/23, 5:28 AM

Please, show the exact output of `iptables-save` on the router. You may mask your public ip, of course.

jkjkjk

2/28/23, 5:48 PM

@NikitaKipriyanov I have no access to that command as I am using Xfinity model. Sorry for that.

Nikita Kipriyanov

3/1/23, 7:52 AM

It is possible your router sets a filter for a DNAT that involves a source interface, i.e. DNAT rule checks if the ingress interface is WAN. In this case, the packet which entered the router via the LAN interface will not be translated. Use split DNS and connect by names instead of literal IP addresses; this way you can achieve the selection of the correct destination address based on which DNS server was quieried, public or local. In the small scale you can just use `hosts` file.

jkjkjk

3/4/23, 8:38 PM

@NikitaKipriyanov Thanks. But what I want to achieve is to clone personal repositories from WAN. So this solution seems only work in LAN?

Nikita Kipriyanov

3/5/23, 6:52 AM

I think I misread your problem. Sorry. It seems to me you've slightly ovedone things. You seem to set up your ssh server on the port 2222 (which is why `ssh -p 2222` works), but forwarded port to 22. Do you still have a line `Port 22` in the `sshd_config`?

jkjkjk

3/6/23, 2:37 PM

Yeah, I let the sshd in docker listen to port 22 and there is that line. I map that port 22 to port 2222 in the docker host.

Nikita Kipriyanov

3/6/23, 6:20 PM

So on the router you are forwarding 2222 to the docker host port 2222? Where were you launching python http server - in the host? Does your container have its own IP address accessible to the router or is it being routed through the host in both directions?

jkjkjk

3/10/23, 2:58 AM

Yeah, I forward 2222 in my router to my docker host 2222. I launch the HTTP server on my docker host. It's being routed through the host.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: ssh with WAN IP timeout

TH: ssh พร้อมหมดเวลา WAN IP

RO: ssh cu timeout IP WAN

RU: ssh с тайм-аутом WAN IP

VI: ssh với thời gian chờ IP WAN

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.