SSHd not acknowledging TCP connection from public IP address

in flag

I am trying to enable SSH access to my home server via SSH from a public IP address. But the SSH server is not responding to requests from a public IP address. Connections from a local IP work fine.

I have set up port forwarding in the router, and I have allowed the connection both in the router firewall and the server iptables firewall.

In iptables, I have the following rule:

pkts bytes target     prot opt in     out     source               destination
117  7052  ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:ssh

And I can see the 'pkts' field increment each time I try to establish a connection.

I can also see from WireShark that the server receives a TCP SYN packet on port 22, but there is no matching outgoing ACK packet.

I have also inspected /etc/ssh/sshd to make sure nothing is in there that would discriminate based on the IP address.

I have looked at the logs with journalctl, but they do not show anything when I try to make the connection. And I have tried running sshd manually with /usr/sbin/sshd -d, but there is no output when I try to make a connection.

Now I am stumped as to what the issue could possibly be. What else could block the connection based on the IP address?

Doug Smythies avatar
gn flag
You can check if sshd is listening for any address on port 22 via `ss -l -n` in addition to other information I got `` for `Local Address:Port` and the STATE was LISTEN, as expected.
ar flag
Does this answer your question? [How to access home ssh server from outside via the Internet?](
Doug Smythies avatar
gn flag
Perhaps show us your entire iptables rule set for overall context. Do `sudo iptables -xvnL` and edit the output into your question. Based on the details in your question, I disagree with @user68186 that the port forwarding on your router is not correctly configured, but maybe I misunderstand something.
in flag

Well, I found the issue, and it wasn't related to ssh at all. My server was configured with the incorrect gateway address, so it could not send packets to the WWW -- only to other machines on the LAN. Kind of a silly mistake, but it caused some behavior I did not expect. If I had been more observant in WireShark, I would have seen the server sending ARP packets searching for the wrong gateway.

I sit in a Tesla and translated this thread with Ai:


Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.