Something changed: no longer able to SSH to home: xFinity - ssh

I need some help understanding the current situation that I am having with my home network.
My home network is very simple: My ISP is xFinity with a Dynamic IP that doesn't change very frequently. Last IP change occured 6 months ago. It comes into an Arris SB6183 modem that I own. From the Arris, it goes into a Linksys E8540 WiFi 6 Router (or a Netgear R6250 DD-WRT due to troubleshooting). From here, I only have 2 computers: one Linux Desktop, and one personal Windows laptop that I use for web-browsing.
The Linux Desktop machine (LAN IP is 192.168.1.200) has SSHD Service on Port 22. The Router port forwards incoming SSH 22 connection from Internet to Port 22 on 192.168.1.200. Router firewall (SPI) is disabled.
Everything stopped working about 2 weeks ago. I am not able to SSH from outside into my Linux Desktop machine. If I am on the internal LAN, then SSH works just fine.
Using CanYouSeeMe.org shows me that Port 22 cannot connect: "Reason: connection timed out"
Here is what I tried:
Removed the Router and Laptop and plugged in the Linux Desktop
straight into the Arris modem. SSH attempts still shows "Request
timed out"
Made sure that UFW Firewall on Linux is off. No Fail2Ban.
Replaced the Linksys E8450 with Netgear R6250 DD-WRT. No change.
Called xFinity Customer Support and asked "Is Comcast blocking external incoming IPs to Port 22 ?" they responded "We don't block Port 22"
Contacted Comcast Customer Security Assurance and Abuse and asked them to verify if my profile has some Security Profile/Screen in place or some sort of flag. They responded NO.
Then, finally I put a Port Forwarding rule on the router: incoming connection on port 2222 go to SSH 22 on Linux Desktop. And this works!! If I initiate external SSH connection attemps on port 2222 I do indeed connect to my Linux desktop.
In a related news, my Reolink Security APP on my Android Samsung phone no longer connects to my Home Camera over Cellular Data. It connects fine if my Phone connets to the Lan over WiFi.
What are your thoughts ? Does it look like my ISP is blocking incoming connections ? Any help greatly appreciated!

Related

SSH : no reply when connecting from outside home network

I host a personal server at home, behind my home router. When attempting to connect with SSH from internal network, it works fine. From outside my home networks, it happens... nothing.
From internal : ssh user#internal.ip -p custom_port => prompts for
password and connects
From external : ssh user#router.ip -p custom_port => cursor blinks
a little, then nothing. No timeout. I have to ctrl+c to quit
Do you have any idea about how I can solve this ?
Confugation
Serveur : Debian 11
SSH with custom port
iptables allows the SSH custom port + no-ip required ports
Router : NAT configured with the custom port
External IP : either router's IP, or no-ip tld
Router's port forwarding seems OK
I am certain that the server is reachable. I used PortCheckTool:
shows "port open" when the server is up
shows "port close" when the server is down
So the NAT/port forward seems to be OK
It looks as if the server's reply is bocked, but I don't know how to check
I am not a pro admin, so I don't know how to check
if server received connection requested
sent a reply
if the router's firewall blocks the reply
I just checked my router. Firewall enables "all outbound traffic except netbios services".
Update
I found the auth.log file. I cannot find the attempts to connect from outside (no "invalid" entry, nor entry for the related times ).

Raspbian Stretch: Remote ssh connection ( port forwarding ) not working

Device: Raspberry Pi 2 Model B
OS: Raspbian Stretch ( no desktop ) with static ip
Router: Belkin F9K1103
DNS service: Hosting on Norwegian version of domainnameshop.com
Greetings. I'm in the process of setting up my Pi as a server. The current motive is to be able to ssh into the device from another network and host a Git server on it.
It works great at home using the local ip address, but when it comes to port forwarding port 22, NOTHING works... I've tried for at least 10 hours combined, scavenging the internet for solutions on this topic, rasbian / raspberry related port forwarding or general. Nothing seems to work. I've tried everything it seems, and no matter what i do the tests show that the port is CLOSED.
I'm currently port forwarding the Pi's local ip and port 22 on the networks port 22 ( also tried port 3322 to the pi's port 22 ) on BOTH the router and the modem using the internet provider's own service for port forwarding online ( Telenor ). The Pi is connected with an ethernet cable, and I've tried connecting it to both the router and the modem when doing all the tests. I've also tried to add 'Port 22' and 'Port 3322' in the Pi's SSH configuration file.
I've also tried to use a DNS service in which I'm forwarding my home network's ip address but still no luck.
Can anybody please help me before I go insane? I'm I missing something crucial? I can't count on both my hands how many forum posts I've been reading and guides on both raspberry or general port forwarding..
Ok so I found out what was wrong.
Our modem is quite new and advanced, and the internet provider has their own online admin panel for it with its own port forwarding solution and what not. So this was apparently a case of classic double NAT conflict. The router tries to port forward to the modem which would normally just bridge that onto the web, but the modem is in a sense being port forwarded too by the internet provider and it's own services.
What I had to do was reverting the static IP configs on the Pi, unplug it from the wifi router, then plug it directly to the modem and then port forward it using our internet providers online admin panel for the modem.
Now it works brilliantly.

Unable to Ssh on another ISP

When I ssh to my host vps I am able to connect and login easily when on different ISP's i.e.,
My Phone's internet connection
My Friends internet connection
But when I do it at my home,
I get response by ping but unable to connect to ssh using either of,
dns name
ip address
First, make sure that the IP you tried to connect to is a public IP.
Second, if you are using a router, make sure that port forwarding from the router to the destination PC is properly configured. You can usually set it on the router's settings page.
If the ping is entered correctly but the connection is denied, it is likely to be a configuration problem on the router. Or, your ISP may have blocked that port, so use the port scan site to make sure that the port is blocked. If you search for port scanner online on Google, you will see many sites.

Static IP, PI. raspbian jessie

Okay, here's the situation I am in. I have a raspberry Pi 2 model B. I have Raspbain Jessie installed as the OS. I have Apache installed as well. I have a web server running and i am able to edit it and access the site from different devices on different internet connections. I want to be able to connect to my RaspPi through SSH on my MacBook Pro. I am able to do this while on the same network. My Pi is plugged into the router via an Ethernet. What i have tried is, logging into my router and reserving an IP for my Pi, i also entered my MAC address here. I have gone into the port forwarding options in my router and have it set up as: HTTP, TCP, Server address(the one i reserved) my Ipv6, and Start port 80, end port 80. Ontop of that i have gone into my /etc/dhcpcd.conf file. There at the end of the file i added
interface eth0
static ip_address=10.0.0.100
static routers=10.0.0.1
static domain_name_servers=68.44.180.118 2001:558:feed::1 2001:558:feed::2
The guide I followed is attached here and follows other guides i have seen.
http://www.circuitbasics.com/how-to-set-up-a-static-ip-on-the-raspberry-pi/
Yet when i try to SSH remotely i cannot get a connection, and when i connect on the same internet i can connect as normal. Please if anybody sees what could help .
Your router's firewall is probably blocking the ports for SSH, which does not use port 80 (in raspbian, I think its default is port 22). If you are going to take the risk of leaving your SSH open to the public, you should probably switch it to a different port other than the default before opening up a port on your firewall. The Raspbian Community has a thread on how to properly change SSH's default server port. You'll also need to make sure your SSH client is using the same port. You will need to leave 80 open for web, and also forward the SSH port, which ever you choose that to be (22 is the default).

Raspberry PI Web server - Local connection good - outside local no connection

I don't have a ton of experience with routers or port forwarding, but I do have a new Raspberry Pi and I wanted to see if I could set up a simple Hello World page just for educational purposes. I have quite a bit set up with apache2 already installed and the web page works great on my local area network, however I can't connect to it using my LTE from my phone, telling me this thing does not connect to the internet.
I am currently using Rasbian under all the default settings from the pi.
My router is an all in one modem and router, from xfinity. After sifting through countless sites trying to solve this issue, the following 2 were the closest thing to my particular issue. My reputation is not high enough to put more than 2 links, so I will put the most important ones..
So to the best of my knowledge this is the way to do it ...
1) Set the web server up to work locally
2) Then go into the router with the IPv4 or IPv6 (shouldn't matter which) and forward all Port 80 traffic to, say, Port 8080 where my PI 'should' be listening, then send back my web page down through Port 80 to the client calling the web page.
Under 10.0.0.1 I find this...
Then I go to 'Advanced'
I have tried from Start port 80 to End port 8080, which my 2 PI files I edited to listen for that port.
Those files are under
sudo nano /ect/apache2/sites-enabled-000-default.conf
and
sudo nano /ect/apache2/ports.conf
I changed
Listen 80
to
Listen 8080
and all other combinations alongside changing my router Start and End ports... none of which worked so I am lead to believe there is either a knowledge gap or I am doing something terribly wrong.
I just want to put a simply Raspberry pi web server online from my Local connection at home using a Comcast xfinity router. If anyone has any experience doing, I would seriously appreciate it, I've spent far too many hours trying to walk through this alone, so now I am reaching out to the faithful stackoverflow community.
It sounds like you are almost there.
For you to be able to access your raspberry pi server from the internet, you need to find your external ip address. Your router has one external ip address that you can reach from the internet. While on your wifi, search google for "what is my ip" Google may display it as the top result, or you might have to click into a site like ipchicken. Write this IP address down.
Next, setup your router to forward all port 80 (default http port). Try setting Apache to listen on port 80, and have your router set with start port and end port to be port 80 (this makes it so you don't have to put :port-number in the address, i.e. you will do http://your-ip-address rather than http://your-ip-address:8080). The start port is the port on the external network, the end is the port that your Apache server is running on the raspi.
It looks like your raspi has the ip address of 10.0.0.17 on your local network based on your screen shot. If it doesn't, change the IP address in the port forwarding section of the router configuration to be the IP address of your pi. You can figure out what the assigned IP address of your pi is through the router interface, or by typing ifconfig -a and looking for the ip address of the adapter that you're using to connect to the network. Your router may have the ability to assign a static ip address to your raspberry pi while it's connected to your network. It would say something like DHCP reservation. You'd need to find the MAC address of your pi. You can do that with ifconfig -a as well. Then configure your modem to always assign your pi the same ip address that you've configured in the port forwarding.
Now that everything is setup, switch to your cellular connection and then try to go to the ipaddress that Google gave you.
type your-ip in browser address bar -> port 80 request to your modem's IP -> you've set external port 80 requests to be forwarded to port 80 on your internal network for the device 10.0.0.17 -> your raspberry pi will serve the HTML
Note: The external ip address of your modem is most likely not static unless you specifically pay for a static address. This address usually will stay the same for at least a day though, so if you're just testing, it's not a big problem. In the future, if you want to ensure that you'll be able to reach your pi, look into dynamic dns.