NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

q3d's avatar
q3d
Aspirant
Sep 10, 2023
Solved

Local SSH works, remove SSH fails even with port-forwarding

I have enabled SSH, and locally works fine for the accounts that have SSH enabled.

 

However, when I port forward port 22 to the NAS, it doesn't respond when trying to use SSH (on laptop/phone when away/using mobile data). There is a timeout response from the client and the logs from the NAS just show (auth.log):

Sep 10 19:07:21 NAS sshd[10270]: pam_unix(sshd:session): session opened for user admin by (uid=0)
Sep 10 19:07:21 NAS sshd[10270]: pam_unix(sshd:session): session closed for user admin

 

Any way to diagnose what's preventing access to the NAS via SSH?

 

I've also enabled FTP (+SFTP) and same issue, no response/time outs when connecting from an external IP (non-LAN).

 

When port-forwarding to another device (not the NAS) on the same port, it works fine....

 

  • q3d's avatar
    q3d
    Sep 19, 2023

    I enabled DMZ on the router to point to the NAS and works fine - so it's the router 🙂

     

    Thanks for your input guys - I haven't done basic h/w troubleshooting for several years now, so a revisit is always good.

     

    Note: I've secured the NAS now that I know what was causing the issue.

10 Replies

Replies have been turned off for this discussion
  • schumaku's avatar
    schumaku
    Guru - Experienced User

    q3d wrote:

    I have enabled SSH, and locally works fine for the accounts that have SSH enabled.

     

    However, when I port forward port 22 to the NAS, it doesn't respond when trying to use SSH (on laptop/phone when away/using mobile data). There is a timeout response from the client and the logs from the NAS just show (auth.log):

    Sep 10 19:07:21 NAS sshd[10270]: pam_unix(sshd:session): session opened for user admin by (uid=0)
    Sep 10 19:07:21 NAS sshd[10270]: pam_unix(sshd:session): session closed for user admin

     

    Any way to diagnose what's preventing access to the NAS via SSH?.


    Uneducated guess: You need to use the username root, instead of admin.

     


    q3d wrote:

    I've also enabled FTP (+SFTP) and same issue, no response/time outs when connecting from an external IP (non-LAN)


    Not sure you understand the major difference between sftp and ftp, especially when using ftp over port forwarding?

     

     

    • q3d's avatar
      q3d
      Aspirant

      When trying to log in, it's not even prompting for anything. When using an external IP not related to the NAS external IP (ie not LAN IP's), it appears to not respond at all (no banner, login, etc.). I switch to the NAS public IP (NAS is within a LAN), and the login prompt appear fine.

       

      It appears there's a external IP blocker or external IP blacklist, since the LAN IP's work and the External IP of the NAS works fine too. I don't recall setting one up (fail2ban, hosts, etc.) but hen again, it's been awhile since I did anything with the NAS....

       

      Not running fail2ban, the /etc/hosts.deny is empty, /etc/hosts.allow is empty

       

      and /etc/hosts has the following:

      127.0.0.1 localhost
      ::1 localhost ip6-localhost ip6-loopback
      fe00::0 ip6-localnet
      ff00::0 ip6-mcastprefix
      ff02::1 ip6-allnodes
      ff02::2 ip6-allrouters

      127.0.0.1 ********* loghost # added by readynasd:ads

       

      iptables -L INPUT -v

      Chain INPUT (policy ACCEPT 9851K packets, 2542M bytes)
      pkts bytes target prot opt in out source destination
      9847K 2542M all -- bond0 * 0.0.0.0/0 0.0.0.0/0
      1011 80512 tcp -- bond0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
      0 0 tcp -- bond0 * 0.0.0.0/0 0.0.0.0/0 tcp spt:22

      • StephenB's avatar
        StephenB
        Guru - Experienced User

        What readynas model do you have, and what fimware is it running?

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More