NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Local SSH works, remove SSH fails even with port-forwarding
I have enabled SSH, and locally works fine for the accounts that have SSH enabled.
However, when I port forward port 22 to the NAS, it doesn't respond when trying to use SSH (on laptop/phone when away/using mobile data). There is a timeout response from the client and the logs from the NAS just show (auth.log):
Sep 10 19:07:21 NAS sshd[10270]: pam_unix(sshd:session): session opened for user admin by (uid=0)
Sep 10 19:07:21 NAS sshd[10270]: pam_unix(sshd:session): session closed for user admin
Any way to diagnose what's preventing access to the NAS via SSH?
I've also enabled FTP (+SFTP) and same issue, no response/time outs when connecting from an external IP (non-LAN).
When port-forwarding to another device (not the NAS) on the same port, it works fine....
I enabled DMZ on the router to point to the NAS and works fine - so it's the router 🙂
Thanks for your input guys - I haven't done basic h/w troubleshooting for several years now, so a revisit is always good.
Note: I've secured the NAS now that I know what was causing the issue.
10 Replies
Replies have been turned off for this discussion
q3d wrote:
I have enabled SSH, and locally works fine for the accounts that have SSH enabled.
However, when I port forward port 22 to the NAS, it doesn't respond when trying to use SSH (on laptop/phone when away/using mobile data). There is a timeout response from the client and the logs from the NAS just show (auth.log):
Sep 10 19:07:21 NAS sshd[10270]: pam_unix(sshd:session): session opened for user admin by (uid=0)
Sep 10 19:07:21 NAS sshd[10270]: pam_unix(sshd:session): session closed for user adminAny way to diagnose what's preventing access to the NAS via SSH?.
Uneducated guess: You need to use the username root, instead of admin.
q3d wrote:
I've also enabled FTP (+SFTP) and same issue, no response/time outs when connecting from an external IP (non-LAN)
Not sure you understand the major difference between sftp and ftp, especially when using ftp over port forwarding?
When trying to log in, it's not even prompting for anything. When using an external IP not related to the NAS external IP (ie not LAN IP's), it appears to not respond at all (no banner, login, etc.). I switch to the NAS public IP (NAS is within a LAN), and the login prompt appear fine.
It appears there's a external IP blocker or external IP blacklist, since the LAN IP's work and the External IP of the NAS works fine too. I don't recall setting one up (fail2ban, hosts, etc.) but hen again, it's been awhile since I did anything with the NAS....
Not running fail2ban, the /etc/hosts.deny is empty, /etc/hosts.allow is empty
and /etc/hosts has the following:
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters127.0.0.1 ********* loghost # added by readynasd:ads
iptables -L INPUT -v
Chain INPUT (policy ACCEPT 9851K packets, 2542M bytes)
pkts bytes target prot opt in out source destination
9847K 2542M all -- bond0 * 0.0.0.0/0 0.0.0.0/0
1011 80512 tcp -- bond0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
0 0 tcp -- bond0 * 0.0.0.0/0 0.0.0.0/0 tcp spt:22What readynas model do you have, and what fimware is it running?
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
