External access to home issue
Objavljeno: 26. Jan 2013 ob 16:03
I don't know Slovene, so sorry for the English 
It seems that I'm unable to access my home server (nor my Desktop) running ssh from outside my LAN network. Inside my LAN I am perfectly able to access my home server (and Desktop) and I am able to access ssh servers that are outside my network (i.e. from home to work). Previously I had a different ISP and router and back then I never had an issue.
Some details about my setup:
T2 modem: MILAN MIL-SM801G
Router: TP-LINK TL-WR741ND v1.9 (connected to the modem)
Both server and desktop are connected to my router. Both of them have static ip's configured in the router setup and that seems to be working perfectly fine.
I use a no-ip domain to have easy access to my home ip, but using the ip directly (obtained from router status page) didn't solve anything either. I have setup a port forwarding entry in my router to the correct port that my ssh server is listening to.
Router security settings.
Basic security: DISABLED SPI firewall, ENABLED PPTP, L2TP, IPSEC passthroughs as well as FTP, TFTP, H323 ALG's, this should let my ssh connection pass through.
Advanced security: DISABLED DoS protection, FLOOD filtering (ICMP, UDP, TCP-SYN), ... Basically everything is disabled to prevent it from interfering with my ssh connection (for now).
No special routing setup in the router (aside from port forwarding).
No firewalls present on either the server or desktop.
What I have tried:
Changed to various ports to check for port filtering by T2, but I was told by the technical help desk that T2 does not filter ports/traffic
The technical help desk was able to ping my T2 modem and supposedly also my router, however when I try to ping/traceroute from work to home I do not get a reply (100% packet loss), traceroute seems to be blocked before it reaches my home.
traceroute from work to home (by using IP):
traceroute to xx.xx.xx.xx (xx.xx.xx.xx), 30 hops max, 60 byte packets
1 f9gw.ijs.si (194.249.156.9) 0.586 ms 0.740 ms 0.917 ms
2 194.249.61.129 (194.249.61.129) 0.827 ms 1.295 ms 1.427 ms
3 larnes6-T1-2.arnes.si (178.172.81.136) 0.520 ms 0.732 ms 0.495 ms
4 six2.t-2.si (91.220.194.14) 0.784 ms 0.798 ms 0.851 ms
5 * * *
6 * * *
7 * * *
snipped the rest because all other hops also give * * *
traceroute by using a public service: http://ping.eu/traceroute/
traceroute to xxxxxxx.no-ip.com (xx.xx.xx.xx), 30 hops max, 60 byte packets
1 static.185.212.4.46.clients.your-server.de 46.4.212.185 de 2.599 ms 2.879 ms 2.882 ms
2 hos-tr4.juniper2.rz13.hetzner.de 213.239.224.97 de 14.997 ms
hos-tr1.juniper1.rz13.hetzner.de 213.239.224.1 de 0.140 ms
hos-tr3.juniper2.rz13.hetzner.de 213.239.224.65 de 14.991 ms
3 hos-bb2.juniper4.rz2.hetzner.de 213.239.240.138 de 2.820 ms 2.829 ms 2.815 ms
4 ae55.edge7.Frankfurt1.Level3.net 195.16.162.253 gb 12.715 ms 12.719 ms 12.715 ms
5 vlan60.csw1.Frankfurt1.Level3.net 4.69.154.62 us 26.450 ms
vlan70.csw2.Frankfurt1.Level3.net 4.69.154.126 us 25.850 ms 28.457 ms
6 ae-92-92.ebr2.Frankfurt1.Level3.net 4.69.140.29 de 25.817 ms
ae-72-72.ebr2.Frankfurt1.Level3.net 4.69.140.21 us 25.161 ms
ae-82-82.ebr2.Frankfurt1.Level3.net 4.69.140.25 de 25.687 ms
7 ae-1-10.bar1.Ljubljana1.Level3.net 4.69.151.185 us 25.657 ms 26.360 ms 26.300 ms
8 * * *
9 * * *
10 * * *
No reply for 3 hops. Assuming we reached firewall.
I also tried connecting my Desktop (also running an ssh server) directly to the T2 modem (bypassing my router) and then I tried to connect over ssh to my desktop (from work). I also tried to ping and a traceroute. Now ping still fails, but traceroute seems to end up to my Desktop (see below), however I am not able to login to my desktop over ssh (I always get connection timed out).
traceroute to xx.xx.xx.xx (xx.xx.xx.xx), 30 hops max, 60 byte packets
1 static.185.212.4.46.clients.your-server.de 46.4.212.185 de 1.188 ms 1.374 ms 1.432 ms
2 hos-tr1.juniper1.rz13.hetzner.de 213.239.224.1 de 0.136 ms 0.205 ms 0.201 ms
3 hos-bb2.juniper8.rz1.hetzner.de 213.239.240.139 de 2.868 ms 2.793 ms 2.854 ms
4 nbg-s1-rou-1001.DE.eurorings.net 134.222.107.20 nl 3.213 ms 3.438 ms 3.506 ms
5 ffm-s1-rou-1102.DE.eurorings.net 134.222.227.117 nl 6.883 ms 6.937 ms 6.934 ms
6 ffm-s2-rou-1041.DE.eurorings.net 134.222.229.74 nl 6.927 ms 6.831 ms 6.817 ms
7 ffm-b12-link.telia.net 213.248.86.233 7.392 ms
8 ffm-bb1-link.telia.net 213.155.132.208 7.216 ms
ffm-bb1-link.telia.net 213.155.135.106 7.305 ms
ffm-bb2-link.telia.net 213.155.135.12 44.725 ms
9 win-bb2-link.telia.net 80.91.246.143 19.648 ms
prag-bb1-link.telia.net 213.155.132.241 59.912 ms
prag-bb1-link.telia.net 213.155.131.217 25.072 ms
10 win-b4-link.telia.net 213.155.133.77 132.730 ms
win-b4-link.telia.net 213.155.132.177 94.945 ms
win-b4-link.telia.net 213.155.132.129 19.706 ms
11 t2-ic-131844-win-b4.c.telia.net 213.248.79.230 31.015 ms 25.577 ms 30.989 ms
12 84-255-250-45.core.t-2.net 84.255.250.45 si 25.877 ms 25.808 ms 25.877 ms
13 * * *
14 xx-xx-xx-xx.dynamic.t-2.net xx.xx.xx.xx si 26.045 ms 26.022 ms 31.458 ms
Currently I don't know what else to try. It doesn't look like it's an issue with my router, but I have no clue what the issue would be. I'm hoping someone is able to point me in the right direction.
It seems that I'm unable to access my home server (nor my Desktop) running ssh from outside my LAN network. Inside my LAN I am perfectly able to access my home server (and Desktop) and I am able to access ssh servers that are outside my network (i.e. from home to work). Previously I had a different ISP and router and back then I never had an issue.
Some details about my setup:
T2 modem: MILAN MIL-SM801G
Router: TP-LINK TL-WR741ND v1.9 (connected to the modem)
Both server and desktop are connected to my router. Both of them have static ip's configured in the router setup and that seems to be working perfectly fine.
I use a no-ip domain to have easy access to my home ip, but using the ip directly (obtained from router status page) didn't solve anything either. I have setup a port forwarding entry in my router to the correct port that my ssh server is listening to.
Router security settings.
Basic security: DISABLED SPI firewall, ENABLED PPTP, L2TP, IPSEC passthroughs as well as FTP, TFTP, H323 ALG's, this should let my ssh connection pass through.
Advanced security: DISABLED DoS protection, FLOOD filtering (ICMP, UDP, TCP-SYN), ... Basically everything is disabled to prevent it from interfering with my ssh connection (for now).
No special routing setup in the router (aside from port forwarding).
No firewalls present on either the server or desktop.
What I have tried:
Changed to various ports to check for port filtering by T2, but I was told by the technical help desk that T2 does not filter ports/traffic
The technical help desk was able to ping my T2 modem and supposedly also my router, however when I try to ping/traceroute from work to home I do not get a reply (100% packet loss), traceroute seems to be blocked before it reaches my home.
traceroute from work to home (by using IP):
traceroute to xx.xx.xx.xx (xx.xx.xx.xx), 30 hops max, 60 byte packets
1 f9gw.ijs.si (194.249.156.9) 0.586 ms 0.740 ms 0.917 ms
2 194.249.61.129 (194.249.61.129) 0.827 ms 1.295 ms 1.427 ms
3 larnes6-T1-2.arnes.si (178.172.81.136) 0.520 ms 0.732 ms 0.495 ms
4 six2.t-2.si (91.220.194.14) 0.784 ms 0.798 ms 0.851 ms
5 * * *
6 * * *
7 * * *
snipped the rest because all other hops also give * * *
traceroute by using a public service: http://ping.eu/traceroute/
traceroute to xxxxxxx.no-ip.com (xx.xx.xx.xx), 30 hops max, 60 byte packets
1 static.185.212.4.46.clients.your-server.de 46.4.212.185 de 2.599 ms 2.879 ms 2.882 ms
2 hos-tr4.juniper2.rz13.hetzner.de 213.239.224.97 de 14.997 ms
hos-tr1.juniper1.rz13.hetzner.de 213.239.224.1 de 0.140 ms
hos-tr3.juniper2.rz13.hetzner.de 213.239.224.65 de 14.991 ms
3 hos-bb2.juniper4.rz2.hetzner.de 213.239.240.138 de 2.820 ms 2.829 ms 2.815 ms
4 ae55.edge7.Frankfurt1.Level3.net 195.16.162.253 gb 12.715 ms 12.719 ms 12.715 ms
5 vlan60.csw1.Frankfurt1.Level3.net 4.69.154.62 us 26.450 ms
vlan70.csw2.Frankfurt1.Level3.net 4.69.154.126 us 25.850 ms 28.457 ms
6 ae-92-92.ebr2.Frankfurt1.Level3.net 4.69.140.29 de 25.817 ms
ae-72-72.ebr2.Frankfurt1.Level3.net 4.69.140.21 us 25.161 ms
ae-82-82.ebr2.Frankfurt1.Level3.net 4.69.140.25 de 25.687 ms
7 ae-1-10.bar1.Ljubljana1.Level3.net 4.69.151.185 us 25.657 ms 26.360 ms 26.300 ms
8 * * *
9 * * *
10 * * *
No reply for 3 hops. Assuming we reached firewall.
I also tried connecting my Desktop (also running an ssh server) directly to the T2 modem (bypassing my router) and then I tried to connect over ssh to my desktop (from work). I also tried to ping and a traceroute. Now ping still fails, but traceroute seems to end up to my Desktop (see below), however I am not able to login to my desktop over ssh (I always get connection timed out).
traceroute to xx.xx.xx.xx (xx.xx.xx.xx), 30 hops max, 60 byte packets
1 static.185.212.4.46.clients.your-server.de 46.4.212.185 de 1.188 ms 1.374 ms 1.432 ms
2 hos-tr1.juniper1.rz13.hetzner.de 213.239.224.1 de 0.136 ms 0.205 ms 0.201 ms
3 hos-bb2.juniper8.rz1.hetzner.de 213.239.240.139 de 2.868 ms 2.793 ms 2.854 ms
4 nbg-s1-rou-1001.DE.eurorings.net 134.222.107.20 nl 3.213 ms 3.438 ms 3.506 ms
5 ffm-s1-rou-1102.DE.eurorings.net 134.222.227.117 nl 6.883 ms 6.937 ms 6.934 ms
6 ffm-s2-rou-1041.DE.eurorings.net 134.222.229.74 nl 6.927 ms 6.831 ms 6.817 ms
7 ffm-b12-link.telia.net 213.248.86.233 7.392 ms
8 ffm-bb1-link.telia.net 213.155.132.208 7.216 ms
ffm-bb1-link.telia.net 213.155.135.106 7.305 ms
ffm-bb2-link.telia.net 213.155.135.12 44.725 ms
9 win-bb2-link.telia.net 80.91.246.143 19.648 ms
prag-bb1-link.telia.net 213.155.132.241 59.912 ms
prag-bb1-link.telia.net 213.155.131.217 25.072 ms
10 win-b4-link.telia.net 213.155.133.77 132.730 ms
win-b4-link.telia.net 213.155.132.177 94.945 ms
win-b4-link.telia.net 213.155.132.129 19.706 ms
11 t2-ic-131844-win-b4.c.telia.net 213.248.79.230 31.015 ms 25.577 ms 30.989 ms
12 84-255-250-45.core.t-2.net 84.255.250.45 si 25.877 ms 25.808 ms 25.877 ms
13 * * *
14 xx-xx-xx-xx.dynamic.t-2.net xx.xx.xx.xx si 26.045 ms 26.022 ms 31.458 ms
Currently I don't know what else to try. It doesn't look like it's an issue with my router, but I have no clue what the issue would be. I'm hoping someone is able to point me in the right direction.
