Port forwarding to my Suse doesn't work

[dreamspy]

Hi

There seems to be something strange going on with my Suse 10.2 server.

I don't seem to be able to forward ports from my router to my server.

From my local network I can ssh into my server, view web pages hosted on it, access ftp and access any shares I want. I can even ssh and ftp from the router to the server. But when I try to access the server from the internet nothing works.

Now I'd like to add that port forwarding is working flawlessly on my router. I have ports forwarded to other computers and they all work. I've also tried running from the SUSE Live cd and then I was able to ssh to the server from the internet, works without troubles. So this is definately something regarding the setup of the server.

Now I'we turned off the firewall since that is the only thing I can think off that could be causing this, but that didn't help at all.

This stopped working a few weeks ago, and as far as I remember I didn't make any changes to the server at that time. But I could be wrong.

Any ideas?


Regards
Frímann Kjerúlf

[framp]

Weired problem ...

I would use either tcpdump or fireshark on your server to check what kind of requests you see from the internet.

[dreamspy]

I ran tcpdump while I was trying to connect through ssh from a host called herdubreid.rhi.hi.is. I might add that when I ran from the suse live cd, I was able to ssh to the server from this exact host (...hi.is).

The output can be found here: pastebin - collaborative debugging tool

I'm not quite sure what I can make out of this though?

Is that sufficient information from tcpdump to tell you anything? I ran the command like this:

"tcpdump host herdubreid.rhi.hi.is"

regards
Frímann

[framp]

Looks like forwarding is OK.

There are options in sshd.conf which restrict access.

[dreamspy]

There is no sshd.conf file. Could it be /etc/ssh/sshd_config ?

All the files in the /etc/ssh directory haven't changed since 2008, but this was working a month ago so I suspect it's something else. I'll take a look into it though.

reg
Frímann

[framp]

Quote:

Originally Posted by dreamspy

There is no sshd.conf file. Could it be /etc/ssh/sshd_config ?

Yes. ssh doesn't use the common file naming

[dreamspy]

Since every service is failing to work I don't think has anything to do with SSH. But I replaced the entire /etc/ssh directory with the files from the SUSE Live CD. But that didn't help at all.

Now the just to summarize the situation:

If I forwards ports on my router to my server, they never work. I can though forward ports to other computers, and if I run SUSE from the LIVE CD port forwarding works flawlessly, for http, ftp and ssh.

The firewall is turned off.

So I really don't know what could be causing this, absolutely no clue.

If hope I don't have to set up my server from scratch because of this. That's a big task and would take me days to get it back in it's previous state.

If anybody has an idea about what might be causing this, then I'm ver grateful for any help/ideas.

[ken_yap]

You showed us the output of tcpdump on a session that worked. Have you got the output of a session that doesn't work? At the very least you should see the first SYN packet from outside in that session.

[dreamspy]

Ahh no that was a dump from a session that wasn't working. My message was maybe a little confusing.

I tried it again and here is another dump from tcpdump: pastebin - collaborative debugging tool


reg
Frímann

[ken_yap]

Turn on full protocol decode with -v or -vv as suggested.

Also do the same monitoring at the other end.

Looks like the exchange is going into a loop.