Can ssh from A to B locally but not over internet

English Network/Internet
#1

The set up:

I have 2 computers running suse 11 on the same network with firewall enabled. sshd is configured to listen on ports 22 & 4911 on both computers. both computers are running ddclient and update their ip address fine I can ping their url over the internet. I can connect via ssh locally both directions using their dhcp ip address on either port. the problem is when I try to connect over the internet via ssh using their url (this url for example only)

ssh user@computerA.dyndns.org

I get this:

ssh: connect to host dadsputer.homeip.net port 4911: Connection refused

I checked the ports on www.canyouseeme.com with success.
port forward is setup in my dsl router correctly as I’ve setup port forwarding many times and all works fine for other apps.

My /var/log/messages is:

Mar  8 19:22:19 linux-5r53 sshd[11798]: Received signal 15; terminating.
Mar  8 19:22:19 linux-5r53 sshd[28726]: Server listening on :: port 4911.
Mar  8 19:22:19 linux-5r53 sshd[28726]: Server listening on 0.0.0.0 port 4911.
Mar  8 19:22:19 linux-5r53 sshd[28726]: Server listening on :: port 22.
Mar  8 19:22:19 linux-5r53 sshd[28726]: Server listening on 0.0.0.0 port 22.
Mar  8 19:43:36 linux-5r53 syslog-ng[2142]: STATS: dropped 0

My sshd_config is:

linux-5r53:/home/bruce # cat /etc/ssh/sshd_config 
#	$OpenBSD: sshd_config,v 1.77 2008/02/08 23:24:07 djm Exp $

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options change a
# default value.

Port 22
port 4911
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

# Disable legacy (protocol version 1) support in the server for new
# installations. In future the default will change to require explicit
# activation of protocol 1
Protocol 2

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 768

# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
#PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6

#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile	.ssh/authorized_keys

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no
#PermitEmptyPasswords no

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

# Set this to 'yes' to enable support for the deprecated 'gssapi' authentication
# mechanism to OpenSSH 3.8p1. The newer 'gssapi-with-mic' mechanism is included
# in this release. The use of 'gssapi' is deprecated due to the presence of 
# potential man-in-the-middle attacks, which 'gssapi-with-mic' is not susceptible to.
#GSSAPIEnableMITMAttack no
 

# Set this to 'yes' to enable PAM authentication, account processing, 
# and session processing. If this is enabled, PAM authentication will 
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes

#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes 
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10
#PermitTunnel no
#ChrootDirectory none

# no default banner path
#Banner none

# override default of no subsystems
Subsystem	sftp	/usr/lib64/ssh/sftp-server

# This enables accepting locale enviroment variables LC_* LANG, see sshd_config(5).
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES 
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT 
AcceptEnv LC_IDENTIFICATION LC_ALL

# Example of overriding settings on a per-user basis
#Match User anoncvs
#	X11Forwarding no
#	AllowTcpForwarding no
#	ForceCommand cvs server

My ssh_config is:

linux-5r53:/home/bruce # cat /etc/ssh/ssh_config 
#	$OpenBSD: ssh_config,v 1.23 2007/06/08 04:40:40 pvalchev Exp $

# This is the ssh client system-wide configuration file.  See
# ssh_config(5) for more information.  This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.

# Configuration data is parsed as follows:
#  1. command line options
#  2. user-specific file
#  3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.

# Site-wide defaults for some commonly used options.  For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.

Host *
#   ForwardAgent no
#   ForwardX11 no

# If you do not trust your remote host (or its administrator), you
# should not forward X11 connections to your local X11-display for
# security reasons: Someone stealing the authentification data on the
# remote side (the "spoofed" X-server by the remote sshd) can read your
# keystrokes as you type, just like any other X11 client could do.
# Set this to "no" here for global effect or in your own ~/.ssh/config
# file if you want to have the remote X11 authentification data to 
# expire after two minutes after remote login.
ForwardX11Trusted yes

#   RhostsRSAAuthentication no
#   RSAAuthentication yes
#   PasswordAuthentication yes
#   HostbasedAuthentication no
#   GSSAPIAuthentication no
#   GSSAPIDelegateCredentials no
#   BatchMode no
#   CheckHostIP yes
#   AddressFamily any
#   ConnectTimeout 0
#   StrictHostKeyChecking ask
#   IdentityFile ~/.ssh/identity
#   IdentityFile ~/.ssh/id_rsa
#   IdentityFile ~/.ssh/id_dsa
    Port 4911 
    Protocol 2
#   Cipher 3des
#   Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
#   MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
#   EscapeChar ~
#   Tunnel no
#   TunnelDevice any:any
#   PermitLocalCommand no
#   GSSAPIAuthentication no
#   GSSAPIDelegateCredentials no 

# Set this to 'yes' to enable support for the deprecated 'gssapi' authentication
# mechanism to OpenSSH 3.8p1. The newer 'gssapi-with-mic' mechanism is included
# in this release. The use of 'gssapi' is deprecated due to the presence of 
# potential man-in-the-middle attacks, which 'gssapi-with-mic' is not susceptible to.
#   GSSAPIEnableMITMAttack no

# This enables sending locale enviroment variables LC_* LANG, see ssh_config(5).
SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES 
SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT 
SendEnv LC_IDENTIFICATION LC_ALL

Hopefully it’s just something small I overlooked. I’ve been fighting with this all day.
Any help is greatly appreciated.

Thanks,
Bruce.

#2

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Add the ‘-v’ option to your client to see if you can get any other valid
data there. Also test the port’s actual connection with netcat:

netcat -zv ipAddressOrDNS 4911

Get a LAN trace from the SSH server side to see if you are getting through
at all.

Good luck.

bruce32466 wrote:
> The set up:
>
> I have 2 computers running suse 11 on the same network with firewall
> enabled. sshd is configured to listen on ports 22 & 4911 on both
> computers. both computers are running ddclient and update their ip
> address fine I can ping their url over the internet. I can connect via
> ssh locally both directions using their dhcp ip address on either port.
> the problem is when I try to connect over the internet via ssh using
> their url (this url for example only)
>
> Code:
> --------------------
> ssh user@computerA.dyndns.org
> --------------------
>
> I get this:
>
> Code:
> --------------------
> ssh: connect to host dadsputer.homeip.net port 4911: Connection refused
>
> --------------------
>
> I checked the ports on www.canyouseeme.com with success.
> port forward is setup in my dsl router correctly as I’ve setup port
> forwarding many times and all works fine for other apps.
>
> My /var/log/messages is:
>
> Code:
> --------------------
> Mar 8 19:22:19 linux-5r53 sshd[11798]: Received signal 15; terminating.
> Mar 8 19:22:19 linux-5r53 sshd[28726]: Server listening on :: port 4911.
> Mar 8 19:22:19 linux-5r53 sshd[28726]: Server listening on 0.0.0.0 port 4911.
> Mar 8 19:22:19 linux-5r53 sshd[28726]: Server listening on :: port 22.
> Mar 8 19:22:19 linux-5r53 sshd[28726]: Server listening on 0.0.0.0 port 22.
> Mar 8 19:43:36 linux-5r53 syslog-ng[2142]: STATS: dropped 0
>
> --------------------
>
> My sshd_config is:
>
> Code:
> --------------------
> linux-5r53:/home/bruce # cat /etc/ssh/sshd_config
> # $OpenBSD: sshd_config,v 1.77 2008/02/08 23:24:07 djm Exp $
>
> # This is the sshd server system-wide configuration file. See
> # sshd_config(5) for more information.
>
> # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
>
> # The strategy used for options in the default sshd_config shipped with
> # OpenSSH is to specify options with their default value where
> # possible, but leave them commented. Uncommented options change a
> # default value.
>
> Port 22
> port 4911
> #AddressFamily any
> #ListenAddress 0.0.0.0
> #ListenAddress ::
>
> # Disable legacy (protocol version 1) support in the server for new
> # installations. In future the default will change to require explicit
> # activation of protocol 1
> Protocol 2
>
> # HostKey for protocol version 1
> #HostKey /etc/ssh/ssh_host_key
> # HostKeys for protocol version 2
> #HostKey /etc/ssh/ssh_host_rsa_key
> #HostKey /etc/ssh/ssh_host_dsa_key
>
> # Lifetime and size of ephemeral version 1 server key
> #KeyRegenerationInterval 1h
> #ServerKeyBits 768
>
> # Logging
> # obsoletes QuietMode and FascistLogging
> #SyslogFacility AUTH
> #LogLevel INFO
>
> # Authentication:
>
> #LoginGraceTime 2m
> #PermitRootLogin yes
> #StrictModes yes
> #MaxAuthTries 6
>
> #RSAAuthentication yes
> #PubkeyAuthentication yes
> #AuthorizedKeysFile .ssh/authorized_keys
>
> # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
> #RhostsRSAAuthentication no
> # similar for protocol version 2
> #HostbasedAuthentication no
> # Change to yes if you don’t trust ~/.ssh/known_hosts for
> # RhostsRSAAuthentication and HostbasedAuthentication
> #IgnoreUserKnownHosts no
> # Don’t read the user’s ~/.rhosts and ~/.shosts files
> #IgnoreRhosts yes
>
> # To disable tunneled clear text passwords, change to no here!
> PasswordAuthentication no
> #PermitEmptyPasswords no
>
> # Change to no to disable s/key passwords
> #ChallengeResponseAuthentication yes
>
> # Kerberos options
> #KerberosAuthentication no
> #KerberosOrLocalPasswd yes
> #KerberosTicketCleanup yes
> #KerberosGetAFSToken no
>
> # GSSAPI options
> #GSSAPIAuthentication no
> #GSSAPICleanupCredentials yes
>
> # Set this to ‘yes’ to enable support for the deprecated ‘gssapi’ authentication
> # mechanism to OpenSSH 3.8p1. The newer ‘gssapi-with-mic’ mechanism is included
> # in this release. The use of ‘gssapi’ is deprecated due to the presence of
> # potential man-in-the-middle attacks, which ‘gssapi-with-mic’ is not susceptible to.
> #GSSAPIEnableMITMAttack no
>
>
> # Set this to ‘yes’ to enable PAM authentication, account processing,
> # and session processing. If this is enabled, PAM authentication will
> # be allowed through the ChallengeResponseAuthentication and
> # PasswordAuthentication. Depending on your PAM configuration,
> # PAM authentication via ChallengeResponseAuthentication may bypass
> # the setting of “PermitRootLogin without-password”.
> # If you just want the PAM account and session checks to run without
> # PAM authentication, then enable this but set PasswordAuthentication
> # and ChallengeResponseAuthentication to ‘no’.
> UsePAM yes
>
> #AllowTcpForwarding yes
> #GatewayPorts no
> X11Forwarding yes
> #X11DisplayOffset 10
> #X11UseLocalhost yes
> #PrintMotd yes
> #PrintLastLog yes
> #TCPKeepAlive yes
> #UseLogin no
> #UsePrivilegeSeparation yes
> #PermitUserEnvironment no
> #Compression delayed
> #ClientAliveInterval 0
> #ClientAliveCountMax 3
> #UseDNS yes
> #PidFile /var/run/sshd.pid
> #MaxStartups 10
> #PermitTunnel no
> #ChrootDirectory none
>
> # no default banner path
> #Banner none
>
> # override default of no subsystems
> Subsystem sftp /usr/lib64/ssh/sftp-server
>
> # This enables accepting locale enviroment variables LC_* LANG, see sshd_config(5).
> AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
> AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
> AcceptEnv LC_IDENTIFICATION LC_ALL
>
> # Example of overriding settings on a per-user basis
> #Match User anoncvs
> # X11Forwarding no
> # AllowTcpForwarding no
> # ForceCommand cvs server
>
> --------------------
>
> My ssh_config is:
>
> Code:
> --------------------
> linux-5r53:/home/bruce # cat /etc/ssh/ssh_config
> # $OpenBSD: ssh_config,v 1.23 2007/06/08 04:40:40 pvalchev Exp $
>
> # This is the ssh client system-wide configuration file. See
> # ssh_config(5) for more information. This file provides defaults for
> # users, and the values can be changed in per-user configuration files
> # or on the command line.
>
> # Configuration data is parsed as follows:
> # 1. command line options
> # 2. user-specific file
> # 3. system-wide file
> # Any configuration value is only changed the first time it is set.
> # Thus, host-specific definitions should be at the beginning of the
> # configuration file, and defaults at the end.
>
> # Site-wide defaults for some commonly used options. For a comprehensive
> # list of available options, their meanings and defaults, please see the
> # ssh_config(5) man page.
>
> Host *
> # ForwardAgent no
> # ForwardX11 no
>
> # If you do not trust your remote host (or its administrator), you
> # should not forward X11 connections to your local X11-display for
> # security reasons: Someone stealing the authentification data on the
> # remote side (the “spoofed” X-server by the remote sshd) can read your
> # keystrokes as you type, just like any other X11 client could do.
> # Set this to “no” here for global effect or in your own ~/.ssh/config
> # file if you want to have the remote X11 authentification data to
> # expire after two minutes after remote login.
> ForwardX11Trusted yes
>
> # RhostsRSAAuthentication no
> # RSAAuthentication yes
> # PasswordAuthentication yes
> # HostbasedAuthentication no
> # GSSAPIAuthentication no
> # GSSAPIDelegateCredentials no
> # BatchMode no
> # CheckHostIP yes
> # AddressFamily any
> # ConnectTimeout 0
> # StrictHostKeyChecking ask
> # IdentityFile ~/.ssh/identity
> # IdentityFile ~/.ssh/id_rsa
> # IdentityFile ~/.ssh/id_dsa
> Port 4911
> Protocol 2
> # Cipher 3des
> # Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
> # MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
> # EscapeChar ~
> # Tunnel no
> # TunnelDevice any:any
> # PermitLocalCommand no
> # GSSAPIAuthentication no
> # GSSAPIDelegateCredentials no
>
> # Set this to ‘yes’ to enable support for the deprecated ‘gssapi’ authentication
> # mechanism to OpenSSH 3.8p1. The newer ‘gssapi-with-mic’ mechanism is included
> # in this release. The use of ‘gssapi’ is deprecated due to the presence of
> # potential man-in-the-middle attacks, which ‘gssapi-with-mic’ is not susceptible to.
> # GSSAPIEnableMITMAttack no
>
> # This enables sending locale enviroment variables LC_* LANG, see ssh_config(5).
> SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
> SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
> SendEnv LC_IDENTIFICATION LC_ALL
>
> --------------------
>
> Hopefully it’s just something small I overlooked. I’ve been fighting
> with this all day.
> Any help is greatly appreciated.
>
> Thanks,
> Bruce.
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIcBAEBAgAGBQJJtJK8AAoJEF+XTK08PnB5AxIP/2egL2PwzdFduCyXR8y1UrsY
LIZ4WA6qLHXUd2n9mdp4WlNwkb/0kBNC5XnndfW6B3M/5TcvNB2yAukzu2qEPJ9N
rqyjmUoyRSVKL/PM5qR6+JybcdLu9cxXZ3GSUFAzBrwAquMohdblZYKi6C4Qs2Mb
fQXEaAdd/UzVhS6H9zYU4ZYTvtjsuQmTFkT488HLjG3qMgRLa94a3pvRr8ee0cDk
9q+BB+mtKMO1doJbUXt2EKIhIYhLu5wgdfY96UTUQka2pCdv2stzJAsoKDpswa00
mFE5ON8X68S3+UyeBRx6dMY/0kGtOlUnL3QKUQcFFlDNweeqbClvxi/H8rlCrJ9c
ibyeNU0gQRahRKZ8WrwPMyz61zkv/iwIhcWhFEVToqdY87ELGBiYR9TIvr37TBDZ
3zCP3VpALJ/MaTJEBNKmdf20m1RKoW6XiGGmUdeR3HzzaxBKBvLK0Mrzu8KihML4
yDo2Tit6L+UuRgIbF+u0Frzu6CKzTGMBumpIgkQOE6NkGkcL0LBX1+CJZmAgYrHQ
Y/gaZqCQHbqUj0P7l6PrdZuFYEzsocvVbnX4CEPeMqN+GhJMCnsw7IWZLryCjqVw
TKQwlzUbfAcRNc9C0p8ltfj9oZocxjdMGdlKrpfEDVh4ADeWRRHCYAUrb5ihsmfJ
wLafFvA+Xm0iIVLVRPuk
=JxMc
-----END PGP SIGNATURE-----

#3

Try


ssh -l [username] -p 4911 hostname.tld

I also assume that you’re forwarding the ports from the Internet to the appropriate machine? You didn’t describe your network layout, but if it’s a standard DSL modem/router with port forwarding/NAT, then try the above.

#4

Thanks for the quick response!

I used tcpdump on the server while trying to log in from the client. hope this helps.

linux-5r53:/tmp # tcpdump -i eth0 
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
21:23:33.634073 IP checkip-ams.dyndns.com.http > linux-5r53.17212: S 3314817264:3314817264(0) ack 2129004658 win 65535 <mss 1452,nop,wscale 1,nop,nop,timestamp 2625244633 29334811,sackOK,eol>
21:23:33.634235 IP linux-5r53.17212 > checkip-ams.dyndns.com.http: . ack 1 win 46 <nop,nop,timestamp 29334862 2625244633>
21:23:33.634243 IP linux-5r53.17212 > checkip-ams.dyndns.com.http: P 1:107(106) ack 1 win 46 <nop,nop,timestamp 29334862 2625244633>
21:23:33.843102 IP checkip-ams.dyndns.com.http > linux-5r53.17212: P 1:261(260) ack 107 win 33120 <nop,nop,timestamp 2625244840 29334862>
21:23:33.843130 IP linux-5r53.17212 > checkip-ams.dyndns.com.http: . ack 261 win 54 <nop,nop,timestamp 29334914 2625244840>
21:23:33.843215 IP linux-5r53.17212 > checkip-ams.dyndns.com.http: F 107:107(0) ack 261 win 54 <nop,nop,timestamp 29334914 2625244840>
21:23:33.843574 IP checkip-ams.dyndns.com.http > linux-5r53.17212: F 261:261(0) ack 107 win 33120 <nop,nop,timestamp 2625244840 29334862>
21:23:33.843586 IP linux-5r53.17212 > checkip-ams.dyndns.com.http: . ack 262 win 54 <nop,nop,timestamp 29334915 2625244840>
21:23:34.467249 IP linux-5r53.17212 > checkip-ams.dyndns.com.http: F 107:107(0) ack 262 win 54 <nop,nop,timestamp 29335071 2625244840>
21:23:34.672161 IP checkip-ams.dyndns.com.http > linux-5r53.17212: . ack 108 win 33119 <nop,nop,timestamp 2625245671 29335071>
21:23:34.725529 arp who-has 192.168.1.76 tell dslrouter
21:23:34.725730 IP linux-5r53.20797 > dslrouter.domain: 44981+ PTR? 76.1.168.192.in-addr.arpa. (43)
21:23:34.834892 IP dslrouter.domain > linux-5r53.20797: 44981 NXDomain 0/0/0 (43)
21:23:35.427267 IP linux-5r53.17213 > checkip-ams.dyndns.com.http: S 2148880588:2148880588(0) win 5840 <mss 1460,sackOK,timestamp 29335311 0,nop,wscale 7>
21:23:35.632780 IP checkip-ams.dyndns.com.http > linux-5r53.17213: S 2565973513:2565973513(0) ack 2148880589 win 65535 <mss 1452,nop,wscale 1,nop,nop,timestamp 2625246632 29335311,sackOK,eol>
21:23:35.632798 IP linux-5r53.17213 > checkip-ams.dyndns.com.http: . ack 1 win 46 <nop,nop,timestamp 29335362 2625246632>
21:23:35.632847 IP linux-5r53.17213 > checkip-ams.dyndns.com.http: P 1:107(106) ack 1 win 46 <nop,nop,timestamp 29335362 2625246632>
21:23:35.842052 IP checkip-ams.dyndns.com.http > linux-5r53.17213: P 1:261(260) ack 107 win 33120 <nop,nop,timestamp 2625246840 29335362>
21:23:35.842065 IP linux-5r53.17213 > checkip-ams.dyndns.com.http: . ack 261 win 54 <nop,nop,timestamp 29335414 2625246840>
21:23:35.842153 IP linux-5r53.17213 > checkip-ams.dyndns.com.http: F 107:107(0) ack 261 win 54 <nop,nop,timestamp 29335414 2625246840>
21:23:35.842503 IP checkip-ams.dyndns.com.http > linux-5r53.17213: F 261:261(0) ack 107 win 33120 <nop,nop,timestamp 2625246840 29335362>
21:23:35.842513 IP linux-5r53.17213 > checkip-ams.dyndns.com.http: . ack 262 win 54 <nop,nop,timestamp 29335414 2625246840>
21:23:35.925543 arp who-has 192.168.1.77 tell dslrouter
21:23:35.925710 IP linux-5r53.17320 > dslrouter.domain: 15986+ PTR? 77.1.168.192.in-addr.arpa. (43)
21:23:36.035163 IP dslrouter.domain > linux-5r53.17320: 15986 NXDomain 0/0/0 (43)
21:23:36.427561 IP linux-5r53.17214 > checkip-ams.dyndns.com.http: S 2175557792:2175557792(0) win 5840 <mss 1460,sackOK,timestamp 29335561 0,nop,wscale 7>
21:23:36.467251 IP linux-5r53.17213 > checkip-ams.dyndns.com.http: F 107:107(0) ack 262 win 54 <nop,nop,timestamp 29335571 2625246840>
21:23:36.633798 IP checkip-ams.dyndns.com.http > linux-5r53.17214: S 3801964519:3801964519(0) ack 2175557793 win 65535 <mss 1452,nop,wscale 1,nop,nop,timestamp 2625247632 29335561,sackOK,eol>
21:23:36.633826 IP linux-5r53.17214 > checkip-ams.dyndns.com.http: . ack 1 win 46 <nop,nop,timestamp 29335612 2625247632>
21:23:36.633901 IP linux-5r53.17214 > checkip-ams.dyndns.com.http: P 1:107(106) ack 1 win 46 <nop,nop,timestamp 29335612 2625247632>
21:23:36.671678 IP checkip-ams.dyndns.com.http > linux-5r53.17213: . ack 108 win 33119 <nop,nop,timestamp 2625247671 29335571>
21:23:36.842573 IP checkip-ams.dyndns.com.http > linux-5r53.17214: P 1:261(260) ack 107 win 33120 <nop,nop,timestamp 2625247840 29335612>
21:23:36.842589 IP linux-5r53.17214 > checkip-ams.dyndns.com.http: . ack 261 win 54 <nop,nop,timestamp 29335664 2625247840>
21:23:36.842706 IP linux-5r53.17214 > checkip-ams.dyndns.com.http: F 107:107(0) ack 261 win 54 <nop,nop,timestamp 29335664 2625247840>
21:23:36.843215 IP checkip-ams.dyndns.com.http > linux-5r53.17214: F 261:261(0) ack 107 win 33120 <nop,nop,timestamp 2625247840 29335612>
21:23:36.843225 IP linux-5r53.17214 > checkip-ams.dyndns.com.http: . ack 262 win 54 <nop,nop,timestamp 29335664 2625247840>
21:23:37.467248 IP linux-5r53.17214 > checkip-ams.dyndns.com.http: F 107:107(0) ack 262 win 54 <nop,nop,timestamp 29335821 2625247840>
21:23:37.672504 IP checkip-ams.dyndns.com.http > linux-5r53.17214: . ack 108 win 33119 <nop,nop,timestamp 2625248671 29335821>
21:23:37.931849 arp who-has 192.168.1.78 tell dslrouter
21:23:37.932002 IP linux-5r53.8499 > dslrouter.domain: 27312+ PTR? 78.1.168.192.in-addr.arpa. (43)
21:23:38.041159 IP dslrouter.domain > linux-5r53.8499: 27312 NXDomain 0/0/0 (43)
21:23:38.317636 IP linux-5r53.17662 > dslrouter.domain: 27758+ AAAA? pagead2.googlesyndication.com. (47)
21:23:38.359902 IP dslrouter.domain > linux-5r53.17662: 27758 1/1/0 (125)
21:23:38.359934 IP linux-5r53.20534 > dslrouter.domain: 50407+ A? pagead2.googlesyndication.com. (47)
21:23:38.361613 IP dslrouter.domain > linux-5r53.20534: 50407 5/0/0|domain]
21:23:38.361639 IP linux-5r53.23308 > dslrouter.domain: 3887+ A? pagead2.googlesyndication.com. (47)
21:23:38.363387 IP dslrouter.domain > linux-5r53.23308: 3887 5/0/0|domain]
21:23:38.363450 IP linux-5r53.23140 > dslrouter.domain: 10757+ AAAA? activewin.us.intellitxt.com. (45)
21:23:38.406188 IP dslrouter.domain > linux-5r53.23140: 10757 1/1/0 (143)
21:23:38.406222 IP linux-5r53.smart-diagnose > dslrouter.domain: 55275+ A? activewin.us.intellitxt.com. (45)
21:23:38.407853 IP dslrouter.domain > linux-5r53.smart-diagnose: 55275 2/0/0|domain]
21:23:38.407880 IP linux-5r53.6762 > dslrouter.domain: 60023+ A? activewin.us.intellitxt.com. (45)
21:23:38.409506 IP dslrouter.domain > linux-5r53.6762: 60023 2/0/0|domain]
21:23:38.409570 IP linux-5r53.20594 > dslrouter.domain: 14099+ AAAA? safebrowsing.clients.google.com. (49)
21:23:38.427732 IP linux-5r53.17215 > checkip-ams.dyndns.com.http: S 2208638967:2208638967(0) win 5840 <mss 1460,sackOK,timestamp 29336061 0,nop,wscale 7>
21:23:38.452262 IP dslrouter.domain > linux-5r53.20594: 14099 1/1/0 (121)
21:23:38.452321 IP linux-5r53.19469 > dslrouter.domain: 15994+ A? safebrowsing.clients.google.com. (49)
21:23:38.495085 IP dslrouter.domain > linux-5r53.19469: 15994 5/0/0|domain]
21:23:38.495114 IP linux-5r53.12516 > dslrouter.domain: 8008+ A? safebrowsing.clients.google.com. (49)
21:23:38.496754 IP dslrouter.domain > linux-5r53.12516: 8008 5/0/0|domain]
21:23:38.633616 IP checkip-ams.dyndns.com.http > linux-5r53.17215: S 3229942652:3229942652(0) ack 2208638968 win 65535 <mss 1452,nop,wscale 1,nop,nop,timestamp 2625249632 29336061,sackOK,eol>
21:23:38.633634 IP linux-5r53.17215 > checkip-ams.dyndns.com.http: . ack 1 win 46 <nop,nop,timestamp 29336112 2625249632>
21:23:38.633663 IP linux-5r53.17215 > checkip-ams.dyndns.com.http: P 1:107(106) ack 1 win 46 <nop,nop,timestamp 29336112 2625249632>
21:23:38.842890 IP checkip-ams.dyndns.com.http > linux-5r53.17215: P 1:261(260) ack 107 win 33120 <nop,nop,timestamp 2625249841 29336112>
21:23:38.842904 IP linux-5r53.17215 > checkip-ams.dyndns.com.http: . ack 261 win 54 <nop,nop,timestamp 29336164 2625249841>
21:23:38.842974 IP linux-5r53.17215 > checkip-ams.dyndns.com.http: F 107:107(0) ack 261 win 54 <nop,nop,timestamp 29336164 2625249841>
21:23:38.843660 IP checkip-ams.dyndns.com.http > linux-5r53.17215: F 261:261(0) ack 107 win 33120 <nop,nop,timestamp 2625249841 29336112>
21:23:38.843671 IP linux-5r53.17215 > checkip-ams.dyndns.com.http: . ack 262 win 54 <nop,nop,timestamp 29336165 2625249841>
21:23:39.467248 IP linux-5r53.17215 > checkip-ams.dyndns.com.http: F 107:107(0) ack 262 win 54 <nop,nop,timestamp 29336321 2625249841>
21:23:39.672055 IP checkip-ams.dyndns.com.http > linux-5r53.17215: . ack 108 win 33119 <nop,nop,timestamp 2625250671 29336321>
21:23:39.931918 arp who-has 192.168.1.79 tell dslrouter
21:23:39.932071 IP linux-5r53.5496 > dslrouter.domain: 61551+ PTR? 79.1.168.192.in-addr.arpa. (43)
21:23:40.041424 IP dslrouter.domain > linux-5r53.5496: 61551 NXDomain 0/0/0 (43)
21:23:40.427273 IP linux-5r53.17216 > checkip-ams.dyndns.com.http: S 2226317328:2226317328(0) win 5840 <mss 1460,sackOK,timestamp 29336561 0,nop,wscale 7>
21:23:40.633042 IP checkip-ams.dyndns.com.http > linux-5r53.17216: S 3219465119:3219465119(0) ack 2226317329 win 65535 <mss 1452,nop,wscale 1,nop,nop,timestamp 2625251632 29336561,sackOK,eol>
21:23:40.633062 IP linux-5r53.17216 > checkip-ams.dyndns.com.http: . ack 1 win 46 <nop,nop,timestamp 29336612 2625251632>
21:23:40.633117 IP linux-5r53.17216 > checkip-ams.dyndns.com.http: P 1:107(106) ack 1 win 46 <nop,nop,timestamp 29336612 2625251632>
21:23:40.842171 IP checkip-ams.dyndns.com.http > linux-5r53.17216: P 1:261(260) ack 107 win 33120 <nop,nop,timestamp 2625251839 29336612>
21:23:40.842189 IP linux-5r53.17216 > checkip-ams.dyndns.com.http: . ack 261 win 54 <nop,nop,timestamp 29336664 2625251839>
21:23:40.842283 IP linux-5r53.17216 > checkip-ams.dyndns.com.http: F 107:107(0) ack 261 win 54 <nop,nop,timestamp 29336664 2625251839>
21:23:40.842725 IP checkip-ams.dyndns.com.http > linux-5r53.17216: F 261:261(0) ack 107 win 33120 <nop,nop,timestamp 2625251839 29336612>
21:23:40.842735 IP linux-5r53.17216 > checkip-ams.dyndns.com.http: . ack 262 win 54 <nop,nop,timestamp 29336664 2625251839>
^C
82 packets captured
82 packets received by filter
0 packets dropped by kernel
linux-5r53:/tmp #

As for the other suggestions, I got:

linux-5r53:/tmp # ssh -l [skip] -p 4911 dadsputer.homeip.net tld
ssh: connect to host dadsputer.homeip.net port 4911: Connection refused
linux-5r53:/tmp # netcat -zv dadsputer.homeip.net 4911
DNS fwd/rev mismatch: dadsputer.homeip.net != pool-71-243-205-99.lax.dsl-w.verizon.net
dadsputer.homeip.net [71.243.205.99] 4911 (?) : Connection refused
linux-5r53:/tmp # ssh -v skip@dadsputer.homeip.net
OpenSSH_5.0p1, OpenSSL 0.9.8g 19 Oct 2007
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to dadsputer.homeip.net [71.243.205.99] port 4911.
debug1: connect to address 71.243.205.99 port 4911: Connection refused
ssh: connect to host dadsputer.homeip.net port 4911: Connection refused
linux-5r53:/tmp #
#5

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Your router/modem/whatever isn’t letting port 4911 through to a valid host
on the internal network, or if it is sending it to a valid host it’s not
sending it to a valid port. Either way that seems to be your breakdown.

Good luck.

bruce32466 wrote:
> Thanks for the quick response!
>
> I used tcpdump on the server while trying to log in from the client.
> hope this helps.
>
> Code:
> --------------------
> linux-5r53:/tmp # tcpdump -i eth0
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
> 21:23:33.634073 IP checkip-ams.dyndns.com.http > linux-5r53.17212: S 3314817264:3314817264(0) ack 2129004658 win 65535 <mss 1452,nop,wscale 1,nop,nop,timestamp 2625244633 29334811,sackOK,eol>
> 21:23:33.634235 IP linux-5r53.17212 > checkip-ams.dyndns.com.http: . ack 1 win 46 <nop,nop,timestamp 29334862 2625244633>
> 21:23:33.634243 IP linux-5r53.17212 > checkip-ams.dyndns.com.http: P 1:107(106) ack 1 win 46 <nop,nop,timestamp 29334862 2625244633>
> 21:23:33.843102 IP checkip-ams.dyndns.com.http > linux-5r53.17212: P 1:261(260) ack 107 win 33120 <nop,nop,timestamp 2625244840 29334862>
> 21:23:33.843130 IP linux-5r53.17212 > checkip-ams.dyndns.com.http: . ack 261 win 54 <nop,nop,timestamp 29334914 2625244840>
> 21:23:33.843215 IP linux-5r53.17212 > checkip-ams.dyndns.com.http: F 107:107(0) ack 261 win 54 <nop,nop,timestamp 29334914 2625244840>
> 21:23:33.843574 IP checkip-ams.dyndns.com.http > linux-5r53.17212: F 261:261(0) ack 107 win 33120 <nop,nop,timestamp 2625244840 29334862>
> 21:23:33.843586 IP linux-5r53.17212 > checkip-ams.dyndns.com.http: . ack 262 win 54 <nop,nop,timestamp 29334915 2625244840>
> 21:23:34.467249 IP linux-5r53.17212 > checkip-ams.dyndns.com.http: F 107:107(0) ack 262 win 54 <nop,nop,timestamp 29335071 2625244840>
> 21:23:34.672161 IP checkip-ams.dyndns.com.http > linux-5r53.17212: . ack 108 win 33119 <nop,nop,timestamp 2625245671 29335071>
> 21:23:34.725529 arp who-has 192.168.1.76 tell dslrouter
> 21:23:34.725730 IP linux-5r53.20797 > dslrouter.domain: 44981+ PTR? 76.1.168.192.in-addr.arpa. (43)
> 21:23:34.834892 IP dslrouter.domain > linux-5r53.20797: 44981 NXDomain 0/0/0 (43)
> 21:23:35.427267 IP linux-5r53.17213 > checkip-ams.dyndns.com.http: S 2148880588:2148880588(0) win 5840 <mss 1460,sackOK,timestamp 29335311 0,nop,wscale 7>
> 21:23:35.632780 IP checkip-ams.dyndns.com.http > linux-5r53.17213: S 2565973513:2565973513(0) ack 2148880589 win 65535 <mss 1452,nop,wscale 1,nop,nop,timestamp 2625246632 29335311,sackOK,eol>
> 21:23:35.632798 IP linux-5r53.17213 > checkip-ams.dyndns.com.http: . ack 1 win 46 <nop,nop,timestamp 29335362 2625246632>
> 21:23:35.632847 IP linux-5r53.17213 > checkip-ams.dyndns.com.http: P 1:107(106) ack 1 win 46 <nop,nop,timestamp 29335362 2625246632>
> 21:23:35.842052 IP checkip-ams.dyndns.com.http > linux-5r53.17213: P 1:261(260) ack 107 win 33120 <nop,nop,timestamp 2625246840 29335362>
> 21:23:35.842065 IP linux-5r53.17213 > checkip-ams.dyndns.com.http: . ack 261 win 54 <nop,nop,timestamp 29335414 2625246840>
> 21:23:35.842153 IP linux-5r53.17213 > checkip-ams.dyndns.com.http: F 107:107(0) ack 261 win 54 <nop,nop,timestamp 29335414 2625246840>
> 21:23:35.842503 IP checkip-ams.dyndns.com.http > linux-5r53.17213: F 261:261(0) ack 107 win 33120 <nop,nop,timestamp 2625246840 29335362>
> 21:23:35.842513 IP linux-5r53.17213 > checkip-ams.dyndns.com.http: . ack 262 win 54 <nop,nop,timestamp 29335414 2625246840>
> 21:23:35.925543 arp who-has 192.168.1.77 tell dslrouter
> 21:23:35.925710 IP linux-5r53.17320 > dslrouter.domain: 15986+ PTR? 77.1.168.192.in-addr.arpa. (43)
> 21:23:36.035163 IP dslrouter.domain > linux-5r53.17320: 15986 NXDomain 0/0/0 (43)
> 21:23:36.427561 IP linux-5r53.17214 > checkip-ams.dyndns.com.http: S 2175557792:2175557792(0) win 5840 <mss 1460,sackOK,timestamp 29335561 0,nop,wscale 7>
> 21:23:36.467251 IP linux-5r53.17213 > checkip-ams.dyndns.com.http: F 107:107(0) ack 262 win 54 <nop,nop,timestamp 29335571 2625246840>
> 21:23:36.633798 IP checkip-ams.dyndns.com.http > linux-5r53.17214: S 3801964519:3801964519(0) ack 2175557793 win 65535 <mss 1452,nop,wscale 1,nop,nop,timestamp 2625247632 29335561,sackOK,eol>
> 21:23:36.633826 IP linux-5r53.17214 > checkip-ams.dyndns.com.http: . ack 1 win 46 <nop,nop,timestamp 29335612 2625247632>
> 21:23:36.633901 IP linux-5r53.17214 > checkip-ams.dyndns.com.http: P 1:107(106) ack 1 win 46 <nop,nop,timestamp 29335612 2625247632>
> 21:23:36.671678 IP checkip-ams.dyndns.com.http > linux-5r53.17213: . ack 108 win 33119 <nop,nop,timestamp 2625247671 29335571>
> 21:23:36.842573 IP checkip-ams.dyndns.com.http > linux-5r53.17214: P 1:261(260) ack 107 win 33120 <nop,nop,timestamp 2625247840 29335612>
> 21:23:36.842589 IP linux-5r53.17214 > checkip-ams.dyndns.com.http: . ack 261 win 54 <nop,nop,timestamp 29335664 2625247840>
> 21:23:36.842706 IP linux-5r53.17214 > checkip-ams.dyndns.com.http: F 107:107(0) ack 261 win 54 <nop,nop,timestamp 29335664 2625247840>
> 21:23:36.843215 IP checkip-ams.dyndns.com.http > linux-5r53.17214: F 261:261(0) ack 107 win 33120 <nop,nop,timestamp 2625247840 29335612>
> 21:23:36.843225 IP linux-5r53.17214 > checkip-ams.dyndns.com.http: . ack 262 win 54 <nop,nop,timestamp 29335664 2625247840>
> 21:23:37.467248 IP linux-5r53.17214 > checkip-ams.dyndns.com.http: F 107:107(0) ack 262 win 54 <nop,nop,timestamp 29335821 2625247840>
> 21:23:37.672504 IP checkip-ams.dyndns.com.http > linux-5r53.17214: . ack 108 win 33119 <nop,nop,timestamp 2625248671 29335821>
> 21:23:37.931849 arp who-has 192.168.1.78 tell dslrouter
> 21:23:37.932002 IP linux-5r53.8499 > dslrouter.domain: 27312+ PTR? 78.1.168.192.in-addr.arpa. (43)
> 21:23:38.041159 IP dslrouter.domain > linux-5r53.8499: 27312 NXDomain 0/0/0 (43)
> 21:23:38.317636 IP linux-5r53.17662 > dslrouter.domain: 27758+ AAAA? pagead2.googlesyndication.com. (47)
> 21:23:38.359902 IP dslrouter.domain > linux-5r53.17662: 27758 1/1/0 (125)
> 21:23:38.359934 IP linux-5r53.20534 > dslrouter.domain: 50407+ A? pagead2.googlesyndication.com. (47)
> 21:23:38.361613 IP dslrouter.domain > linux-5r53.20534: 50407 5/0/0|domain]
> 21:23:38.361639 IP linux-5r53.23308 > dslrouter.domain: 3887+ A? pagead2.googlesyndication.com. (47)
> 21:23:38.363387 IP dslrouter.domain > linux-5r53.23308: 3887 5/0/0|domain]
> 21:23:38.363450 IP linux-5r53.23140 > dslrouter.domain: 10757+ AAAA? activewin.us.intellitxt.com. (45)
> 21:23:38.406188 IP dslrouter.domain > linux-5r53.23140: 10757 1/1/0 (143)
> 21:23:38.406222 IP linux-5r53.smart-diagnose > dslrouter.domain: 55275+ A? activewin.us.intellitxt.com. (45)
> 21:23:38.407853 IP dslrouter.domain > linux-5r53.smart-diagnose: 55275 2/0/0|domain]
> 21:23:38.407880 IP linux-5r53.6762 > dslrouter.domain: 60023+ A? activewin.us.intellitxt.com. (45)
> 21:23:38.409506 IP dslrouter.domain > linux-5r53.6762: 60023 2/0/0|domain]
> 21:23:38.409570 IP linux-5r53.20594 > dslrouter.domain: 14099+ AAAA? safebrowsing.clients.google.com. (49)
> 21:23:38.427732 IP linux-5r53.17215 > checkip-ams.dyndns.com.http: S 2208638967:2208638967(0) win 5840 <mss 1460,sackOK,timestamp 29336061 0,nop,wscale 7>
> 21:23:38.452262 IP dslrouter.domain > linux-5r53.20594: 14099 1/1/0 (121)
> 21:23:38.452321 IP linux-5r53.19469 > dslrouter.domain: 15994+ A? safebrowsing.clients.google.com. (49)
> 21:23:38.495085 IP dslrouter.domain > linux-5r53.19469: 15994 5/0/0|domain]
> 21:23:38.495114 IP linux-5r53.12516 > dslrouter.domain: 8008+ A? safebrowsing.clients.google.com. (49)
> 21:23:38.496754 IP dslrouter.domain > linux-5r53.12516: 8008 5/0/0|domain]
> 21:23:38.633616 IP checkip-ams.dyndns.com.http > linux-5r53.17215: S 3229942652:3229942652(0) ack 2208638968 win 65535 <mss 1452,nop,wscale 1,nop,nop,timestamp 2625249632 29336061,sackOK,eol>
> 21:23:38.633634 IP linux-5r53.17215 > checkip-ams.dyndns.com.http: . ack 1 win 46 <nop,nop,timestamp 29336112 2625249632>
> 21:23:38.633663 IP linux-5r53.17215 > checkip-ams.dyndns.com.http: P 1:107(106) ack 1 win 46 <nop,nop,timestamp 29336112 2625249632>
> 21:23:38.842890 IP checkip-ams.dyndns.com.http > linux-5r53.17215: P 1:261(260) ack 107 win 33120 <nop,nop,timestamp 2625249841 29336112>
> 21:23:38.842904 IP linux-5r53.17215 > checkip-ams.dyndns.com.http: . ack 261 win 54 <nop,nop,timestamp 29336164 2625249841>
> 21:23:38.842974 IP linux-5r53.17215 > checkip-ams.dyndns.com.http: F 107:107(0) ack 261 win 54 <nop,nop,timestamp 29336164 2625249841>
> 21:23:38.843660 IP checkip-ams.dyndns.com.http > linux-5r53.17215: F 261:261(0) ack 107 win 33120 <nop,nop,timestamp 2625249841 29336112>
> 21:23:38.843671 IP linux-5r53.17215 > checkip-ams.dyndns.com.http: . ack 262 win 54 <nop,nop,timestamp 29336165 2625249841>
> 21:23:39.467248 IP linux-5r53.17215 > checkip-ams.dyndns.com.http: F 107:107(0) ack 262 win 54 <nop,nop,timestamp 29336321 2625249841>
> 21:23:39.672055 IP checkip-ams.dyndns.com.http > linux-5r53.17215: . ack 108 win 33119 <nop,nop,timestamp 2625250671 29336321>
> 21:23:39.931918 arp who-has 192.168.1.79 tell dslrouter
> 21:23:39.932071 IP linux-5r53.5496 > dslrouter.domain: 61551+ PTR? 79.1.168.192.in-addr.arpa. (43)
> 21:23:40.041424 IP dslrouter.domain > linux-5r53.5496: 61551 NXDomain 0/0/0 (43)
> 21:23:40.427273 IP linux-5r53.17216 > checkip-ams.dyndns.com.http: S 2226317328:2226317328(0) win 5840 <mss 1460,sackOK,timestamp 29336561 0,nop,wscale 7>
> 21:23:40.633042 IP checkip-ams.dyndns.com.http > linux-5r53.17216: S 3219465119:3219465119(0) ack 2226317329 win 65535 <mss 1452,nop,wscale 1,nop,nop,timestamp 2625251632 29336561,sackOK,eol>
> 21:23:40.633062 IP linux-5r53.17216 > checkip-ams.dyndns.com.http: . ack 1 win 46 <nop,nop,timestamp 29336612 2625251632>
> 21:23:40.633117 IP linux-5r53.17216 > checkip-ams.dyndns.com.http: P 1:107(106) ack 1 win 46 <nop,nop,timestamp 29336612 2625251632>
> 21:23:40.842171 IP checkip-ams.dyndns.com.http > linux-5r53.17216: P 1:261(260) ack 107 win 33120 <nop,nop,timestamp 2625251839 29336612>
> 21:23:40.842189 IP linux-5r53.17216 > checkip-ams.dyndns.com.http: . ack 261 win 54 <nop,nop,timestamp 29336664 2625251839>
> 21:23:40.842283 IP linux-5r53.17216 > checkip-ams.dyndns.com.http: F 107:107(0) ack 261 win 54 <nop,nop,timestamp 29336664 2625251839>
> 21:23:40.842725 IP checkip-ams.dyndns.com.http > linux-5r53.17216: F 261:261(0) ack 107 win 33120 <nop,nop,timestamp 2625251839 29336612>
> 21:23:40.842735 IP linux-5r53.17216 > checkip-ams.dyndns.com.http: . ack 262 win 54 <nop,nop,timestamp 29336664 2625251839>
> ^C
> 82 packets captured
> 82 packets received by filter
> 0 packets dropped by kernel
> linux-5r53:/tmp #
>
> --------------------
>
> As for the other suggestions, I got:
>
> Code:
> --------------------
> linux-5r53:/tmp # ssh -l [skip] -p 4911 dadsputer.homeip.net tld
> ssh: connect to host dadsputer.homeip.net port 4911: Connection refused
> linux-5r53:/tmp # netcat -zv dadsputer.homeip.net 4911
> DNS fwd/rev mismatch: dadsputer.homeip.net != pool-71-243-205-99.lax.dsl-w.verizon.net
> dadsputer.homeip.net [71.243.205.99] 4911 (?) : Connection refused
> linux-5r53:/tmp # ssh -v skip@dadsputer.homeip.net
> OpenSSH_5.0p1, OpenSSL 0.9.8g 19 Oct 2007
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: Applying options for *
> debug1: Connecting to dadsputer.homeip.net [71.243.205.99] port 4911.
> debug1: connect to address 71.243.205.99 port 4911: Connection refused
> ssh: connect to host dadsputer.homeip.net port 4911: Connection refused
> linux-5r53:/tmp #
>
> --------------------
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIcBAEBAgAGBQJJtJ5sAAoJEF+XTK08PnB5EKQP/3uqtiqRFiMQVJwV763QEFl5
6flZ3T4RSP1q9kUrDtxwq3wEBcPr0KzT0EsX3IQFNtBcTO/ro+vJai6pEQxIUepg
WhbEabZTbzeCA0O5wM/gEGuyu4AiO8R1VNmr+jzgwYMfQWSSfnM9m01r+9Hj6m/w
zk0QZfjuOMZ2+0VzibKnesFOEgQNKzejZt7DGMLE3QPj/HBKqQGD/NmvEEUa5ruT
VarJf6eh9LfJi89jfa8v1EM/9KZEAANwshNqesEVeLNe4oRplgJru3F1b4xZb+JA
qUwFlFxcMVrAlHDRdZqWaKQdVf/zrZb/PoMm73C1j7ByN/ScGE96ww7I9klubbMH
9Hdadg0GlDgzUFK/dkNTVLnCcqIVSLkHo+64UdgxVyHh2PGTsyNOwC2dDy+9+97S
5Yc3yxx+rk2JgqDS90rMz+7pz29R3fAFKhytY9+DyUpKgl7sl+44e5H60OgSHZzT
/TgcmQPm8kITpR1XYO5Tjwehqj4joHU+lXQ+EuXBZreXosyQ23iD/VS+7vmtVE9K
LJxLzKrxyM4j1wjCia8PSITsUB1qTnvP3c8v9PM9mgdSM8g/SM5QgGnUFZyIG90M
j2Yp5GGtSH2cmU2bSocyJDZbDS+1HZyOVR+3FrbIlwY6A2NxiIfjm/iv+Ozfegko
+jiJ9QlK31PXichvcQKR
=w5wU
-----END PGP SIGNATURE-----

#6

OK! I can telnet from computer A to computer B on port 22 and get a connection but still nothing for ssh. Portscans with Network Tools shows port 22 is open on both computers and I’m still stumped.

#7

On my home LAN, in order to access a PC on that home LAN from outside of the LAN, I found I had to map a specific port on my router (connected to the internet) to each PC in which I wanted ssh access.

So for example, I have PC-#1, PC-#2, and PC-#3 on my home LAN. I want to be able to access all 3 on different occasions. So on my router, I mapped port 42101 to PC-#1’s port #22, and I mapped port 42102 to PC-#2’s port#22, and I mapped port 42103 to PC-#3’s port #22.

Then from outside the LAN (some where on the internet) to access the PC#1 on my LAN, where my ip-address is “oldcpu-lan” I type:
ssh -X oldcpu@oldcpu-lan -p 42101
(or something like that).

I can not tell from your posts if you are doing that sort of mapping, but if you have multiple PCs on your LAN , you need to give the router some sort of guidance as to how it can find individual PCs on the LAN.

#8

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Explicitly use port 22 in SSH then:

ssh -v -p 22 user@yourmachine

Good luck.

bruce32466 wrote:
> OK! I can telnet from computer A to computer B on port 22 and get a
> connection but still nothing for ssh. Portscans with Network Tools shows
> port 22 is open on both computers and I’m still stumped.
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIcBAEBAgAGBQJJtZJdAAoJEF+XTK08PnB5fL0P/2mfgi1RVCnWtQoqbvmK5OjT
ON0tovoT7EFj4uTTpY+6VfMpLc4Z11STpPDWVQid4z/vz3bMf4jpekjwj4r+GDe9
bvYskf8+HFg628qqr1kSXPMfhKK6lxUhSjVhnQOfWzhSBqKsPan2PRLUrcWu+XEw
dd5WfemBvO43mcm6pBf+zZI0sU0MwFXP6VbCo+lhANPuwRVCHTfhmFB6IyUxqchq
nRFzZQf+4kA+27cdJR2uuVIBAXlFUQ7CauM9qKJpdTMG/97QfY+Qk1TI/2nQOqUQ
1DLEljkrHOBCaVEVyDDDBi1J/l1eFz99shI4PKEuOmr+qqOx3sj3Y81NybWZtniA
7dOnplcQVgdP3XfRjfuD2EA0jFWMvh0wdpuVLLb6c38DR85x8Phw3lomXc82r8j/
PtgG+Fq+GKPgRh38lyBYb46Nga+oaIm8oSfoT5v2Qe5VmMMSYkEfXcDCEFifMjn5
bh1iBbQZ5xVhjf/VRXk1a1FbuNLtL8OE1F/fH4zZMZjEYNI8eob7EVu+kIFtc7FR
PGeDcAcRYn1snR2GmebnVXjJQBEpD1yUnx/gc6gta46AUxkHFQajmC62bR94aiEy
H6DmndFfWdARCFMNBdAT/OHw8ulB6fcDHIFJtoaTW22ZUjlr6dB/Z+hetO2/8hMW
r3GrMdjfE/7w8IU2KXEa
=U2i1
-----END PGP SIGNATURE-----

#9

I finally got it! I was using portfoward, which didn’t work, so I tried setting up port trigger (a higher global port # to the local port of 22)SUCCESS!

Thanks for all the responses.
Bruce.

#10

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Good to hear. Thank-you for posting back your solution.

Good luck.

bruce32466 wrote:
> I finally got it! I was using portfoward, which didn’t work, so I tried
> setting up port trigger (a higher global port # to the local port of
> 22)SUCCESS!
>
> Thanks for all the responses.
> Bruce.
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIcBAEBAgAGBQJJtZpCAAoJEF+XTK08PnB5pGwQAIiobDiXFOhvJE/nR6onUOTu
CzQyg8cGSXHdFzcjIQmvdsJXSs5a55iTr9DPbjk/JFCDYMfihRyxto7Bu+YUGEzH
9PsZAfqFPyYYoPl/gVi0Kc4WCRhvDYWnRXrab6HF9nkpa8L6INo9SuIZWZ1fr1Tp
ySTDFuBxN/cUy9DcHX22WQRMCl9Jafl6rDik4uZpNwc+s4DRHkB4VUF2gRJKr1cM
4WWvZwqeWmTnhmkicG8b3Am792gQY66QgCfNkbGhgTMgxXkp7l42saqWLsenRAhv
RxrDJIkVtgECghTSN8MuIPwNacrkBwAHH9Tepc4uGcv9Qc0Er2MbPVdHS3jaXTrA
ua9dy+eQmy2GbZw810+wk8wALGksnljxQGXRwFSkMvCmIwDDP4seUNqgNNB8KZ35
iBh1kh7iGQ7GJCypmcS1zJvEB1pSvrR8r9a/v5NWw8BRZHL280E5pf3ObicWFGTS
nlim0i+UJ3bhPj2jx7bzlo3cOyOrkto7yq9TiAF4/jgV+c+YM+OYxWQHMzKFj4pb
Zxb/OgRC47TgjzWIaBERlY9aWHa5vmxlh/Rt53DN2SItV/OFmliJBS5XhJ7MIFOw
doVC9ZvGh0BeH0UQs6SFfwbyuOBTUhd4XwueGRUwTqdJcLuW4SZrKNali7p6HMx+
CnZFOEu8lQWcfICXkMxa
=gPIi
-----END PGP SIGNATURE-----

#11

That’s what I was trying to suggest, and didn’t do a very good job of it. When you said you had more than one machine, I guessed that you’d need to port forward specifically to one of them.

Glad to hear you got it working.