Port Forwarding SSH on 22 using DNS-O-MATIC

Comments

5 comments

  • Avatar
    rotblitz

    "INADYN: Alias 'techie2.no-ip.net' to IP '192.168.1.66' updated successfully."

    Clearly, this 192.168.1.66 is in the private (RFC-1918) IP address range, not routable over the public internet, but for internal LAN use only.  Your (currently not existing) hostname techie2.no-ip.net must point to your public IP address.

    That said, you must configure your Inadyn update client in DD-WRT to obtain the IP address information from somewhere else, e.g. from http://myip.dnsomatic.com/

    Inadyn option:  --ip_server_name myip.dnsomatic.com:80/  as start parameter or in inadyn.conf.

    Alternatively, configure the DDNS update client on your ISP (internet) facing device (modem) which holds your public IP address, or use a software update client for DNS-O-Matic, e.g. http://updater.marc-hoersken.de/

  • Avatar
    raj_i.t

    Thanks rotblitz! I got the first part to work

    [CODE]

    root@DD_WRT:/tmp/ddns# cat ddns.log
    Thu Oct 31 15:39:45 2013: INADYN: Started 'INADYN Advanced version 1.96-ADV' - dynamic DNS updater.
    Thu Oct 31 15:39:45 2013: INADYN: IP read from cache file is '192.168.1.66'. No update required.
    Thu Oct 31 15:39:45 2013: I:INADYN: IP address for alias 'techie2.no-ip.net' needs update to '103.x.x.57'
    Thu Oct 31 15:39:45 2013: I:INADYN: Alias 'techie2.no-ip.net' to IP '103.x.x.57' updated successfully.

    [/CODE]

    The problem with configuring ddns on the modem/router is that it does not have an option to use dns-o-matic or anything but only dyndns.org. I could not find a config file in the firmware where i can update it to use opendns.

    Are there any alternatives to use a software update client? the link for http://updater.marc-hoersken.de/ does not open up..

     

     

     

  • Avatar
    rotblitz

    " I got the first part to work"

    I thought it was the whole thing.  What is still open?  Well, the hostname techie2.no-ip.net still does not exist in DNS.

    "The problem with configuring ddns on the modem/router...  Are there any alternatives to use a software update client?"

    No need for any of those, you got it working with DD-WRT's Inadyn.

    "the link for http://updater.marc-hoersken.de/ does not open up.."

    Yes, the site seems to be temporarily down.

  • Avatar
    raj_i.t

    i'm using 'techie2.no-ip.net' as a fake hostname to describe my issue. my real host name is being updated with the correct public IP assigned by my ISP. I see this correct assignment both in the ddns.log (frequent updates) on my DD-WRT and when i do an nslookup on my hostname from over the internet. that being said.. i still get a time-out with no explanation when i do an 'ssh -l tom23 techie2.no-ip.net -p 22' so something is still not right.

    my suspicion is that something still needs to be opened/configured on my non DD-WRT router/adsl on 192.168.1.64 (WAN IP: 192.168.1.66 is behind a router/adsl on IP: 192.168.1.64 with port forwarding enabled)

    When I check the below on 192.168.164, i do not see ssh open on port 22

    [CODE]

    # iptables -t nat -vnL PREROUTING
    Chain PREROUTING (policy ACCEPT 8003 packets, 502K bytes)
     pkts bytes target     prot opt in     out     source               destination         
        0     0 DNAT       udp  --  group1 *       0.0.0.0/0            0.0.0.0/0           udp dpt:53 dnshj to:192.168.1.64
     8468  634K PRE_CNAPT  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
     8467  634K PT_NAT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
     1540  101K DNS_RELAY  udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:53
     8467  634K INBOUND_NAT  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
     8467  634K PRE_VPN    all  --  *      *       0.0.0.0/0            0.0.0.0/0           
     8467  634K REMOTE_NAT  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
     8467  634K LOCAL_SERVICE_NAT  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
     8467  634K USB_NAT    all  --  *      *       0.0.0.0/0            0.0.0.0/0           
     8467  634K INBOUND_NAT  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
     8467  634K IM_DETECT_NAT  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
     8467  634K MINIUPNPD_W  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
     8467  634K DMZ_NAT    all  --  *      *       0.0.0.0/0            0.0.0.0/0           
     2066  239K CUDP_NAT   udp  --  *      *       0.0.0.0/0            0.0.0.0/0           
     8467  634K PRE_IGMP   all  --  *      *       0.0.0.0/0            0.0.0.0/0 

    [/CODE]

    [CODE]

    tom23@max7:~$ sudo nmap -sT -sU -p 22 192.168.1.64
    [sudo] password for max7:

    Starting Nmap 6.40 ( http://nmap.org ) at 2013-11-04 07:25 EST
    Nmap scan report for 192.168.1.64
    Host is up (0.00080s latency).
    PORT   STATE  SERVICE
    22/tcp closed ssh
    22/udp closed ssh

    Nmap done: 1 IP address (1 host up) scanned in 0.23 seconds

    [/CODE]

    i ran the below commands on 192.168.1.64 but they do not save after a reboot. how can i save them on my non DD-WRT adsl/router?

    [CODE]

    # Allow established connections, and those not coming from the outside
    iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    iptables -A INPUT -m state --state NEW ! -i eth0 -j ACCEPT
    iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT

    # Allow outgoing connections from the LAN side.
    iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT

    # Masquerade.
    iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

    iptables -A FORWARD -i eth0 -o eth1 -p tcp --dport 22 -j ACCEPT
    iptables -A PREROUTING -t nat -p tcp -i eth0 --dport 22 -j DNAT --to 192.168.1.64:22

    # Don't forward from the outside to the inside.
    iptables -A FORWARD -i eth1 -o eth1 -j REJECT

    [/CODE]

     

     

     

     

     

  • Avatar
    rotblitz

    "i'm using 'techie2.no-ip.net' as a fake hostname to describe my issue."

    Not a clever idea if not explicitly mentioning it....  Fakes are always bad.

    "my real host name is being updated with the correct public IP assigned by my ISP. I see this correct assignment both in the ddns.log (frequent updates) on my DD-WRT and when i do an nslookup on my hostname from over the internet."

    Fine, then your DNS related and DNS-O-Matic related issues are solved.  The rest is unrelated to the topics of this forum.

    "i still get a time-out with no explanation when i do an 'ssh -l tom23 techie2.no-ip.net -p 22' so something is still not right.

    my suspicion is that something still needs to be opened/configured on my non DD-WRT router/adsl on 192.168.1.64 (WAN IP: 192.168.1.66 is behind a router/adsl on IP: 192.168.1.64 with port forwarding enabled)"

    Yes, it seems to be a port forwarding problem, or port 22 is blocked inbound by your ISP.  If the latter, you must use another port.

    If it is the port forwarding, and you have two routers (NAT devices) where the outer one doesn't work in bridged mode, then you must forward port 22 from the outer router to the WAN facing IP address of the inner router, and on the inner router to the internal IP address of your SSH service.  Alternatively switch the outer router to bridged mode, so that the inner router gets your public IP address.

Please sign in to leave a comment.