Cannot access 2011 via ssh [SOLVED]

vereto · June 29, 2016, 12:00am

I moved the router over to 192.168.1.1 and I cannot seem to access the console via ssh. I feel like this is probably a silly problem but I cannot find any settings regarding this access.

Anyone have any thoughts?

Thank you!

EDIT: I was missing my input firewall rule for local network accessing the router… face palm
Thank you all for the help.

hgonzale · June 29, 2016, 4:47pm

Had you allowed the port 22 in the firewall, just before the ALL DROP rules?

vereto · June 29, 2016, 7:18pm

No. How should that be set?

I did try to disable the ALL DROP entry and still no go. I am trying to connect from within the firewall.

Thanks.

hgonzale · June 29, 2016, 8:34pm

ACEEPT port 22 TCP in the interface desired and put the rule before the DROPS/REJECTS

Also, in IP, SERVICES enable SSH service

vereto · June 29, 2016, 8:53pm

Ok, in IP>Services, ssh is enabled (and was enabled)

I have added my rule in firewall like so:
http://i.imgur.com/e7QYnw7.png

I reordered the accepts to move before the DROPS but it still does not work.

hgonzale · June 29, 2016, 9:03pm

did you try a nmap/port scan to the router?

Do you have a outgoing firewall in the pc?

Had you tried other computer?

vereto · June 29, 2016, 9:14pm

I have tried accessing it via different hosts.
I have disabled firewalls on these hosts.
nmap output:
Starting Nmap 5.51 ( http://nmap.org ) at 2016-06-29 16:15 CDT
Nmap scan report for router (192.168.1.1)
Host is up (0.00028s latency).
PORT STATE SERVICE
22/tcp filtered ssh
MAC Address: 6C:3B:6B:0B:C8:16 (Unknown)

Nmap done: 1 IP address (1 host up) scanned in 0.25 seconds

Does not give me much to go on. Looking into more options to use with nmap - not very familiar with this command.

ZeroByte · June 29, 2016, 9:20pm

Just a quick point - make sure the firewall rules you’re fixing are in the INPUT chain, and not the FORWARD chain…

vereto · June 29, 2016, 9:23pm

I think they already are. Would the listings showing as INPUT (in my image) verify that these options have been set correctly?

ZeroByte · June 30, 2016, 3:22pm

Yes, your rules are in the proper chain.
The counters in the screenshot show zero packets - I don’t know if this is because the screenshot was taken after a reboot / clearing of the counters, and before any attempts to ssh into the box… but if not, then the packets are just not making it to the router. I suspect the counters were cleared, though, since you’ve edited the original post with the solution (thanks for doing so, by the way).

hgonzale · June 30, 2016, 6:13pm

Where was the problem?

ZeroByte · June 30, 2016, 7:03pm

Vereto edited the solution into the original post:

I.e. - he forgot to say “the LAN interface can do whatever it wants” so this led to the default-drop rule snagging too much traffic.

vereto · June 30, 2016, 8:21pm

I was missing a rule in my firewall filters that allowed internal access to the router. My rudimentary understanding tells me that I was blocking access through one of my drop rules.
Thanks again for all your help.