ssh service on public IP not accessible

Stoned · June 28, 2008, 6:29pm

Hi,

I have problem with logging to my RB133 via ssh on public IP.
Whenever I try to log-in via private IP, it works fine,
but whenever I try to log-in from remote, I get the same two errors:

“Network error: Connection Refused”

or

“Network Error: Time out”

I have no entries in /ip firewall filter section

I changed the ssh port at random, default also does not work.

My ISP configuration:

Cable Modem ==> RB133

Maybe it is caused by some restriction set by my ISP?

Any help is appreciated.

regards,

Stoned.

jwcn · June 29, 2008, 7:41pm

check ip services

Stoned · June 30, 2008, 5:53am

In /ip service section ssh is enabled, allowed on any address 0.0.0.0/0, port for example 48151.

At remote location everything works fine.

Is there something else I need to check?

Regards,

Stoned.

SurferTim · June 30, 2008, 7:57pm

Greetings!

Check
/ip firewall filter
If you have even the minimum defensive rules in there, then you probably need to allow your remote box in.

EDIT: I see by your post (duh!, I feel dumb) you have no rules in there. I will presume it may be your ISP blocking it. Can you ping it?
Also check /ip route and insure you have a default gateway to the internet there.

Stoned · June 30, 2008, 8:51pm

Sure I do have no defensive rules,
previously I had plenty of them,
but I dunno had a chance to check them against the validity of use.

I can not ping the public address of a router.
RB gets public address automatically, from the dhcp-client section and def-route and so on is added automatically.

Regards,

Stoned.

SurferTim · June 30, 2008, 9:17pm

What IP/mask is the dhcp server issuing to your box?

Stoned · July 1, 2008, 3:13pm

Let's assume my public IP is 192.168.104.104/22
def gw is: 192.168.104.254

When I try to log-in to the RB, in the firewall connection I get this:

[admin@xxxx] ip firewall connection> pr
Flags: S - seen reply, A - assured

PROTOCOL SRC-ADDRESS DST-ADDRESS TCP-STATE TIMEOUT

71 tcp 10.16.5.24:2723 192.168.104.104:22 syn-sent 12s
13 tcp 89.171.80.210:1030 192.168.104.104:22 syn-sent 1s

this is from two different remote locations

regardsless, the locations, I can not ping my public IP.

Is it finally all the way how my ISP blocks remote access to my RB?

Regards,

Stoned.

SurferTim · July 2, 2008, 9:01am

That is what is suspected. 192.168.x.x is not a public IP set. That is a reserved private IP set. You will not be able to access those IPs directly from the internet.

EDIT: I won’t step on your next post. My bad. I thought that was a real IP. Then my first impression is probably correct. It is your ISP blocking it. Mine blocks port 80 (websites) unless you have a commercial account.

Stoned · July 2, 2008, 6:02pm

Nope.

I have a public IP 85.xxx.yyy.221

Stoned.

Stoned · July 3, 2008, 10:40am

Any more ideas?
or the problem is at ISP side?

Regards,

Stoned.