I'm setting up port forwarding on a SonicWall NSA 220 router, for port 22. It appears that the router is forwarding TCP packets as it should. However, Wireshark running on the server shows that my server's sshd is ignoring these ssh connection requests and is not responding: it doesn't even attempt to send any packets back.
I can ssh directly to the server over the same ethernet interface (from another system on the LAN) just fine. It's only the forwarded packets from the WAN side that receive no response.
So it seems that the culprit might be sshd: for some reason it is ignoring the forwarded packets.
The server is running RHEL 6. The firewall is disabled.
Any ideas why sshd is ignoring the forwarded connection requests? Or is the router to blame?
The following is tcpdump output (I'm using port 30002 here, but it's the same as port 22). The server's IP address is 192.168.8.33.
08:52:12.350492 IP 192.168.1.32.52205 > 192.168.8.33.30002: Flags [S], seq 2460054041, win 14600, options [mss 1460,sackOK,TS val 453857378 ecr 0,nop,wscale 6], length 0
08:52:13.347513 IP 192.168.1.32.52205 > 192.168.8.33.30002: Flags [S], seq 2460054041, win 14600, options [mss 1460,sackOK,TS val 453857628 ecr 0,nop,wscale 6], length 0
08:52:15.351529 IP 192.168.1.32.52205 > 192.168.8.33.30002: Flags [S], seq 2460054041, win 14600, options [mss 1460,sackOK,TS val 453858129 ecr 0,nop,wscale 6], length 0
08:52:19.363565 IP 192.168.1.32.52205 > 192.168.8.33.30002: Flags [S], seq 2460054041, win 14600, options [mss 1460,sackOK,TS val 453859132 ecr 0,nop,wscale 6], length 0
Here is the tcpdump output when I ssh from the LAN, which is successful:
08:50:41.844945 IP 192.168.8.253.55442 > 192.168.8.33.30002: Flags [S], seq 2514711830, win 14600, options [mss 1460,sackOK,TS val 4294948065 ecr 0,nop,wscale 6], length 0
08:50:41.844983 IP 192.168.8.33.30002 > 192.168.8.253.55442: Flags [S.], seq 2291827547, ack 2514711831, win 14480, options [mss 1460,sackOK,TS val 6807100 ecr 4294948065,nop,wscale 7], length 0
08:50:41.845290 IP 192.168.8.253.55442 > 192.168.8.33.30002: Flags [.], ack 1, win 229, options [nop,nop,TS val 4294948065 ecr 6807100], length 0
etc....
Here is my sshd_config on the server:
sudo grep ^[^'#'] /etc/ssh/sshd_config
Port 22
Port 30002
Protocol 2
SyslogFacility AUTHPRIV
PasswordAuthentication yes
ChallengeResponseAuthentication no
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes
UsePAM yes
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS
X11Forwarding yes
Subsystem sftp /usr/libexec/openssh/sftp-server
Here is iptables:
sudo iptables -L -n -v
Chain INPUT (policy ACCEPT 5350 packets, 314K bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 2121 packets, 14M bytes)
pkts bytes target prot opt in out source destination
Best Answer
I got it to work finally. I forgot that my server has two network interfaces, and both were connected: one to the router's LAN network, and one to the WAN network.
To explain: the router's WAN is 192.168.8.*. The router's LAN is 192.168.1.*. The server is 192.168.8.32, and the client is 192.168.1.33.
When I disconnected the server from the router's WAN network, all of a sudden it all worked. I think RHEL on the server must have been confused by the two routes to the client 192.168.1.33.