On Mon, 7 Mar 2011 00:54:19 -0600 Jason Hsu <jhsu802...@jasonhsu.com> wrote:
> QUESTIONS: > 1. How do I know if my DSL modem is the culprit blocking remote > access to my computer? 2. Exactly what is the difference between > bridge mode and router mode in a DSL modem? I read that if my DSL > modem is blocking remote access to my computer, switching it to > bridge mode would remedy this. 3. Why does switching my DSL modem to > bridge mode cut off Internet access, and why does switching it back > to router mode restore Internet access? > A router connects two or more different IP broadcast domains (different network addresses) and contains routing rules to decide which interface to use in relaying packets it receives. An Internet router generally also contains a simple firewall and does NAT translation. A bridge is effectively a piece of wire, passing everything between two parts of the same broadcast domain and doing no processing. So when you switch from router to bridge mode, the next connection assigns a public IP address to the next piece of equipment in from the bridge. If it cannot accept that address, there's a problem. If the firewall rules do not allow for the public IP address, there's a problem. The piece of equipment connected to the bridge is also exposed directly to the Internet. Only use bridge mode if you know exactly what it does, and that's what you want, and for most people it won't be. > BACKGROUND: > > I have a small home network. The setup is: > Internet -> DSL modem -> Firewall/server computer -> Ethernet switch > -> Main computer > > The DSL modem is an Embarq EQ-660R ADSL router. My ISP is > CenturyLink. > > I'm trying to set up an SSH server on the firewall/server computer. > I have a free account from DynDNS, but their Open Port Tool (at > https://www.dyndns.com/support/tools/openport.html , which I set to > port 22) gives me the "timed out" error message. I don't think the > Shorewall firewall on the firewall/server is the problem, as I have > the /etc/shorewall/policy file set to accept firewall-to-all > communications (through port 22) and the /etc/shorewall/rules set to > accept net-to-firewall (through port 22). > > Some searches on Google gave me the idea that my DSL modem could be > the culprit. This brings me to the questions at the beginning of > this post. > You have a fair way to go before you should advertise as a consultant. A good working knowledge of networking is an absolute requirement. *You* should be able to tell *us* the difference between a bridge and router, and you should certainly be able to troubleshoot this kind of problem. 1. Check that sshd is actually running and is accepting connections on the WAN port. Try a connection first from localhost, and examine the configuration file to check that the WAN port and your user are allowed. By default, with no changes made, it should work. 2. Check that ssh works from a computer directly connected to your server's WAN port (crossover cable possibly required). You'll need to tweak IP configurations to do this. 3. Check that the router has a forwarding rule to pass ssh to the server when back in normal configuration. 4. Check with http://grc.com Shields Up!! as to whether it can see port 22. Ignore Steve's dire warnings everywhere. If you get to this point without success with external ssh, any further issues are due to ISP port blocking (an urban myth, as far as I can see) or dynamic DNS issues. A consultant really ought to have a fixed IP address, as a dynamic IP address introduces uncertainties where you don't need them. Oh, and when ssh is working, move it to an unprivileged (high) port. It doesn't add much security, but it keeps a lot of rubbish out of your logs, and that's certainly worth doing. And you have configured it to work with keys, not passwords, haven't you? -- Joe -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110307084258.14f12...@jresid.jretrading.com
