dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
4812
share rss forum feed


Broken NAT

@shawcable.net

SSH forwarding

I am with Shaw, on the High Speed 20 plan. I am using the SMCD3GN Wireless N router. I do a reasonable amount of traveling, and until now have not really needed to be able to remotely access my home network. However, now I am at the point where I would like to be able to SSH into a local media server which I run in my home, and from there be able to SSH into various other machines if need be. However, I seem to have a problem with this. When I try to forward port 22 for SSH, I get a message which says "Conflict with Remote Management Ports!", at which point it gives me a box to click which says "Okay", and then brings me back to the NAT forwarding page. Search engines seem to bring up nothing, so I ask you good folks here.

Before anyone asks, here is what I have tried:

- I called Shaw, they say that port forwarding is outside of what they can help with trouble shooting, despite the fact that their router wouldn't let me do what the router is designed to do. They flat out refused to do trouble shooting of any kind, and blamed my failure to do proper static IP routing, which is of course non-sense because not only does SSH work on the local network, but I should in theory be able to point any forwarded port to a non existent local IP if I really wanted to. They refused to recognize there is a problem with the router, although I didn't push the issue past a level 2 support agent.

- I called SMC help, who, while extremely helpful and friendly (far more so than Shaw), could also not find out what is wrong with the router. I think the awesome tech support gentleman who had the misfortune of getting my call spent a good 45 minutes researching to no avail.

- I have reset all the router settings to default settings and the forwarding still doesn't work.

- I have have had a friend do a port scan on my WAN address which brings up nothing, as expected.

- I have done a port scan on the router on the internal IP address (192.168.x.x), which shows that, among other ports, SSH is enabled and filtered. This is the nmap scan output.

Host is up (0.0067s latency).
Not shown: 994 closed ports
PORT     STATE    SERVICE
22/tcp   filtered ssh
23/tcp   filtered telnet
53/tcp   open     domain
80/tcp   open     http
443/tcp  open     https
8081/tcp filtered blackice-icecap
 

This is incredibly frustrating. Can anyone help, or does anyone have any idea why it does this? Should I just have them replace the router?

Thanks!


rustydusty

join:2009-09-29
Red Deer, AB

I have heard of issues with SMC and even the Cisco with port forwarding. My suggesting is getting an old Motorola 5120 for your 20Mb plan, and buying a descent router to handle the NAT. The Shaw all-in-one units are 'descent' in my mind at best. If you have an idea as to what you are doing I highly suggest swapping the SMC for the Motorola, which a few members on here still have and could send you one.


tlhIngan

join:2002-07-08
Richmond, BC
kudos:1
reply to Broken NAT

You can always map a different external port to your SSH server. E.g., allow incoming 2222 to your SSH server port 22. Also see if you can disable remote management on your modem. If you've got SSH set up, you can do local management of your router via SSH port maps back to the modem.

But your real task is to see if you can get your modem switched to "bridged" mode and use your own router. If you're handy with SSH, you know how to do this and set up your own router.

Shaw's provided routers are the lowest of the low end - think the $20 specials you see at Future Shop (and the ones you KNOW everyone is still making a profit on - Future Shop, the distributor, the manufacturer, etc. And you can figure out how much it really costs and how good it could get, when you can buy $200 routers).

If you don't have an HTTPS server, 443 is especially handy - many firewalls only allow port 80 and 443 traffic.


kevinds
Premium
join:2003-05-01
Calgary, AB
kudos:3
reply to Broken NAT

Few questions,

Does the SMC have the Remote Management feature in the customer interface able to be turned on and off?

If so, is it on?

If you have that much experience with networking, why are you using the router in a Shaw modem? Or are they still unable to enable bridge mode on plans slower than 50mbps?

If your friend, or anybody else outside your LAN, able to even get a telnet connection to port 22?

I have never had good experiences with SMC routers.
--
Yes, I am not employed and looking for IT work. Have passport, will travel.



Broken NAT

@shawcable.net

said by kevinds:

Does the SMC have the Remote Management feature in the customer interface able to be turned on and off?

If so, is it on?

If you have that much experience with networking, why are you using the router in a Shaw modem? Or are they still unable to enable bridge mode on plans slower than 50mbps?

If your friend, or anybody else outside your LAN, able to even get a telnet connection to port 22?

I have never had good experiences with SMC routers.

1) No, there is no way to administer the Remote Management system, otherwise I would just disable it and be on my way. Shaw also refuses to admit it is enabled, despite the router saying it is.

2) The last router that I had from shaw took a combined 6 hours on the phone to finally get them to disable the gateway and put it in bridged mode, so I was hoping to avoid that again.

3) I can forward every single port except for 22. telnet, http, AIM, all of the predefined services work, and I have some others like VNC and Tor running on "customer defined" forwarding as well. It is just port 22 that won't forward. There is nothing else wrong with the router. It is extremely frustrating.

kevinds
Premium
join:2003-05-01
Calgary, AB
kudos:3

Might have to run your SSH server on multiple ports, or just a different one as the only work around.

Register and bug Sean about the firmware bug, and he might be able to get you in touch with someone who knows the workings of the Gateways better.

One other thing to try, I have confirmed this doesn't work on the Cisco's, not sure about the SMC's, 'Backup' the configuration, then edit it manually, notepad maybe? and then 'Restore' it back to the SMC. The Cisco's do a CRC check on the file so you can't upload a modified one.

-Posted from my phone.


fuzzmania

join:2003-08-19
New Westminster, BC
reply to Broken NAT

Have you tried to use hamachi? »secure.logmein.com/products/hamachi/
It will allow you to run a client on both computers and essentially have a VPN with your remote and local computer. You can then SSH tunnel that way through the "private" IP address assigned to your computer.

Else you could buy another router and get the SMC put in bridge mode, or get a cisco in bridge mode with your own router


noclue6

join:2012-09-12
reply to Broken NAT

You are advised to run your SSH on a non standard port anyways. Trust me, you will thank me. My logs were filled with script kiddies and bots, but no one guesses my high range port now! absolutely no one.

But yeah it probably has some remote management on the router which you would access using ssh. Did you try and ssh into the router yet? did you look up the router manual?


kevinds
Premium
join:2003-05-01
Calgary, AB
kudos:3

My active port 22 machines, were showing around 24000 attempts on root each 24 hour period, before I started to auto-ban them, they were at times crashing my NAT router...

Not as annoying as the FTP bots that tries hundreds/thousands of passwords each run, even when I allow their current username on any password (access granted) they disconnect and keep trying.

But I agree with @noclue unless you need to run on port 22, I advise picking a different port.

Port 443 works well, because network/traffic monitoring software is expecting encypted traffic on that port when you are travelling.
--
Yes, I am not employed and looking for IT work. Have passport, will travel.