6

I am trying to expose my raspbmc's ssh port to the world through my internet router. I can connect to the device on my LAN. I have another Windows 7 machine with cygwin and sshd installed on it and I can ssh into that machine through my firewall. I believe I know how to configure my router to forward ports.

Here's what I tried:

Attempt 1

  • Forward external port 22222 to port 22 on my raspbmc
  • Connect to port 22222 on my external ip with: 
     ssh -vv -p 22222 pi@MY_IP OpenSSH_6.2p1, OpenSSL 1.0.1e 11 Feb 2013 debug1: Reading configuration data /etc/ssh_config debug2: ssh_connect: needpriv 0 debug1: Connecting to MY_IP [MY_IP] port 22222. debug1: connect to address MY_IP port 22222: Connection timed out ssh: connect to host MY_IP port 22222: Connection timed out
    Doing this, but forwarding to my Win7 box works, seemingly indicating that I know how to configure my router.

Attempt 2

Then I tried turning off port 22 forwarding to my Win7 machine and forwarding external port 22 to my rapsbmc's port 22, such that the only tweaking that I did of the router configuration was to change which LAN address the packets were forwarded to. Connections to Win7 box stopped [expected], but connections to raspbmc did not work:

$ ssh -p 22 -vv pi@MY_IP OpenSSH_6.2p1, OpenSSL 1.0.1e 11 Feb 2013 debug1: Reading configuration data /etc/ssh_config debug2: ssh_connect: needpriv 0 debug1: Connecting to MY_IP [MY_IP] port 22. debug1: connect to address MY_IP port 22: Connection timed out ssh: connect to host MY_IP port 22: Connection timed out

I believe the packets [UDP and TCP] are getting to my raspbmc from outside my LAN. Where are the log files for sshd on raspbmc? I can't even find sshd on my raspbmc:

 sudo find / -name sshd

yields nothing.

Improve this question
3
  • 1
    raspbmc uses dropbear and sshd. Commented May 2, 2013 at 17:01
  • It uses sshd, but only as a client I think. In this case only dropbear server matters. Commented May 3, 2013 at 10:43
  • Thanks for all the information, I was facing the same problem. Please don't forget to forward the corresponding ports also in the router! Commented Apr 18, 2014 at 17:41

1 Answer 1

Reset to default
12

Ugg. I wasn't able to solve my own problem the other day, but when I typed out the question, then I got inspired to search the interwebs in a different way that yielded a solution. My issue was that iptables is configured to block traffic that isn't on my subnet. You can test that this is the issue by running this command on your raspbmc:

sudo iptables --flush

If you're able to receive the ssh connections on your raspbmc now, then you need to tweak the iptables commands in /etc/network/if-up.d/secure-rmc such that it will not block non-subnet traffic:

logger -t iptables "Configuring ip tables for interface $IFACE" if [ "$IFACE" != "lo" ]; then NETMASK=$(get_subnet $IFACE) iptables -A INPUT -s $NETMASK -i $IFACE -j ACCEPT iptables -A INPUT -i $IFACE -j DROP fi

I commented out those lines with # using command sudo vi /etc/network/if-up.d/secure-rmc. Those lines now look like:

#logger -t iptables "Configuring ip tables for interface $IFACE" #if [ "$IFACE" != "lo" ]; then # NETMASK=$(get_subnet $IFACE) # iptables -A INPUT -s $NETMASK -i $IFACE -j ACCEPT # iptables -A INPUT -i $IFACE -j DROP #fi

Then, when you reboot, it should be resolved. This will make your raspbmc listening ports be wide open to accepting any packets from outside your network, for better or worse...

Improve this answer
4
  • 2
    This is not the best solution I believe, why don't you open only the ports you need? add this line: "iptables -A INPUT -p tcp --dport 22 -j ACCEPT" before this line "iptables -A INPUT -i $IFACE -j DROP" and you're all set Commented May 3, 2013 at 10:38
  • I'll test that solution and update my answer when I can gain physical access to my raspmbc. It's in my attic and it died last night... Commented May 3, 2013 at 14:27
  • Any idea of what went wrong? Commented May 3, 2013 at 14:34
  • I played a video. Also my capacitor was broken off and my subsequent solder to the traces is pretty weak. My attic was hot yesterday, now it is cold. No really sure. I'm just going to reboot it. Commented May 3, 2013 at 14:47

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.