# Remote SSH access



## twintone (Jan 31, 2013)

Hello..

I have a box running FreeBSD 8.3 on my internal network, and I would like to connect to it outside my network. Currently I just use putty, and current to the internal IP. As for connecting from outside my network, I was thinking of changing the port SSH listens on to something like 3333 or the like. However, I am unsure how to change the port for SSH. No matter what port I choose, I know I would need to setup a port forward on my router for that port. Is there anything I would need to configure to be able to connect remotely?

Any help and insight would be appreciated.


----------



## kpa (Jan 31, 2013)

Keep the listening port at 22 so you don't have to change anything locally but forward the port 3333 on the external interface of the router to port 22 of the FreeBSD box.


----------



## twintone (Jan 31, 2013)

Thank you for the information guys. Unfortunately I am having some issues. For testing purposes I left everything on port 22. I have remote access to a server outside my network, and when I attempt to connect back to my internal FreeBSD box using ssh -l username XXX.XXX.XXX.XXX I get a password prompt, but it is denying my password. I can log on internally via the internal IP with putty just fine. Is there some setting that is blocking outside connections?

Not sure if this has something to do with my network or not. My ISP modem has it's own firewall built in and is 192.168.0.1 which I run to a wireless router 192.168.1.1 which runs to a switch, and all of my machines are connected directly to that switch.

Even without setting up a port forward on either of the routers, I am still getting the password prompt. Almost like the ISP modem / router is listening on port 22.

Does this make any sense?


----------



## SirDice (Feb 1, 2013)

twintone said:
			
		

> Even without setting up a port forward on either of the routers, I am still getting the password prompt. Almost like the ISP modem / router is listening on port 22.


That's possible, try what kpa suggested and forward some other port to your FreeBSD's ssh port.

And check your modem/router and see if you can turn that 'feature' off.


----------



## twintone (Feb 1, 2013)

SirDice said:
			
		

> That's possible, try what kpa suggested and forward some other port to your FreeBSD's ssh port.
> 
> And check your modem/router and see if you can turn that 'feature' off.



I did attempt to forward to a different port (3333) and it just times out. Not sure if I would need to setup a port forward on the modem / router to forward to my wireless / router that the FreeBSD box is connected to. I tried that, but to no avail. 

Looking into turning off that feature, but not seeing anything staring me in the face.


----------



## wblock@ (Feb 1, 2013)

It's difficult to follow, so I'm just going to summarize and please ignore if this is already understood.

internet --> cable router --> wireless router --> switch --> freebsd

If you have the cable router connected to the WAN port on the wireless router, it adds another level of indirection and makes this harder.  Instead, connect it to one of the LAN ports and use the wireless router just as a switch.  Then the cable modem forwards incoming port 3333 traffic to port 22 at the hostname or IP address of the FreeBSD system.

To keep using the wireless router as a firewall, the cable router will forward port 3333 to the wireless router, which will then forward port 3333 to port 22 on the FreeBSD system.  But look up "double NAT".


----------



## jem (Feb 1, 2013)

What router do you have twintone?


----------



## twintone (Feb 1, 2013)

Thanks for the input guys. Wblock, I ended up doing what you suggested (and yes your summery of the network is correct) prior to checking back here, and have things up and working. I will take a look into double NAT which sounds challenging, but never the less it's always good to learn new things. 

Jem, the wireless router is a Netgear N600. The DSL modem / router is an Acctiontec V1000H. I know there are a lot of DSL haters out there, but I am a much bigger fan of DSL than Cable. Thankfully my provider has great speeds. Currently getting 25Mb down and 5Mb up.


----------



## jem (Feb 4, 2013)

Unfortunately, "N600" doesn't tell me what I need to know about the NetGear.  N600 refers to a group of NetGear routers which are all capable of 600Mbps wifi.  I was after the specific model number, which might be something like:

DGND3700
WNDR3700
WNDR3400

It might be that both your Acctiontec unit and the NetGear are both performing NAT, in which case you'd have two layers of port forwarding to do.

One thing I do know is that all the NetGear routers I've used can't port forward from a particular external port to a different port on an internal host, for example port 3333 to 22.


----------

