portforwarding on Huawei HG8245H ONT

Salut,


I am trying to set up port forwarding on RCSRDS network,
but seem to miss a step as I am unable to establish an SSH session from the Internet to the SSH-server.

First thing I did was creating a static route for the SSH server I want to use port forwarding to.
Also checked both IP address the ONT reports and IP address known to the outside world, thus:

1/ IP addresses

IP address ONT
---
Status-> WAN Information:
---
IPv4 Information
Connection Status  IP Acquisition Mode  IP Address  Subnet Mask  MAC Address
Connected  PPPoE   100.101.xx.yyy 255.255.255.255 xx:xx:xx:xx:xx:xx

IP address Internet
---
root@sshserver:~# curl ipinfo.io/ip
86.120.yyy.zzz


2/ Verified forwarding rule
Forward Rules-> Port Mapping Configuration
Enable Port Mapping: [v]
WAN Name: 2_INTERNET_R_VID_201 (greyed out) Protocol: TCP
Start External Port: 3333 End External Port: 3333
Start Internal Port: 22  End Internal Port: 22
Start External Source Port:0 End External Source Port:0
Mapping Name: ssh  External Source IP Address:
Internal Host: 192.168.x.y [ mac-address ]


Tested " ssh some_user@IP-address -p3333 " using both addresses, but it does not seem to connect?
I assume I do not need to restart router and a simple "Apply" should be sufficient?

Last, but not least, the ssh server reacts to port 22 if I check from another station  ... ...

user@someserver:~$ telnet 192.168.xx.yy 22
Trying 192.168.xx.yy...
Connected to 192.168.xx.yy.
Escape character is '^]'.
SSH-2.0-dropbear_2014.66
▒▒ֈN0X▒_▒▒▒+▒▒▒[email protected],ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,[email protected],3des-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes256-cbc,twofish256-cbc,twofish-cbc,twofish128-cbcgaes128-ctr,3des-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes256-cbc,twofish256-cbc,twofish-cbc,twofish128-cbchmac-sha1-96,hmac-sha1,hmac-md5hmac-sha1-96,hmac-sha1,hmac-md5zlib,[email protected],nonezlib,[email protected],none▒ܪ:▒▒n


Mtmsc pt raspuns!

dolphs, on 06 decembrie 2017 - 17:19, said:

You are not romanian? Do you speak romanian?
Nu de alta dar un strain nu scrie prescurat "pt" (

Quote

)

Edited by stlk, 06 December 2017 - 18:34.

seara buna ... Uhm eu?
Hah inteleg Romaneste, dar nu srciu bine !
Hai - mtmsc pt raspuns pe subiect port fowarding :-)

Dacă înţelegi româneşte e bine!

1. vrei port-forward de la wan-ip-addr:3333 la LAN-ip-addr:22
2. procedezi ca aici: https://portforward....huawei/hg8245h/
3. ar trebui ca după <Apply> să funcţioneze;
4. pentru acces din internet wan-ip-addr(external) ar trebui să fie static; dar, la RDS, PPPoE oferă ip-addr dinamic; soluţia este 5;
5. creezi un cont aici: https://digicare.rcs-rds.ro/ unde vei putea să configurezi <DNS Dinamic> de forma yourhostname.go.ro cu care vei putea accesa din internet conexiunea proprie indiferent ce wan-ip-addr ar avea; după configurare e necesar pppoe reconect sau <restart>.
6. LAN-server cu ssh trebuie să deţină permanent aceeaşi ip-addr(ex. 192.168.100.52)
7. by default ssh e configurat să nu accepte conectare cu user root;

Succes!

@jobist - mersi

Idea is indeed to be able to access from outside ( Internet /3333 ) in to my LAN to SSH ( 22 ).

Found the instruction under 2/ also and applied lots of different settings already.
Meanwhile removed my rule and picked the Application " Secure Shell Server " to test.
Also inserted a Mapping name with proper Mac Address ( thus Internal host is the correct one ) and Applied these but " pacat, nu merge deloc "

Answer might be in "contul-meu", although I added a "go.ro" address yesterday it does not seem to resolve the DNS entry yet executing a 'nslookup'.
Therefore possibly I have to "restart"( reconnect ) the ONT to pick up this entry configured, will do that after this posting.

daca functioneaza, raport in limba romana! :-)

grrr " ce pacat " dupa repornire functioneaza bine ...
Am vazut IP address este schimbat, acum este ceva : 5.12.xxx.yyyy ( a fost 100.101.xxx.yyy )
Si nslookup resolva "go.ro" adressul, aoleu nu ce poate​!!!

ok.

Merge SSH access?

Edited by jobist, 06 December 2017 - 20:48.

da merge bine cu si fara "root" doar dupa ceva 5 minute root este blocat ;-), mersi!

Faci aşa: remote ssh-login cu someuser@ip-addr , apoi local ssh-login [email protected] ; poate nu mai face time-out la root

dolphs, on 06 decembrie 2017 - 20:46, said:

"Ce bine!" / "Surpriză plăcută!" / "Excelent!"

Edited by jobist, 06 December 2017 - 21:16.

no I was refering root login works but I dont want root to be able to log in directly from the Internet so that has been taken care of ...


multumesc si seara placut!