Port forwarding

I have a SSH server here. When I had a basic cable LAN setup (cable modem and a cable router), I could easily access the SSH server from other locations.

Now that I've implemented 2 cisco routers, I cannot access the SSH server remotely any longer.

My cable router is set to forward any traffic (from the outside) it receives to

> host 192.168.1.59 on the inside. Like I said, this used to work fine until I implemented Cisco routers and segmented my LAN.

Any ideas? I went into my cable router and added a static route for 192.168.1.59. Didnt do anything.

Here is a picture of my LAN
Thanks

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

Webmaster

You shouldn't create static routes to hosts... only to networks. And since your cable router is on the 192.168.1.0 network, adding a static route for an address part of that network is useless.

The reason you cannot access the SSH is probably because your SSH server has the 2501a as its default gateway... and that's why your SSH server doesn't know the path back to the Internet, hence you cannot access it from the Internet either. Set the default gateway of your ssh server to the cable router's internal IP and it should work as before.

dissolved

Thanks man. There is no way to keep my network the same, and set port forwarding on my 2501a as well to let the traffic hit the SSH box?

mwgood

Hi dissolved,

Maybe I missed this part of your configuration process, but I'm curious as to why you are showing your "gateway" of 192.168.1.1 pointing to the WAN side of your cable "router?"

If you are doing port mapping on a router, and your cable "router" - not a bridge in this case, is the first interface to the outside world - wouldn't you normally have a public IP on the WAN side?

Shouldn't your gateway in the diagram be pointing to the LAN side of the initial router?

viper75

Default gateway for SSH server should be 192.168.1.1.

PS...
Nice diagram...what program did you use to create that in???

dissolved

mwgood wrote:

Hi dissolved,

Maybe I missed this part of your configuration process, but I'm curious as to why you are showing your "gateway" of 192.168.1.1 pointing to the WAN side of your cable "router?"

If you are doing port mapping on a router, and your cable "router" - not a bridge in this case, is the first interface to the outside world - wouldn't you normally have a public IP on the WAN side?

Shouldn't your gateway in the diagram be pointing to the LAN side of the initial router?

Hi, it's actually not pointing to the WAN side. Just looks like it from the pic

So I'm gathering from everyones input, that I should make the gateway for the SSH box 192.168.1.1 . I guess you cant forward ports twice? (on the cable router, then on the 2501a). Does anyone know if that's even possible? I figured I would forward port 22 on the cable router, then forward it again on the 2501a. Would that work ? (just curious)

Thanks again

mwgood

No, it is not possible to setup a second port forward in this case on the 2501A router because your current setup has the Cable WAN IP forwarded to 192.168.1.59 and your 2501A address is 192.168.1.40.

You could do it only if your 2501A WAN IP was assigned the forwarded internal destination address.

dissolved

So if I did the following, would it work?

- forward port 22 from my cable router, to port 22 on my cisco router (2501a 192.168.0.40)

-then go to my cisco router, and forward 22 to 192.168.1.59

mwgood

Originally I was thinking you might be able to do a 2nd port forward on the 2501A, but I'm not so sure anymore now that I've given it more thought. By the time the first port forward occurs from the cable router, it's likely that port translation has already occured, so I don't think that your 2501A router will even see the traffic as port 22 anymore - rather probably some randomly assigned port.

Having said that, I don't personally know enough of the details about NAT to know for certain whether you could statically assign a port number that the 2501A router uses for port 22 traffic that hits the Cable WAN. If that were possible, then I could see the possibility of setting up a 2nd port forward using the translated port - and so on, and so on.

Other than just wondering whether a 2nd port forward is possible or not, why do you want it? Because even if it is possible, it would only mean that you would have to plug in your workstation with the ssh server behind the 2501A Router. You cannot port forward to 2 different IPs as far as I'm aware, so by setting up a 2nd forward on your 2501A Router (IF it were possible), you would just be relocating your ssh server on the network.