2

I have a TP-Link router and I have followed the appropriate steps to forward the port 22 to use an SSH connection on the remote machine. I forwarded the port 22 on the machine's LAN IP.

But when I try to connect to the remote machine over the internet using SSH the connection on port 22 times out. Also, the machine's global IP is reply when I ping the machine.

When I check the port 22 using canyouseeme.org it says the port is closed. What am I doing wrong ? Both the remote and the host machine are running Ubuntu 16.04 LTS

I contacted the ISP and they said that they do not block any ports. This is the NMAP output :

sudo nmap xxx.xxx.xxx.xxx -p 22 

Starting Nmap 7.01 ( https://nmap.org ) at 2019-03-24 17:16 IST
Nmap scan report for xxx.xxx.xxx.xxxreverse.spectranet.in (xxx.xxx.xxx.xxx)
Host is up (0.0033s latency).
PORT   STATE    SERVICE
22/tcp filtered ssh

Nmap done: 1 IP address (1 host up) scanned in 0.55 seconds

Please ask for any further info you require.

Improve this question
2
  • What does the router report as the WAN address? The first two octets should be fine, no need to reveal your full IP. Is that address the same as was reported by canyouseeme.org?
    – Tim_Stewart
    Commented Mar 24, 2019 at 16:15
  • @Tim_Stewart the default gateway is 10.200.xxx.xxx and the IP Address is 10.200.xxx.xxx. This is nowhere close to the IP address in canyouseeme.org which is 125.63.xxx.xxx
    – Tanmay Bhatnagar
    Commented Mar 24, 2019 at 18:40

1 Answer 1

Reset to default
2

The reasons that you cannot port forward:

  • The ISP is using CG-NAT. (Carrier-grade Network Address Translation) Sometimes referred to as (LSN) Large scale NAT.
  • You do not have control of the router that has a globally accessable IPv4 Address. This is the Class-A 125.63.xxx.xxx address on the router that's doing the NAT/Masquerading
  • The router that you do have control of has a WAN Address in the 10.0.0.0 - 10.255.255.255 range which is designated for private use.
    (It has no control of incoming requests, the CGNAT router does.)

You may be able to call the ISP and have a Globally accessible IP Address assigned to your router. unfortunately, only your ISP can help you with this.

~Regards.

Improve this answer
3
  • I called the ISP and asked if they block any ports. They said that they do not block any ports. Moreover, a friend uses the same ISP and successfully setup port forwarding for SSH and it works. I am guessing it's an issue with the router since that's the only variable among the two of us.
    – Tanmay Bhatnagar
    Commented Mar 30, 2019 at 9:57
  • And what happens at the friend's house in the same test with canyouseeme.org?? I would escalate it to someone who knows what they are talking about. You ARE NOT going to be able to port forward with a private IP. They aren't Technically blocking anything, it's the wrong term to use.
    – Tim_Stewart
    Commented Mar 30, 2019 at 14:14
  • 1
    Maybe when you talk to them again, try using "i don't have a global IP address". "The WAN address that is assigned to my router is in the rfc 1918 private range". "I need a globally accessable IP address" any of these should get the point across to the ISP agent.
    – Tim_Stewart
    Commented Mar 30, 2019 at 17:11

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .