Remote SSH doesn't work

NETWORKING SOLUTIONS
1

Hello,

I’ve been trying (for some time…) to create an ssh tunnel between an Ubuntu Machine (M-1) and an embedded system (M-2).

The setup is the following:

  • M-2 is connected to a RUT901 router on LAN1.
  • M-1 is connected to WAN.
  • RUT901 is connected to WAN via 4G (public IP).

I have allowed remote SSH access to RUT901, and I can connect to it from M-1.
To connect remotely to M-2, I have created a port forwarding rule from WAN->LAN, and a firewall rule which allows the traffic through. However this fails - the ssh connection just stalls without any specific message.

Could you please help me out?

2

Hello,

Could you please provide a screenshot of your configured firewall port forwarding and traffic rules?

Additionally, is it possible that M-2’s firewall is blocking WAN traffic to port 22. Could you check if you can SSH into M-2 locally from the RUT901 using the following command?

ssh <m2username>@<m2_LAN_IP>

Best regards,

3

The firewall rule:

image
image778×900 96.1 KB

The port forwarding rule:

Screenshot from 2025-02-21 13-07-10
Screenshot from 2025-02-21 13-07-10812×755 77 KB

M-1 can ssh into M-2 via LAN1, I tested it.

Thank you for your time :slight_smile:

4

Firewall traffic rule should be unnecessary. Could you try changing the port forwarding rule’s external port to a different one, e.g., 8888?

As mentioned previously, also ensure that M-2’s firewall isn’t blocking access to port 22 from WAN.

Additionally, can you check from M-1 if the following command succeeds?

nc -zv <RUT901_PUBLIC_IP> <external_port>

If this fails, the port is not open.

Best regards,

5

I removed the firewall rule.

And I changed the port forward rule to the external port 8888. Now I issued two commands:

ssh -p 22 <user_id>@<RUT901_PUBLIC_IP>

This works and I’m greeted with the RUT901 login screen.
However, when I try:

ssh -p 8888 <user_id>@<RUT901_PUBLIC_IP>

It stalls as per usual.

I tried

nc -zv <RUT901_PUBLIC_IP> 8888

But it stalls again.

I tried that command with other ports, and it failed, except for 22 - for which it succeeded.

I further tried:

sudo nmap -p 8888 -sT <RUT901_PUBLIC_IP>

Which returned:

PORT STATE SERVICE
8888/tcp filtered unknown

But when I issue:

sudo nmap -p 22 -sT <RUT901_PUBLIC_IP>

returns

PORT STATE SERVICE
22/tcp open ssh

This has to be router - port 22 is open on M-2. The router has to open port 8888 which it then forwards to port 22 of M-2.