[SOLVED] SSH from laptop to LAN device on secondary router

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Goto page 1, 2  Next
Author Message
fermenting
DD-WRT Novice


Joined: 14 Aug 2022
Posts: 9

PostPosted: Sun Aug 14, 2022 16:01    Post subject: [SOLVED] SSH from laptop to LAN device on secondary router Reply with quote
I'm going to go ahead and admit my amateur status in working with dd-wrt. Okay the set up so far.

1. Main router provided by ATT ISP.
2. Old Cisco Valet running DD-WRT (build v3.0-r44715 mini) in client mode in a separate room on a different subnet 192.168.2.X but with a static IP 192.168.1.X as WAN IP from the main router.
3. One machine connected to Valet router LAN port to eventually become a prototype game server (on a static IP)
4. One laptop for administration currently using DHCP being issued by main router.

What I am wanting to is to be able to use the laptop to SSH into the prototype game server. I've tried to set up port forwarding on the dd-wrt machine which seems pretty straight forward. The issue is more on setting up the port forwarding on the main router which I believe I need to do in order for this all to work. According to the documentation, I need to essentially forward a port from the main router to the client mode dd-wrt router and then port forward the port I want for SSH from the dd-wrt router to the prototype game server.

I initially did a simple port forward on the DD-WRT with my laptop plugged into one of the LAN ports. However this never showed as being opened. I checked back with the following link https://wiki.dd-wrt.com/wiki/index.php/Port_Forwarding_Troubleshooting and sure enough it said I needed to set both routers to use port forwarding.

Then I tried setting the port forwarding on the main router to use the same port that I had set for the port forwarding on the DD-WRT router..

So to clarifty. ISP Router port forwarding set with DD-WRT WAN IP on port 1234 and the DD-WRT router set with port fowarding to the box I want to ssh in with port 1234. The box I want to ssh into has had the port it is listening for SSH on set to 1234 too.

What I am unsure about is if I need to initialize IP Passtrhough on my main router in addition to the NAT/Gaming option, but also which IP address am I looking to use on the main router open the port? That is am I looking for the shown WAN IP on the DD-WRT router? Additionally, should I use the same port number for the main router to dd-wrt router port forward as I will between the dd-wrt and the prototype game server?

I'm guessing I've over stepped somewhere or should have stated 22 for somewhere ot be mapped to 1234


Can attach screenshots as needed but will need to edit photos to remove any identifying information.

Regards and Thank you.
Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12836
Location: Netherlands

PostPosted: Mon Aug 15, 2022 12:23    Post subject: Reply with quote
Welcome to the forum.

The Cisco Valet can be an M10 or M20, which one do you have?

Furthermore the build you are running is outdated current is 49741

See the forum guidelines with helpful pointers about how to research your router, where and what firmware to download, where and how to post and many other helpful tips:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087

You might consider upgrading although in your specific use case it probably does not matter.

to recap
your laptop is connected to the ISP router
Your Cisco Valet is connected to the ISP router in Client mode on its own subnet
Your Game server is connected to the Cisco.

You wanted to SSH from your laptop to your game server

If so a simple port forward on your Cisco should suffice.

From your laptop you should be able to reach your game server with <wan-ip-address-cisco>:<ssh-port>

Note your game server might have its own firewall which blocks access.

The scenario where you want to reach clients on a downstream router on your own network is fairly common, it is possible to reach all your clients on the down stream router if you disable the firewall of said router (the Cisco in your case) and set a static route on the primary router (your ISP router) to the Cisco.
If you can set static routes on your ISP router and are interested how to setup i can send you some more detailed instrucitons

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
fermenting
DD-WRT Novice


Joined: 14 Aug 2022
Posts: 9

PostPosted: Mon Aug 15, 2022 19:34    Post subject: Reply with quote
I have the Cisco M10. It was just collecting dust and thought I could put it to good use.

As things stand right now.

The ISP router has been set to give the Cisco router a static IP on it's WAN IP address that was being shown on the DD-WRT GUI. I have also given the laptop a static IP address.

The game machine has a static IP address given by the cisco router on that subnet and is connected via wire.

The laptop unless connected via wire to Cisco router is using the wifi from ISP router.

I used the given firmware based on searching the forum for Cisco M10 and finding the latest thread dated in 2020 has having tested that firmware and having it known to be good. As you have stated, I don't think the firmware will make a difference for this task

Both my laptop and the gaming machine are running Ubuntu Focal Fossa (20.04 LTS) and to my knowledge there is no running UFW (?) or apparmor or IPTables.

Cisco router with WW-DRT has SPI turned off now.

Ex. Let's assume I changed the port on the game server that ssh was listening on to 1234 than the entry in the Cisco server should something like

GameServer Both Port from 1234 <IP Address of game machine> Port To 1234 and enable. Is that wrong?

But again, according to the link in my original post.. it is indicating that I need to set up port forwarding on both routers.

Thank you again for you help on the matter.
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12836
Location: Netherlands

PostPosted: Mon Aug 15, 2022 19:44    Post subject: Reply with quote
No that should not be necessary as your laptop is already on the isp subnet.
_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
fermenting
DD-WRT Novice


Joined: 14 Aug 2022
Posts: 9

PostPosted: Tue Aug 16, 2022 2:07    Post subject: Reply with quote
Well, having gone back tried the example I mentioned with a different number than 1234.. I can not ssh between the subnets to get to the game box. If I try to use ssh -p <port number> username@gameserverhostname. It says "ssh: Could not resolve hostname <hostname> Temporary failure in name resolution"
(maybe I need DDNS?) If I try to use the IP address of the box I want to ssh into then it hangs.

Just an update
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12836
Location: Netherlands

PostPosted: Tue Aug 16, 2022 7:52    Post subject: Reply with quote
Use the Cisco's WAN IP address and that should port forward to the gameserver.

Use Putty that makes it easier: https://www.putty.org/

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
fermenting
DD-WRT Novice


Joined: 14 Aug 2022
Posts: 9

PostPosted: Tue Aug 16, 2022 15:46    Post subject: Reply with quote
Good morning on my side of the world.

Okay in Cisco Router QoS/NAT I now have the following
SSH BOTH No Source Port From 1234 <Cisco Router WAN IP> Port To 1234 and the Enable box checked.

Still, nothing when on the ISP router subnet. Just hangs at terminal (using puTTY or otherwise) using the IP address of the game machine when trying to SSH in. If I try to use the hostname, it can't resolve.

The ISP router has been reset to what it was before I started all this with the exception of Fixed IP address allocations. I can double check the game server box for firewall settings but I don't think that happens on a basic Ubuntu install and I should have mentioned that SSH Server is running on the game server. Don't think I need anything running on the laptop as I can ssh into other machines on the same subnet just fine.

What else might I be overlooking? Thank you again for your time in trying to help me solve this oddity.
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12836
Location: Netherlands

PostPosted: Tue Aug 16, 2022 15:53    Post subject: Reply with quote
No you cannot use the IP address of the gameserver (or its hostname) you must use the IP address of the Cisco and then the Cisco forwards that to your game server that is what port forward is all about

To be perfectly clear the Cisco's WAN ip address so the address your main router hands out to the Cisco!

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
fermenting
DD-WRT Novice


Joined: 14 Aug 2022
Posts: 9

PostPosted: Tue Aug 16, 2022 16:04    Post subject: Reply with quote
Okay so I try to connect to the WAN IP of the Cisco router with the port that I have opened (1234) which will forward me to the game server. I try that but says it connection refused.

ssh <username>@<ciscoWAPIP>:1234 or ssh -p 1234 <username>@ciscoWAPIP>

Do I have the QoS/NAT form set correctly or is one supposed to be 22 and the other supposed to be the port on the GameServer(1234) that is listening for SSH?

Sorry I'm driving you crazy. Confused
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12836
Location: Netherlands

PostPosted: Tue Aug 16, 2022 16:13    Post subject: Reply with quote
If the gameserver also listens on port 1234 than that is fine otherwise you can port forward from 1234 to 22.

I would really check if the firewall of the gameserver allows connections from other subnets, I have a NAS to which I can SSH (with a port forward from my main router) and I have to specifically tell the NAS to allow these connections.

I would check if you can SSH in from the Cisco's subnet, if you can then instead of tweaking the firewall you can add this rule to the cisco's iptables:
Quote:
iptables -t nat -I POSTROUTING -o br0 -j SNAT --to $(nvram get lan_ipaddr)


If that does not help I am out of options Sad

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
fermenting
DD-WRT Novice


Joined: 14 Aug 2022
Posts: 9

PostPosted: Tue Aug 16, 2022 16:38    Post subject: Reply with quote
Okay so just a short recap

GameServer has had SSH listening port changed to 1234.

When I am hardwired to Cisco router, the laptop can ssh to game server with no issue.

I will check if there is a firewall running on the GameServer and if not, I will try the suggested IPTables command.

If that does not work, I will look more at possibly seeing how to port forward from the ISP router to the Cisco router as well.
fermenting
DD-WRT Novice


Joined: 14 Aug 2022
Posts: 9

PostPosted: Wed Aug 17, 2022 12:08    Post subject: Reply with quote
So that didn't work. I should also note that I can ping the WAN IP of the Cisco Router but not the internal IP which may indicate something else.

So another question.. when I go to ssh to the WAN IP of the Router which username and password should I use when it finally connects?

I'm also going to attach screenshots of some of the ISP routers firewall settings
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12836
Location: Netherlands

PostPosted: Wed Aug 17, 2022 12:47    Post subject: Reply with quote
As your laptop is already behind the ISP router and on the same subnet as the Cisco your ISP router has nothing to do with that.

But the Cisco has a firewall which will stop incoming connections, enter the port forward this opens up the firewall for that port and direct traffic for that port further down your Cisco's network

As we speak I am doing this, my PC (192.168.0.59) is on my main subnet.

That subnet has a secondary router which has its WAN IP 192.168.0.5

The subnet of that secondary router is 192.168.5.0 and on that secondary routers subnet is an appliance with IP address 192.168.5.7

I wanted to SSH into my appliance (192.168.5.7) from my PC

So on the secondary router I set up a port forward see attachment

I use Putty to SSH to my router on port 2222 (because that is what I am using for the Port Forward) see attachment and the I am greeted by the login.

I just set this up in two minutes to see if I am overlooking something but apparently not so not sure what the problem on your side is, unfortunately I cannot do more Sad

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12836
Location: Netherlands

PostPosted: Wed Aug 17, 2022 15:39    Post subject: Reply with quote
No you need to be logged in
_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
fermenting
DD-WRT Novice


Joined: 14 Aug 2022
Posts: 9

PostPosted: Wed Aug 17, 2022 15:42    Post subject: Reply with quote
Okay. I will do one last check to see what is going on and align it with your photos. Thank you for taking the time to try and get this working with me. If I can get this working than the next step further down the line is opening up the server for specific users to access and lock everything else down. Guess I have my work cut out for me.
Goto page 1, 2  Next Display posts from previous:    Page 1 of 2
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum