I'm trying to get connections working from the outside world into my
SoHo LAN via my *second* ADSL. I'll try and explain the set-up.
The SoHo LAN all sits on a 192.168.1.x/32 subnet connected to a
Draytek Vigor 2820n ADSL router which connects to the internet via a
standard ADSL connection with UKFSN. That all works fine and I have
set up 'pinholes' through the firewall to allow incoming ssh, SMTP and
HTTP connections. Thus I seem to know how to set up the firewall on
the 2820n.
The 2820n has a second WAN port which is an ethernet port, I have that
connected to a BT Business Hub (2Wire 2700HGV) ADSL router which
connects to the internet via a second phone line. The 2820n is set up
to share the two connections and that works OK too. I.e. outgoing
connections go via whichever of the two WANs is less busy. There are
some things which are configured to use only one or the other WAN
(e.g. SMTP, HTTPS).
What I am trying to do (and failing miserably at) is to get incoming
connections for a couple of protocols working through the 2Wire
router. I really want to get SMTP working but I am also trying to get
ssh working as that is (possibly) easier to diagnose.
So, I have the 2Wire router set up so that it tells me the following
'pinholes' are set up in its firewall:-
Device Allowed Applications Application Type Protocol Port Number(s) Public IP
192.168.13.65 SMTP Server - TCP 25 81.158.147.90
SSH Server - TCP 22 81.158.147.90
Device 192.168.13.65 is the WAN port on the 2820 router so that ssh
and SMTP connections from the outside should get routed to the 2820n.
I then have the 2820n set up (firewall and port forwarding) so that
ssh and SMTP connections from WAN2 (the 2Wire WAN connection) get passed
to my 'server' machine which is 192.168.1.2.
It all *seems* to be correct, when I try and ssh from outside to
81.158.147.90 then the 2820n shows a NAT route to 192.168.1.2. If
I 'telnet 81.158.147.90 22' from the outside I actually get an SSH
'hello' from 192.168.1.2, exactly the same as the one I get if I
'telnet 192.168.1.2 22' from inside my LAN.
*BUT* ssh from outside doesn't work, no response at all, it just times
out. ssh from inside works fine. I've tried winding up debug to maximum
on ssh but it hasn't told me anything. I've stared intently at the port
forwarding, NAT and firewall set-up on the 2820n and it all seems correct.
Oh, and I can 'ping 81.158.147.90' OK from the outside.
I'm stumped, any ideas for how to diagnose this?
--
Chris Green