Author Topic: Why can't I reach Zentyal via ssh from outside? [SOLVED] (Read 13902 times)

Lido · « **on:** April 08, 2011, 01:47:46 am »

I've been banging my head against the wall on this for a few days. I can connect to the Zentyal server from inside our network, but when I try from outside it times out without ever giving me a login prompt. I'm using a home router running Tomato and was able to use port forwarding to reach our FreeBSD machine, but for some reason I can't connect to Zentyal. I changed my ssh port to 358, but it doesn't work from outside even if I leave the default port open. Here are the details:

Core version 2.0.17
updated and upgraded as of 21:00 or so UTC.

in sshd_config:

Code: [Select]

# What ports, IPs and protocols we listen for
Port 358

in in /etc/hosts.allow (the second two ip addresses are substitutes for mine):

Code: [Select]

sshd: 192.168.1. 33.33.33.33 44.44.44.44
in Dashboard->Services->ssh:

Code: [Select]

TCP   	 any   	 358   	
TCP 	any 	22

(the 2nd line can't be deleted but presumably doesn't matter because sshd isn't listening on 22 anymore)

in Dashboard->Packet Filter->Internal networks to Zentyal:

Code: [Select]

ACCEPT 192.168.1.0/24 ssh Allow from inside network
in Dashboard->Packet Filter->External networks to Zentyal:

Code: [Select]

ACCEPT   	 33.33.33.33/32   	 ssh   	 Allow ssh from home
ACCEPT 	44.44.44.44/32 	ssh 	Allow ssh from school

What am I missing?

jquintao · « **Reply #1 on:** April 08, 2011, 02:49:20 am »

Hi,

If you run the command "sudo /etc/init.d/ebox firewall stop" you can connect the SSH?

Thanks,
Jorge Quintao

Lido · « **Reply #2 on:** April 08, 2011, 03:01:18 am »

Wow, that's interesting, thanks. Yes, after I stop the firewall, I can log in. Then when I start the firewall again, the problem is back. You see the packet filter edits I made above, anything else I should try?

I even tried in Packet Filter->External networks to Zentyal:

Code: [Select]

ACCEPT 33.33.33.33/32 any TCP testing
but that doesn't seem to help.

jquintao · « **Reply #3 on:** April 08, 2011, 03:16:13 pm »

Hi,

In Network/Interfaces did you marked the interface as a external interface?

Thanks,
Jorge Quintao

Lido · « **Reply #4 on:** April 09, 2011, 12:58:32 am »

No the "External" box is not checked. I didn't check it because (afaik) we're not using Zentyal as a gateway, we're using it as a web (and eventually, hopefully email server and more).

Code: [Select]

Check this if you are using Zentyal as a gateway and this interface is connected to your Internet router.
I tested what would happen if I check the "external" box and it does allow me to ssh in from outside, but the problem is that then the websites are no longer reachable from outside (they are currently reachable from inside or outside with "external" un-checked). Thanks.

exekias · « **Reply #5 on:** April 09, 2011, 03:59:37 pm »

Hi Lido,

If your interface is marked as "Internal" you will need to edit Internal networks to Zentyal firewall rules, not External ones.

Try it and tell us if that worked for you!

Lido · « **Reply #6 on:** April 12, 2011, 01:12:19 am »

Thanks, that did the trick.

Cookies usage

Author Topic: Why can't I reach Zentyal via ssh from outside? [SOLVED] (Read 13902 times)

Lido

Why can't I reach Zentyal via ssh from outside? [SOLVED]

jquintao

Re: Why can't I reach Zentyal via ssh from outside?

Lido

Re: Why can't I reach Zentyal via ssh from outside?

jquintao

Re: Why can't I reach Zentyal via ssh from outside?

Lido

Re: Why can't I reach Zentyal via ssh from outside?

exekias

Re: Why can't I reach Zentyal via ssh from outside?

Lido

Re: Why can't I reach Zentyal via ssh from outside?