Zentyal Forum, Linux Small Business Server

Zentyal Server => Installation and Upgrades => Topic started by: Lido on April 08, 2011, 01:47:46 am

Title: Why can't I reach Zentyal via ssh from outside? [SOLVED]
Post by: Lido on April 08, 2011, 01:47:46 am

I've been banging my head against the wall on this for a few days. I can connect to the Zentyal server from inside our network, but when I try from outside it times out without ever giving me a login prompt. I'm using a home router running Tomato and was able to use port forwarding to reach our FreeBSD machine, but for some reason I can't connect to Zentyal. I changed my ssh port to 358, but it doesn't work from outside even if I leave the default port open. Here are the details:

Core version     2.0.17
updated and upgraded as of 21:00 or so UTC.

in sshd_config:

Code: [Select]

# What ports, IPs and protocols we listen for
Port 358
in in /etc/hosts.allow (the second two ip addresses are substitutes for mine):

Code: [Select]

sshd: 192.168.1. 33.33.33.33 44.44.44.44
in Dashboard->Services->ssh:

Code: [Select]

TCP   any   358  
TCP any 22(the 2nd line can't be deleted but presumably doesn't matter because sshd isn't listening on 22 anymore)

in Dashboard->Packet Filter->Internal networks to Zentyal:

Code: [Select]

ACCEPT   192.168.1.0/24   ssh   Allow from inside network
in Dashboard->Packet Filter->External networks to Zentyal:

Code: [Select]

ACCEPT   33.33.33.33/32   ssh   Allow ssh from home
ACCEPT 44.44.44.44/32 ssh Allow ssh from school
What am I missing?

Title: Re: Why can't I reach Zentyal via ssh from outside?
Post by: jquintao on April 08, 2011, 02:49:20 am

Hi,

If you run the command "sudo /etc/init.d/ebox firewall stop" you can connect the SSH?

Thanks,
Jorge Quintao

Title: Re: Why can't I reach Zentyal via ssh from outside?
Post by: Lido on April 08, 2011, 03:01:18 am

Wow, that's interesting, thanks. Yes, after I stop the firewall, I can log in. Then when I start the firewall again, the problem is back. You see the packet filter edits I made above, anything else I should try?

I even tried in Packet Filter->External networks to Zentyal:

Code: [Select]

ACCEPT   33.33.33.33/32   any TCP   testing
but that doesn't seem to help.

Title: Re: Why can't I reach Zentyal via ssh from outside?
Post by: jquintao on April 08, 2011, 03:16:13 pm

Hi,

In Network/Interfaces did you marked the interface as a external interface?

Thanks,
Jorge Quintao

Title: Re: Why can't I reach Zentyal via ssh from outside?
Post by: Lido on April 09, 2011, 12:58:32 am

No the "External" box is not checked. I didn't check it because (afaik) we're not using Zentyal as a gateway, we're using it as a web (and eventually, hopefully email server and more).

Code: [Select]

Check this if you are using Zentyal as a gateway and this interface is connected to your Internet router.
I tested what would happen if I check the "external" box and it does allow me to ssh in from outside, but the problem is that then the websites are no longer reachable from outside (they are currently reachable from inside or outside with "external" un-checked). Thanks.

Title: Re: Why can't I reach Zentyal via ssh from outside?
Post by: exekias on April 09, 2011, 03:59:37 pm

Hi Lido,

If your interface is marked as "Internal" you will need to edit Internal networks to Zentyal firewall rules, not External ones.

Try it and tell us if that worked for you!

Title: Re: Why can't I reach Zentyal via ssh from outside?
Post by: Lido on April 12, 2011, 01:12:19 am

Thanks, that did the trick.