[stunnel-users] My home ISP blocking ssh protocol

Christopher Schultz chris at christopherschultz.net
Thu Dec 12 20:42:49 CET 2019


Matt,

On 12/12/19 13:43, Matt Thomas wrote:
> Not sure if you have read the first post, or maybe i didnt add it, but i
> have tried port 22,5022,8022, 25565, 47506 and 443 haha. 

It wasn't clear if you were changing the port number of the sshd service
(on your server) or the port you had open on your firewall/router. I
suspect that your ISP is blocking incoming connections to port 22. The
port number you use for sshd on the server is not relevant.

-chris

> On Thu, Dec 12, 2019, 9:44 AM Christopher Schultz
> <chris at christopherschultz.net <mailto:chris at christopherschultz.net>> wrote:
> 
>     Matt,
> 
>     On 12/12/19 11:01, Matt Thomas wrote:
>     > Server is 192.168.0.10
>     > Router is 192.168.0.1
>     >
>     > It works fine internally:)
>     >
>     > I add a port forward in the router for port 22 pointed at .0.10.
>     Routers
>     > firewall all ready is configured to accept ssh on port 22 from any
>     any.
>     >
>     > When ever anyone attempts to connect to the server, a pop up shows
>     on my
>     > screen. When i try to have my friends or co-workers try from there
>     house
>     > or i try from public place, no pop up or hits on the server log. Just
>     > times out.
>     >
>     > But if i put minecraft on port 22, it works. So certain traffic is
>     > making it through. Even hamachi vpn works fine BUT i cant install that
>     > on public PC's haha
> 
>     I was about to say "this is clearly an issue with the port number, pick
>     something other than 22" but if you say you can run Minecraft over port
>     22, then that's ... strange.
> 
>     I wasn't aware that Minecraft servers could have their ports changed
>     like that. You can really set up your Minecraft server to listen on
>     localhost:22 and it doesn't use UPnP or anything like that to
>     reconfigure your firewall/router?
> 
>     My advice is to try configuring things like this:
> 
>     Router: 192.168.0.1
>     Forward WAN connections to port e.g. 1022 -> 192.168.0.10:1022
>     <http://192.168.0.10:1022>
> 
>     Server: 192.68.0.1
>     Accept stunnel connections on port 1022
>     accept=:1022
>     connect=localhost:22
> 
>     If that works, I might even try just changing the port number of your
>     ssh/sftp service from the "standard" port to something else and trying
>     again without stunnel in the mix.
> 
>     I've never encountered an ISP which does deep packet inspection to block
>     services. They usually just block ports.
> 
>     -chris
> 
>     > On Thu, Dec 12, 2019, 7:58 AM Christopher Schultz
>     > <chris at christopherschultz.net
>     <mailto:chris at christopherschultz.net>
>     <mailto:chris at christopherschultz.net
>     <mailto:chris at christopherschultz.net>>> wrote:
>     >
>     >     Matt,
>     >
>     >     On 12/11/19 17:53, Matt Thomas wrote:
>     >     > I need to know if Stunnel is going to accomplish what i need
>     to do. My
>     >     > home ISP blocks protocol HTTP and SSH from coming in so that
>     >     people cant
>     >     > run their own website from home without paying the ISP for a
>     >     "Business" line
>     >     >
>     >     > All i am trying to do is have a SFTP server that i can
>     access my dang
>     >     > files from while i am at school, work, friends house, library or
>     >     > wherever. I have tried ssh on multiple random ports and made
>     sure all
>     >     > firewall rules and port forward rules were correct in my home
>     >     router. I
>     >     > know they work because i even went as far as setting up a
>     minecraft
>     >     > server to just test the port forward rules out and sure
>     enough, my
>     >     > friend 200 miles away can connect just fine to my home minecraft
>     >     > server.. But he can not connect to the ssh server. No logs
>     are ever
>     >     > created on the server either because something is stoping
>     the packet
>     >     > from even hitting my router, that something is my ISP
>     >     >
>     >     > Would stunnel allow me to make ssh traffic look like regular
>     https
>     >     > traffic, thus allowing me to connect to my server at home so
>     i can
>     >     do my
>     >     > homework??
>     >
>     >     Those other servers probably use TLS or plaintext connections.
>     stunnel
>     >     uses TLS, but ssh/sftp use a slightly different protocol that may
>     >     possibly be distinguishable by a determined ISP.
>     >
>     >     I would think that using stunnel to tunnel SFTP/SSH would be
>     possible,
>     >     though not strictly necessary. I suspect some other problem is
>     >     preventing you from succeeding.
>     >
>     >     Can you be more specific about exactly what you did for
>     configuration?
>     >     Port numbers, specific things you did, etc? You don't have to
>     disclose
>     >     your public IP address, but perhaps give the local IPs of your
>     router
>     >     and home server, etc?
>     >
>     >     -chris
>     >
>     >     _______________________________________________
>     >     stunnel-users mailing list
>     >     stunnel-users at stunnel.org <mailto:stunnel-users at stunnel.org>
>     <mailto:stunnel-users at stunnel.org <mailto:stunnel-users at stunnel.org>>
>     >     https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
>     >
> 
>     _______________________________________________
>     stunnel-users mailing list
>     stunnel-users at stunnel.org <mailto:stunnel-users at stunnel.org>
>     https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 899 bytes
Desc: OpenPGP digital signature
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20191212/4c649193/attachment.sig>


More information about the stunnel-users mailing list