Hey all,
I'm trying to setup an ssh tunnel to securely encapsulate afp and filemaker services, something I've done many times before with no hint of the problems seen here.
First I went for broke, setting up the actiontec dsl modem/router to forward to the sonicwall and then to the local machine running ssh. (side note, they're running dual nat so they can have an unprotected wireless network for clients yet no access to the wired/secured services.) IP-wise it looks like this:
[public IP] -> actiontec lan 10.0.0.1 -> sonicwall wan 10.0.0.2 -> sonicwall lan 192.168.0.1 -> afp/fmpro server 192.168.0.2.
I'm going to remove fmpro from the equation to make things simpler. Here is the command I'm using:
ssh -l admin -L 1025:192.168.0.2:548 theirhostname.dyndns.org
First attempt - logged in no problem, the ports show as open when I do a port scan on localhost. I get the normal connection dialog box that says:
Connecting to localhost:1025
Soon after another one comes up for about 10 seconds:
Looking up "localhost:1015."
(I also tried 127.0.0.1:1015)
After a couple minutes I get an alert:
"Connection failed
The server may not exist or it is not operational at this time. Check the server name or IP address and try again."
FYI I tested the connection using my verizon (wireless data/net access) card in my laptop so I would be truly outside their network. After double checking the basics, I started to isolate the sonicwall. Put my laptop between the actiontec and the sonicwall (at 10.0.0.5) and tried to connect, same thing. Then I setup another computer with afp services and ssh, redid sonicwall port mapping, same problem. I should mention I was successful in connecting to both servers while on their subnet, with no ssh tunnel.
Next I tried isolating the actiontec by putting just one machine behind it (at 10.0.0.2, temporarily replacing the sonicwall) - exact same symptom. No matter which network I'm on (behind either the sonicwall, the actiontec, or using verizon) I can connect to my home network using the exact same command only with my home ip info instead.
So at this point I'm really curious to find out where things went wrong. It's gotta be some numbskull thing, but today I can honestly say it got the better of me. As far as I can tell I've eliminated the actiontec, sonicwall, the command itself (source), and the destination machine from being problems.... which means it should be working!! Logically I can only think BOTH the actiontec and the sonicwall have issues with ssh tunnels, but that can't be right because ssh tunnels are so basic to setup on a routing level (tcp port 22, that's it).
Thoughts?
Thanks!