About SSH Connections from External Networks

Asked 3 months ago, Updated 3 months ago, 11 views

I want to access raspberrypi via SSH from the WAN side, but I cannot.

The SSH connection from the LAN side was successful.
The raspberrypi OS is not raspian but OpenWrt.
The SSH client is using term.
The private IP address on the rasberrypi side is static.

The router is using Buffalo WHR-300 and registered port translation registration information in buffalo airstation settings with the Internet IP address = Internet IP address of the air station, LAN IP address = openwrt private IP address, and protocol LAN port set to SSH (22).

Also, on the raspberrypi side, openwrt has a file named /etc/config/network

config rule
        option name 'SSH'
        option src 'wan'
        option proto'tcp'
        option dest_port '22'
        option target 'ACCEPT'

I also added the description

After configuring the above settings, use teraterm from a PC designed with a smartphone to connect from the outside. External PC (desering) → Router (Internet side IP address) → raspberrypi
I try to connect in , but it says timeout.
Then, instead of trying it from the outside,
PC in LAN → Router (Internet IP address) → rasberrypi
If you try to connect with , you get connection refused.

I don't know why I can't connect from outside, so please let me know.

Is this related to the difference between the IP address of the Internet side that can be found on the router's buffalo airstation settings page and the global IP address that can be found on the https://www.cman.jp/network/support/go_access.cgi site?(Both IP addresses failed to connect

raspberry-pi ssh

2022-09-30 11:11

1 Answers

Many wireless LAN routers, including the Buffalo WHR-300, have a feature called NAT.This translates packets from multiple machine IP addresses on the wireless LAN side as if they originated from the WAN side IP address of the wireless LAN router, and translates packets entering the WAN side as if they were destined for the wireless LAN IP address according to the table you created.Direct translation is "network address translation", which translates (translates) addresses on the wireless LAN side and addresses on the WAN side.)

NAT works only when it starts communicating from the wireless LAN side, and acts like a firewall when it starts communicating from the WAN side.Therefore, the WAN cannot send packets from the wireless LAN.

This is why the questioner is unable to connect.

The IP address of the machine connected by the wireless LAN is not visible from the WAN side of the router, so there is no way to resolve the problem with the current network configuration.

However, if only one machine is connected to the wireless LAN side and its IP address is fixed, you can access the wireless LAN side machine by opening the port (port forwarding).


2022-09-30 11:11

If you have any answers or tips


© 2023 OneMinuteCode. All rights reserved.