SSH through NAT

6 posts / 0 new
Last post
itefix
Offline
Last seen: 1 week 6 days ago
Joined: 01.05.2008 - 21:33
SSH through NAT

Do I need to change something to make it work ?
On client (VPN to server):

SET SECHAW_IDENTITY="C:\Programmer\cwRsync\.ssh\cwrsync"
SET SECHAW_TYPE=SSH
SET SECHAW_LOCALPORT=9119
SET SECHAW_SERVER=192.168.0.11
SET SECHAW_SERVERPORT=873
SET SECHAW_USER=SvcwRsync
SET SECHAW_CMD="C:\Programmer\cwRsync\bin\rsync.exe" -avr /cygdrive/e/1 rsync://SvcwRsync@localhost:9119/test --stats --compress --progress --partial
"C:\Programmer\cwRsync\bin\sechaw.exe" --verbose

But when I change SET SECHAW_SERVER= to my public IP (And NAT port 22 to server) i get this error:

Establishing secure channel ...
channel 1: open failed: connect failed: Connection refused
rsync: read error: Connection reset by peer (104)
rsync error: error in rsync protocol data stream (code 12) at io.c(584)
Terminating secure channel ...

itefix
Offline
Last seen: 1 week 6 days ago
Joined: 01.05.2008 - 21:33
Re: SSH through NAT

As long as port 22 on your fw/router is forwarded to your cwRsync server behind fw/router, It should work.

Try to increase rsync logging level (-vvv).

itefix
Offline
Last seen: 1 week 6 days ago
Joined: 01.05.2008 - 21:33
Re: SSH through NAT

Then I get this:
Establishing secure channel ...
opening tcp connection to localhost port 9119
channel 1: open failed: connect failed: Connection refused
rsync: read error: Connection reset by peer (104)
_exit_cleanup(code=12, file=io.c, line=584): entered
rsync error: error in rsync protocol data stream (code 12) at io.c(584)
_exit_cleanup(code=12, file=io.c, line=584): about to call exit(12)
Terminating secure channel ...

itefix
Offline
Last seen: 1 week 6 days ago
Joined: 01.05.2008 - 21:33
Re: SSH through NAT

Message channel 1: open failed: connect failed: Connection refused indicates that the problem arises during secure channel setup (ssh). The current sechaw version does not have -verbose logging- capability yet. I will introduce it with the next version. In the meantime, we can try a manual method:

- Sechaw gives info about sec tunnel command used: '.. ssh ...'. Run this command manually after having made two modifications:
a) remove option -N, b) add option -vv

That will open a secure channel with verbose logging.

- Open a separate window and run rsync command specified as SECHAW_CMD

This scenario will give you detailed information about how ssh secure channel is set up. Maybe, it is then easier to locate the problem.

Rgrds Tev

itefix
Offline
Last seen: 1 week 6 days ago
Joined: 01.05.2008 - 21:33
Re: SSH through NAT

After some testing, it seems that sechaw v1.0 doesn't support NAT. The following ssh command must be used to open a channel manually:

ssh -i private-key -L 9119:internal-ip:873 SvcwRsync@external-ip -T -N

Next sechaw version will support NAT.

itefix
Offline
Last seen: 1 week 6 days ago
Joined: 01.05.2008 - 21:33
Re: SSH through NAT

cwRsync 2.0.1 contains Secure Channel Wizard 1.1 that supports NAT-environments.

Topic locked

Release announcements