can't access server on specific port behind router from my WAN IP - Page 2

xpace · ‎08-11-2022

Hi guys,

this is a strange issue and even ISP can't fix it because they don't know what to fix and blame it on my router.

Router 1941, working with no issues except one but I don't think this is a router issue.

My WAN IP is 103.35.xx.xx and I can access directly the router on remote site via Telnet and also can access wireless access point behind router on port 8443 and cctv on port 8585. Remote site's WAN IP is 14.200.xx.xx

I have set server behind router to accept SSH connections on port 6999, 22, 6185

The port 6999 is default and the others I have added for testing purposes.

Now the issue: I can access the server over SSH from any WAN IP except mine 103.35.xx.xx

When I connect via VPN or from any other server that I maintain that is on remote site, I have no issue connecting whatsoever.

Traceroute on port 6999 from my WAN IP ends at the ISPs gateway, where Traceroute on port 23 ends at the router.

Can anyone explain what is going on?

Router is not blocking any WAN IPs

Thank you

xpace · ‎08-12-2022

Hi Paul,

thank you for your reply.

Yes I know it's messy and it's only because I had troubles allowing certain UDP ports and other things previously and since it started to work I didn't remove anything I didn't need. There are also some unneeded static translations but I left them there again until it's all sorted. That any any ace ACL entry is there again for testing purposes until everything is working as it should, it previously was "deny ip any any log-input" and it's been there since day one, but again I need to sort out this single issue I have before clearing it up and also I have to be careful what I am going to remove because this router is far away from me and I have no immediate local access to it except telnet.

The route-map can't be removed due to udp range I need allowed and the OUTSIDE ACL I'm not sure about.

All I can say even if it's messy at the moment IT REALLY WORKS 100% for what I need except that SSH access from my WAN IP to the server. So if it works from other WAN IPs 100% I don't want to touch anything that has nothing to do with my WAN IP.

Thank you

MHM Cisco World · ‎08-12-2022

https://bbs.archlinux.org/viewtopic.php?id=91917

"""My ISP blocks port 22 for them selves so i needed to take another port wich i have done and it all works fine now."""

and as I mention above use any other port and do PAT in router.

xpace · ‎08-12-2022

As I have mentioned in my original post:

"I have set server behind router to accept SSH connections on port 6999, 22, 6185"

and actually on another port 8022

my default port is 6999 and after I find what the problem is, all other ports for SSH will be disabled.

and no, ISP doesn't block the ports because, again, I can access the server from different WAN IP.