[stunnel-users] My home ISP blocking ssh protocol

Christopher Schultz chris at christopherschultz.net
Thu Dec 12 17:43:25 CET 2019


Matt,

On 12/12/19 11:01, Matt Thomas wrote:
> Server is 192.168.0.10
> Router is 192.168.0.1
> 
> It works fine internally:) 
> 
> I add a port forward in the router for port 22 pointed at .0.10. Routers
> firewall all ready is configured to accept ssh on port 22 from any any. 
> 
> When ever anyone attempts to connect to the server, a pop up shows on my
> screen. When i try to have my friends or co-workers try from there house
> or i try from public place, no pop up or hits on the server log. Just
> times out. 
> 
> But if i put minecraft on port 22, it works. So certain traffic is
> making it through. Even hamachi vpn works fine BUT i cant install that
> on public PC's haha

I was about to say "this is clearly an issue with the port number, pick
something other than 22" but if you say you can run Minecraft over port
22, then that's ... strange.

I wasn't aware that Minecraft servers could have their ports changed
like that. You can really set up your Minecraft server to listen on
localhost:22 and it doesn't use UPnP or anything like that to
reconfigure your firewall/router?

My advice is to try configuring things like this:

Router: 192.168.0.1
Forward WAN connections to port e.g. 1022 -> 192.168.0.10:1022

Server: 192.68.0.1
Accept stunnel connections on port 1022
accept=:1022
connect=localhost:22

If that works, I might even try just changing the port number of your
ssh/sftp service from the "standard" port to something else and trying
again without stunnel in the mix.

I've never encountered an ISP which does deep packet inspection to block
services. They usually just block ports.

-chris

> On Thu, Dec 12, 2019, 7:58 AM Christopher Schultz
> <chris at christopherschultz.net <mailto:chris at christopherschultz.net>> wrote:
> 
>     Matt,
> 
>     On 12/11/19 17:53, Matt Thomas wrote:
>     > I need to know if Stunnel is going to accomplish what i need to do. My
>     > home ISP blocks protocol HTTP and SSH from coming in so that
>     people cant
>     > run their own website from home without paying the ISP for a
>     "Business" line
>     >
>     > All i am trying to do is have a SFTP server that i can access my dang
>     > files from while i am at school, work, friends house, library or
>     > wherever. I have tried ssh on multiple random ports and made sure all
>     > firewall rules and port forward rules were correct in my home
>     router. I
>     > know they work because i even went as far as setting up a minecraft
>     > server to just test the port forward rules out and sure enough, my
>     > friend 200 miles away can connect just fine to my home minecraft
>     > server.. But he can not connect to the ssh server. No logs are ever
>     > created on the server either because something is stoping the packet
>     > from even hitting my router, that something is my ISP
>     >
>     > Would stunnel allow me to make ssh traffic look like regular https
>     > traffic, thus allowing me to connect to my server at home so i can
>     do my
>     > homework??
> 
>     Those other servers probably use TLS or plaintext connections. stunnel
>     uses TLS, but ssh/sftp use a slightly different protocol that may
>     possibly be distinguishable by a determined ISP.
> 
>     I would think that using stunnel to tunnel SFTP/SSH would be possible,
>     though not strictly necessary. I suspect some other problem is
>     preventing you from succeeding.
> 
>     Can you be more specific about exactly what you did for configuration?
>     Port numbers, specific things you did, etc? You don't have to disclose
>     your public IP address, but perhaps give the local IPs of your router
>     and home server, etc?
> 
>     -chris
> 
>     _______________________________________________
>     stunnel-users mailing list
>     stunnel-users at stunnel.org <mailto:stunnel-users at stunnel.org>
>     https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 899 bytes
Desc: OpenPGP digital signature
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20191212/57017387/attachment.sig>


More information about the stunnel-users mailing list