Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Author Topic: SSH problem accessing modem through my type of NAT  (Read 5586 times)

Weaver

  • Senior Kitizen
  • ******
  • Posts: 11459
  • Retd s/w dev; A&A; 4x7km ADSL2 lines; Firebrick
SSH problem accessing modem through my type of NAT
« on: November 25, 2018, 06:16:49 AM »

I set my Firebrick up to route traffic through between my main LAN and the admin interfaces of my four modems. This was accomplished using a kind of NAT, although ports are not altered, just source ip addresses when going to the modem. A NAT session tracking function then redirects the return traffic heading back from the modem, rewriting the return destination address to be the correct destination on the LAN. This is done because the modem sees a bogus, rewritten source address in incoming packets, one which is chosen to be within the modem’s own subnet, and the modem replies directing the response to this fake address. This return address needs to be within the modem’s subnet because the modem does not know how to talk to other addresses outside since it doesn’t know a default gateway and I haven’t been able to set one up. So things have to be arranged so that the modem replies to an address it can cope with. This incorrect return address then needs to be corrected back to the original sender, and luckily the Firebrick can do this intelligently with NAT-type session tracking.

As I mentioned before, ports are not altered. Apologies for this longwinded recap, summary.

My question: When I log in to the modem’s admin club via SSH using the iOS Prompt 2 app on an iPad, I get prompted for the password, I enter it, and then the SSH client just quits immediately, with no visible error message. This is presumably a bug in Prompt 2 because another SSH client app, Textastic, works fine. So is there some reason why NAT should trigger a bug like this?

I suppose I could get a packet capture of the whole affair.
« Last Edit: November 25, 2018, 06:25:40 AM by Weaver »
Logged

burakkucat

  • Respected
  • Senior Kitizen
  • *
  • Posts: 38300
  • Over the Rainbow Bridge
    • The ELRepo Project
Re: SSH problem accessing modem through my type of NAT
« Reply #1 on: November 25, 2018, 03:59:51 PM »

When I log in to the modem’s admin club via SSH using the iOS Prompt 2 app on an iPad, I get prompted for the password, I enter it, and then the SSH client just quits immediately, with no visible error message. This is presumably a bug in Prompt 2 because another SSH client app, Textastic, works fine. So is there some reason why NAT should trigger a bug like this?

To me, there are two unknowns -- the Firebrick and the iPad. Assuming that an attempt to use telnet in place of ssh is successful, then it would point towards the iPad rather than the Firebrick as the problem's source.

Quote
I suppose I could get a packet capture of the whole affair.

Yes. That would be one of my first steps in attempting to resolve the problem.
Logged
:cat:  100% Linux and, previously, Unix. Co-founder of the ELRepo Project.

Please consider making a donation to support the running of this site.

Weaver

  • Senior Kitizen
  • ******
  • Posts: 11459
  • Retd s/w dev; A&A; 4x7km ADSL2 lines; Firebrick
Re: SSH problem accessing modem through my type of NAT
« Reply #2 on: December 04, 2018, 06:43:15 AM »

I found out, I think what is going on. It seems to be a problem between the old SSH ‘Dropbear’ code in the modem and the iPad app that I used, which is ‘Prompt 2’. A different iPad app, Textastic, can successfully SSH-connect to the B10A. So it’s nothing to do with NAT, that was just a random theory.

I talked to the Prompt 2 app developer, and they came back to me, referencing a page concerning the B10A CLI on AA’s support wiki website. (Small world!) The developers had noticed that the page in question warns about B10A SSH compatibility problems caused by the use of a limited range of crypto algorithms offered, and mentions one ancient crypto algorithm in particular which is a problem.
Logged