Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Author Topic: SSH problem accessing modem through my type of NAT  (Read 2740 times)

Weaver

  • Addicted Kitizen
  • *****
  • Posts: 7262
  • Retd sw dev; A&A; 4 ◊ 7km ADSL2; IPv6; Firebrick
SSH problem accessing modem through my type of NAT
« on: November 25, 2018, 06:16:49 AM »

I set my Firebrick up to route traffic through between my main LAN and the admin interfaces of my four modems. This was accomplished using a kind of NAT, although ports are not altered, just source ip addresses when going to the modem. A NAT session tracking function then redirects the return traffic heading back from the modem, rewriting the return destination address to be the correct destination on the LAN. This is done because the modem sees a bogus, rewritten source address in incoming packets, one which is chosen to be within the modemís own subnet, and the modem replies directing the response to this fake address. This return address needs to be within the modemís subnet because the modem does not know how to talk to other addresses outside since it doesnít know a default gateway and I havenít been able to set one up. So things have to be arranged so that the modem replies to an address it can cope with. This incorrect return address then needs to be corrected back to the original sender, and luckily the Firebrick can do this intelligently with NAT-type session tracking.

As I mentioned before, ports are not altered. Apologies for this longwinded recap, summary.

My question: When I log in to the modemís admin club via SSH using the iOS Prompt 2 app on an iPad, I get prompted for the password, I enter it, and then the SSH client just quits immediately, with no visible error message. This is presumably a bug in Prompt 2 because another SSH client app, Textastic, works fine. So is there some reason why NAT should trigger a bug like this?

I suppose I could get a packet capture of the whole affair.
« Last Edit: November 25, 2018, 06:25:40 AM by Weaver »
Logged

burakkucat

  • Global Moderator
  • Senior Kitizen
  • *
  • Posts: 26396
  • Over the Rainbow Bridge
    • The ELRepo Project
Re: SSH problem accessing modem through my type of NAT
« Reply #1 on: November 25, 2018, 03:59:51 PM »

When I log in to the modemís admin club via SSH using the iOS Prompt 2 app on an iPad, I get prompted for the password, I enter it, and then the SSH client just quits immediately, with no visible error message. This is presumably a bug in Prompt 2 because another SSH client app, Textastic, works fine. So is there some reason why NAT should trigger a bug like this?

To me, there are two unknowns -- the Firebrick and the iPad. Assuming that an attempt to use telnet in place of ssh is successful, then it would point towards the iPad rather than the Firebrick as the problem's source.

Quote
I suppose I could get a packet capture of the whole affair.

Yes. That would be one of my first steps in attempting to resolve the problem.
Logged
:cat:  100% Linux and, previously, Unix. Co-founder of the ELRepo Project.

Please consider making a donation to support the running of this site.

Weaver

  • Addicted Kitizen
  • *****
  • Posts: 7262
  • Retd sw dev; A&A; 4 ◊ 7km ADSL2; IPv6; Firebrick
Re: SSH problem accessing modem through my type of NAT
« Reply #2 on: December 04, 2018, 06:43:15 AM »

I found out, I think what is going on. It seems to be a problem between the old SSH ĎDropbearí code in the modem and the iPad app that I used, which is ĎPrompt 2í. A different iPad app, Textastic, can successfully SSH-connect to the B10A. So itís nothing to do with NAT, that was just a random theory.

I talked to the Prompt 2 app developer, and they came back to me, referencing a page concerning the B10A CLI on AAís support wiki website. (Small world!) The developers had noticed that the page in question warns about B10A SSH compatibility problems caused by the use of a limited range of crypto algorithms offered, and mentions one ancient crypto algorithm in particular which is a problem.
Logged
 

anything