[SGVLUG] ATT's 2wire products are braindead

Wed Jul 31 12:59:18 PDT 2013

Matt, it's not clear from your original email if you trying to ssh inbound
to your house or outbound.
What has changed since you were last able to use ssh?  Server at home?
 Different ISP or switched to Uverse from something else like DSL or cable?

I long ago decided to block port 22 and use a non standard port that will
only work from specific hosts/domains using a combination of shorewall and
/etc/hosts.allow.  I also use port knocking if I want to connect from
unexpected sites.  Never got around to setting up automatic blacklists for
DDoS attacks as I haven't had any problems (knock on wood).

Claude

On Wed, Jul 31, 2013 at 12:40 PM, Scott Packard <spackard at gmail.com> wrote:

> Any chance AT&T blocks incoming port 22, but would allow it if you phoned
> and asked for it to be enabled?
>
> Back when I used their DSL, they allowed, then without notice blocked,
> inbound port 25.  Later, they said I could have phoned them and asked for
> it to be unblocked, but by then I'd had enough.
>
> Regards, Scott
>
>
> On Wed, Jul 31, 2013 at 12:09 PM, Matthew Campbell <dvdmatt at gmail.com>wrote:
>
>> Thanks Dan.  Unfortunately AT&Ts new modems have had all useful features
>> castrated.  I spent hours looking, talking to techs and eventually to the
>> manufacturer to verify that menu no longer exists.
>>
>> Rae, thank you for the ideas, I'll give it a shot tonight.  I am using
>> SSH from an IPv4 only platform, but with current security paranoia I don't
>> think I can verify that AT&T is not routing me over IPv6 on the way.  I
>> don't know of a way to hook up a laptop outside the firewall to test.
>>
>> Does anyone know if uVerse is IPv6 only?
>>
>> Matt
>>  On Jul 29, 2013 7:10 PM, "Dan Buthusiem" <dan.buthusiem at gmail.com>
>> wrote:
>>
>>> What are the model and firmware for your router? There used to be a
>>> hidden menu in the 2701 HG-B, but the firmware still ignored those
>>> settings, anyway. My experience with 2Wire is that they make their products
>>> with AT&T's desires in mind, which comes at the expense of anyone with any
>>> amount of technical know-how who may be stuck using their products. YMMV.
>>> That being said, I'll take a stab anyway. :)
>>>
>>>
>>> On Mon, Jul 29, 2013 at 5:36 PM, Rae Yip <rae.yip at gmail.com> wrote:
>>>
>>>> Double-check that your ssh client isn't attempting to use IPv6 or
>>>> something. (Note the ipprot=6 in your logs)
>>>>
>>>> Also, ssh -vv is often helpful.
>>>>
>>>> -Rae.
>>>> On Jul 29, 2013 4:48 PM, "Lakestake Rocketry" <lakestake at gmail.com>
>>>> wrote:
>>>>
>>>>> Good afternoon,
>>>>>
>>>>> I am trying to get SSH through my firewall at home.  I have set up a
>>>>> port redirect to senge, but I get a timeout when I connect to the port with
>>>>> ssh.  The following messages appear in the firewall log.  It looks like the
>>>>> first packet is being passed through, then following packets are being
>>>>> blocked...  Any ideas?  All Google gives me is a long list of people with
>>>>> similar problems.
>>>>>
>>>>> Matthew Campbell
>>>>>
>>>>>
>>>>> ---------- Forwarded message ----------
>>>>> INF 2013-07-26T20:15:42-07:00 fw src=162.200.153.165 dst=172.28.1.2
>>>>> ipprot=6 sport=40058 dport=22 Session Matches User Pinhole, Packet Passed
>>>>> INF 2013-07-26T20:15:42-07:00 fw src=162.200.153.165 dst=172.28.1.2
>>>>> ipprot=6 sport=40058 dport=22 Drop traffic to 172.16.0.0/12
>>>>>
>>>>>
>>>>>
>>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://sgvlug.net/pipermail/sgvlug/attachments/20130731/09a18736/attachment.html>