<div dir="ltr">FYI, most 2Wire products have a feature of bridging to another router. Setting up OpenWRT or DD-WRT or some such and bridging it to the 2Wire will give you MUCH nicer firewalling options.<div><br></div><div>
I didn't see mention of which model of 2Wire router you have. That would make it much easier to help you out.</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Jul 31, 2013 at 3:53 PM, Claude Felizardo <span dir="ltr"><<a href="mailto:cafelizardo@gmail.com" target="_blank">cafelizardo@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Okay, it took me a while to figure out how to access my DSL modem at home remotely - I have an entry in my .ssh/config to forward port 9001 to the router, but I couldn't remembered the URL to use to get to the management and diagnostic console on my 2wire box (It was localhost:9001/mdc which was in my bookmarks of course!)<div>
<br></div><div>Anyway, I'm not seeing my port 22 attempts to log in so it's still blocked presumably by the modem. With my old netgear RT311 router I used to log everything but lost that ability when I "upgraded" to a 2wire DSL modem/router from my original Alcatel modem. </div>
<div><br></div><div>Hmm, looks like I'm seeing some syn/fin ddos attacks I'll have to investigate. But I see the ipprot=6 that was mentioned in the original post but I believe that means IP protocol 6 which is TCP, not to be confused with IPv6. ipprot=1 is used by ping and traceroute, ipprot=17 is UDP.</div>
<div><br></div><div>I was going to try and add port 22 for a short test but I don't remember how to edit the "applications"? I can see that I have defined custom services for my port knocking ports, weather station and others, how to create new ones but dont see an option to edit.</div>
<span class="HOEnZb"><font color="#888888">
<div><br></div><div>Claude</div></font></span><div class="HOEnZb"><div class="h5"><div><br></div><div><br></div><div><br><div class="gmail_quote">On Wed, Jul 31, 2013 at 12:59 PM, Claude Felizardo <span dir="ltr"><<a href="mailto:cafelizardo@gmail.com" target="_blank">cafelizardo@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Matt, it's not clear from your original email if you trying to ssh inbound to your house or outbound.<div>What has changed since you were last able to use ssh? Server at home? Different ISP or switched to Uverse from something else like DSL or cable?</div>
<div><br></div><div>I long ago decided to block port 22 and use a non standard port that will only work from specific hosts/domains using a combination of shorewall and /etc/hosts.allow. I also use port knocking if I want to connect from unexpected sites. Never got around to setting up automatic blacklists for DDoS attacks as I haven't had any problems (knock on wood).</div>
<span><font color="#888888">
<div><br></div><div>Claude</div></font></span><div><div><div><br></div><div><br><div class="gmail_quote">On Wed, Jul 31, 2013 at 12:40 PM, Scott Packard <span dir="ltr"><<a href="mailto:spackard@gmail.com" target="_blank">spackard@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div>Any chance AT&T blocks incoming port 22, but would allow it if you phoned and asked for it to be enabled?<br>
<br></div>Back when I used their DSL, they allowed, then without notice blocked, inbound port 25. Later, they said I could have phoned them and asked for it to be unblocked, but by then I'd had enough.<br>
<br></div>Regards, Scott<br></div><div><div><div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Jul 31, 2013 at 12:09 PM, Matthew Campbell <span dir="ltr"><<a href="mailto:dvdmatt@gmail.com" target="_blank">dvdmatt@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><p>Thanks Dan. Unfortunately AT&Ts new modems have had all useful features castrated. I spent hours looking, talking to techs and eventually to the manufacturer to verify that menu no longer exists.</p>
<p>Rae, thank you for the ideas, I'll give it a shot tonight. I am using SSH from an IPv4 only platform, but with current security paranoia I don't think I can verify that AT&T is not routing me over IPv6 on the way. I don't know of a way to hook up a laptop outside the firewall to test.</p>
<p>Does anyone know if uVerse is IPv6 only?</p>
<p>Matt<br>
</p>
<div class="gmail_quote">On Jul 29, 2013 7:10 PM, "Dan Buthusiem" <<a href="mailto:dan.buthusiem@gmail.com" target="_blank">dan.buthusiem@gmail.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">What are the model and firmware for your router? There used to be a hidden menu in the 2701 HG-B, but the firmware still ignored those settings, anyway. My experience with 2Wire is that they make their products with AT&T's desires in mind, which comes at the expense of anyone with any amount of technical know-how who may be stuck using their products. YMMV. That being said, I'll take a stab anyway. :)</div>
<div class="gmail_extra"><br><br><div class="gmail_quote">On Mon, Jul 29, 2013 at 5:36 PM, Rae Yip <span dir="ltr"><<a href="mailto:rae.yip@gmail.com" target="_blank">rae.yip@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<p dir="ltr">Double-check that your ssh client isn't attempting to use IPv6 or something. (Note the ipprot=6 in your logs)</p>
<p dir="ltr">Also, ssh -vv is often helpful.</p><span><font color="#888888">
<p dir="ltr">-Rae.</p></font></span><div><div>
<div class="gmail_quote">On Jul 29, 2013 4:48 PM, "Lakestake Rocketry" <<a href="mailto:lakestake@gmail.com" target="_blank">lakestake@gmail.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Good afternoon,<br><br>I am trying to get SSH through my firewall at home. I have set up a port redirect to senge, but I get a timeout when I connect to the port with ssh. The following messages appear in the firewall log. It looks like the first packet is being passed through, then following packets are being blocked... Any ideas? All Google gives me is a long list of people with similar problems.<br>
<br clear="all"><div>Matthew Campbell</div>
<br><br><div class="gmail_quote">---------- Forwarded message ----------<br><table><tbody><tr><td>INF</td>
<td>2013-07-26T20:15:42-07:00</td>
<td>fw</td>
<td>src=162.200.153.165 dst=172.28.1.2 ipprot=6 sport=40058 dport=22 Session Matches User Pinhole, Packet Passed</td>
</tr>
<tr>
<td>INF</td>
<td>2013-07-26T20:15:42-07:00</td>
<td>fw</td>
<td>src=162.200.153.165 dst=172.28.1.2 ipprot=6 sport=40058 dport=22 Drop traffic to <a href="http://172.16.0.0/12" target="_blank">172.16.0.0/12</a></td></tr></tbody></table><div><br></div>
</div><br>
</blockquote></div>
</div></div></blockquote></div><br></div>
</blockquote></div>
</blockquote></div><br></div>
</div></div></blockquote></div><br></div>
</div></div></blockquote></div><br></div>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br>Chris
</div>