Why is port forwarding in Mikrotik RouterOS stuck at SYN_RECV?

I’d like to set up port forwarding of tcp port 8000 -> 192.168.1.16:4200 on my Mikrotik RouterOS.

I’ve done the following:

/ip firewall nat add dstnat chain=dstnat action=dst-nat to-addresses=192.168.1.16 to-ports=4200 protocol=tcp dst-address=<PUBLIC_IP> dst-port=8000

When I try to use the service from the Internet then the following command just hangs:

curl <PUBLIC_IP>:8000

I can see the counters moving on the Mikrotik’s NAT rule (via WebBox).

On the target machine, I can see the following in netstat -an | grep 4200:

tcp        0      0 0.0.0.0:4200            0.0.0.0:*               LISTEN
tcp        0      0 192.168.1.16:4200       <REMOTE_HOST>:37720     SYN_RECV

I verified that I am able to connect to the machine locally via curl 192.168.1.16:4200.

I can’t figure out what can be wrong 🙁

Go to Source
Author: adamsfamily

ssh connection “client_loop: send disconnect: Broken pipe” or “Connection reset by port 22”

I have been using ssh to access remote servers for many months, but recently I haven’t been able to establish a reliable connection. Sometimes I cannot login and get the message “Connection reset by port 22”, when I can login I get the error message “client_loop: send disconnect: Broken pipe” in a few minutes (even if the terminal is not idle).

My ~/.ssh/config file has:

Host *  

     ServerAliveInterval 300
     ServerAliveCountMax 2
     TCPKeepAlive yes

My /etc/ssh/sshd_config file has:

#ClientAliveInterval 300
#ClientAliveCountMax 3

I recently upgraded by xfinity plan to a faster speed and the problem started happening then. But xfinity insists the issue is on my end. Note that my roommate also has the same issue with ssh…

Is there something that I’m missing on my end? Any help would be greatly appreciated!
(I’m running on a Mac)

Go to Source
Author: Ashka Shah

Why can’t expose my local port publicly with ssh remote forwording via vps?

I build a simple web on local pc,want to expose my local port with ssh remote forwording via my vps.
Setting in my vps.

vim /etc/ssh/sshd_config
GatewayPorts yes
X11Forwarding yes
X11DisplayOffset 10
X11UseLocalhost yes

systemctl restart sshd

Open port 8001 on my vps.

firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --reload

Build a ssh remote port forwording on my local pc.

ssh -fNR  0.0.0.0:8001:localhost:80  root@vps_ip

Check port 8001 on my vps.

netstat -plant  | grep  8001
tcp        0      0 127.0.0.1:8001          0.0.0.0:*               LISTEN      797/sshd: root      
tcp6       0      0 ::1:8001                :::*                    LISTEN      797/sshd: root  

It is ready to listen on 8001.
To ping the vps_ip from other pc(not the previous local pc),shows that connection between pc is in good status.
Input http://vps_ip:8001 in other pc.

The connection was reset

The connection to the server was reset while the page was loading.

    The site could be temporarily unavailable or too busy. Try again in a few moments.
    If you are unable to load any pages, check your computer’s network connection.
    If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web.

Why can’t expose my local port publicly with ssh remote forwording via vps?

Go to Source
Author: it_is_a_literature

Circumventing Local Subnet Control Restrictions with Iptables

I have three wireless speakers that, for security reasons, only permit local subnet control. My network is setup such that the wired and wireless devices are on separate subnets, so right now the speakers cannot be used from the wired clients. I can setup a Ubuntu 18.04 virtual machine with interfaces in both subnets, but am not familiar enough with iptables to configure the forwarding correctly.

The speakers have IP addresses 192.168.100.200, 192.168.100.201, and 192.168.100.202. The wired clients exist in the 192.168.50.0/24 subnet. Each speaker needs to have two ports (8000, 9000) reflected. My reflection virtual machine has interfaces in both subnets, 192.168.100.250 and 192.168.50.250. What is the correct iptables setup to do the following:

192.168.50.250:8000 -> 192.168.100.200:8000 via 192.168.100.250
192.168.50.250:8001 -> 192.168.100.201:8000 via 192.168.100.250
192.168.50.250:8002 -> 192.168.100.202:8000 via 192.168.100.250
192.168.50.250:9000 -> 192.168.100.200:9000 via 192.168.100.250
192.168.50.250:9001 -> 192.168.100.201:9000 via 192.168.100.250
192.168.50.250:9002 -> 192.168.100.202:9000 via 192.168.100.250

Does this setup make sense? Short of changing out the speakers for ones that are more compatible with my network setup, is there an easier way to do this that I did not think of?

Thanks!

Go to Source
Author: user986713