cancel
Showing results for 
Search instead for 
Did you mean: 

Plusnet Firewall blocking SSH connections to sites

shirehorse
Newbie
Posts: 3
Registered: 20-02-2015

Plusnet Firewall blocking SSH connections to sites

I am on Plusnet Fibre with static IP address.
Wierd issues with the Plusnet firewall its randomly blocking SSH connections (tried this with a friends plusnet connection to and the result is the same, it works on another friends BT connection so isnt the remote site).
Attempting to SSH (using Putty) to 160.153.52.47  Putty returns error "Server unexpectedly closed network connection".
I can ping the IP address, I can get to the website running on it, http://160.153.52.47/   , I can even connect to the FTP server running on it.
So I pulled out Wireshark...
I can see the TCP packet head off to port 22 on 160.153.52.47 and I get a response back from
1 2015-02-20 16:42:25.295882 192.168.0.188 160.153.52.47 TCP 56029→22 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=4 SACK_PERM=1
2 2015-02-20 16:42:25.471918 160.153.52.47 192.168.0.188 TCP 22→56029 [SYN, ACK] Seq=0 Ack=1 Win=14600 Len=0 MSS=1380 SACK_PERM=1 WS=512
3 2015-02-20 16:42:25.471999 192.168.0.188 160.153.52.47 TCP 56029→22 [ACK] Seq=1 Ack=1 Win=66240 Len=0
4 2015-02-20 16:42:30.662592 160.153.52.47 192.168.0.188 TCP 22→56029 [FIN, ACK] Seq=1 Ack=1 Win=14848 Len=0
5 2015-02-20 16:42:30.662639 192.168.0.188 160.153.52.47 TCP 56029→22 [ACK] Seq=1 Ack=2 Win=66240 Len=0
6 2015-02-20 16:42:30.662711 192.168.0.188 160.153.52.47 TCP 56029→22 [FIN, ACK] Seq=1 Ack=2 Win=66240 Len=0
7 2015-02-20 16:42:30.837308 160.153.52.47 192.168.0.188 TCP 22→56029 [ACK] Seq=2 Ack=2 Win=14848 Len=0
Now, I thought this might be my router firewall, so I carried out a wireshark between the router and the Openreach box (I can see the same conversation encapsulated in the PPPoE session, so am assuming its a plusnet firewall issue). I can SSH to other hosts no problem so its not a block on port 22. And I can ping it so there is a route to the host.


5 REPLIES
Community Veteran
Posts: 1,136
Thanks: 2
Registered: 30-07-2007

Re: Plusnet Firewall blocking SSH connections to sites

Just a thought, the remote host isn't running Fail2Ban or Denyhosts or similar and you've gone and accidentally blacklisted your IP address?
F9 member since 4 Sep 1999
F9 ADSL customer since 27 Aug 2004
DLM manages your line the same way DRM manages your rights.
Look at all the pretty graphs! (now with uptime logging!)
shirehorse
Newbie
Posts: 3
Registered: 20-02-2015

Re: Plusnet Firewall blocking SSH connections to sites

As far as I am aware its not running anything which would blacklist my IP, though I've never managed to connect to this IP - failed on first attempt.
I managed to teather my laptop to my mobile phone and login, just ran tcpdump on 160.153.52.47 and attempted to connect via plusnet, no trace of my plusnet static IP in the capture for SSH, can see the web requests I make on port 80. Its like the connection never reaches the server.
Moderator
Moderator
Posts: 18,697
Thanks: 1,951
Fixes: 247
Registered: 11-01-2008

Re: Plusnet Firewall blocking SSH connections to sites

i've had no issues using ssh to connect to any server and if I ssh to 160.153.52.47 then it connects ok - although don't have a password to access.

Customer / Moderator / If it helped click the thumb / If it fixed it click 'This fixed my problem'

shirehorse
Newbie
Posts: 3
Registered: 20-02-2015

Re: Plusnet Firewall blocking SSH connections to sites

Its an odd one, the connection is not making it to the end host (160.153.52.47), my guess is a firewall somewhere in between.
$ ssh -v username@160.153.52.47
OpenSSH_6.6.1p1, OpenSSL 1.0.1j-freebsd 15 Oct 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to 160.153.52.47 [160.153.52.47] port 22.
debug1: Connection established.
debug1: identity file /home/user/.ssh/id_rsa type -1
debug1: identity file /home/user/.ssh/id_rsa-cert type -1
debug1: identity file /home/user/.ssh/id_dsa type -1
debug1: identity file /home/user/.ssh/id_dsa-cert type -1
debug1: identity file /home/user/.ssh/id_ecdsa type -1
debug1: identity file /home/user/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/user/.ssh/id_ed25519 type -1
debug1: identity file /home/user/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1_hpn13v11 FreeBSD-20140420
ssh_exchange_identification: read: Connection reset by peer
$
Community Gaffer
Community Gaffer
Posts: 17,665
Thanks: 658
Fixes: 162
Registered: 05-04-2007

Re: Plusnet Firewall blocking SSH connections to sites

When did you turn off the Plusnet firewall and did you disconnect/reconnect after doing so?
If this post resolved your issue please click the 'This fixed my problem' button
 Chris Parr
 Plusnet Staff