Trying to SSH TUNNEL but need assistance...

[VtPoet]

So, if any of you are somewhat knowledgeable as far as setting up SSH, I'd love some help.

So, I have a little Cubox-i that I use as a server for SSH Tunneling (like a VPN). With my old router, I set it up and successfully used it.

Flash forward to a new router, which may not may not be the culprit. I can SSH to my server in my own network. However, I can't for the life of me connect remotely. I think the hang up is with port forwarding (I've temporarily turned off the router's firewall).

I've attempted to set up my local LAN ports and WAN ports (for forwarding) as 80 & 8000.

So, the router fields look like this:

LOCAL LAN PORTS - 80 to 80
LOCAL LAN IP ADDRESS (which is static) - 192e.168.1.103
PROTOCOL - TCP/UDP
WAN PORTS - 80 to 80
REMOTE IP ADDRESS - ALL IP ADDRESSES

I've also assigned 8000 for forwarding.
When I try to assign 8080 the router complains that "Port true is reserved by system and not available." Not sure what this means.

(The only option that's different on this router is to specify the remote IP address?)

So, from a remote terminal, I type: ssh debian@[etc..] -D 8000 (for example)

When I try this, I time out:

ssh: connect to host [etc...] port 22: Connection timed out

So, I'm at a complete and total standstill. After much Googling I don't know how to proceed from here?

[acerimusdux]

Well the -D option specifies the port on the local machine that will be forwarded. The network never sees that port, you don't need to open it. But you do need traffic to reach the server on port 22, that's the ssh port. If the server is behind a router, make sure that port is forwarded.

You don't need to open 80 unless you are running a web server. Outgoing traffic generally won't be blocked, it's the stuff coming in that is normally blocked by a home router. That incoming traffic (over the ssh tunnel) will be on port 22.

The port specified in -D is the one you want to use as the SOCKS proxy. If you are using Firefox, you can just set this in the browser, go to proxy settings, choose "manual", and then where it asks for the host, enter "localhost", and where it asks for the port, use the one specified by "-D".

It sounds like you just got confused which port to open (22 vs 80). But if your server is using another port instead of 22, you could specify that with the -p flag.

[Faust]

When I try to assign 8080 the router complains that "Port true is reserved by system and not available." Not sure what this means.

Yes , it looks like a port-forwarding issue .
I don't have a fix for your problem but I thought of a couple of points :-

You can use RealVNC to get remote access to devices on your network ( you need to sign up for a free account )
but I have some serious security concerns about that way of doing things .

Incidentally , RealVNC uses 8080 as the default port ( and it's the same for Kodi boxes ) ;
it is intended for hosting personal web servers etc. , which might explain the message you are seeing .

I'm equally unhappy with leaving port 22 as the default for ssh ..... I think it's just asking for trouble .
Sniffer bots are relentlessly crawling around the sprawl looking for open ports , and 22 is such an easy target !
( check-out Shodan )

I just picked a number above 1000 and less than 65535 , and made that the ssh port for all devices .

Other than that , I'd be thinking again about a port-forwarding problem in your new router ( since your old one did what was needed )

I've been trying for some time to find a good alternative to port-forwarding in the router ..... without any joy so far
Post back here if you find a solution

[VtPoet]

Thank you both for taking the time out to answer. Know it's not a Linux Mint issue so I doubly appreciate that.

And thank you for the tip on port 22 & 80. I *am* using SOCKS proxy with Foxy Proxy on Firefox & Chrome, hence the D switch. Picked this all up from Nixie Pixie https://www.youtube.com/watch?v=5mCNO_aL4BA. I finally narrowed down what was wrong after exhausting every other option. The reason I had a new router was because I have a new ISP --- fibre optic(!). Woo hoo!

So, going back to the old router wasn't really an option. As it turns out, the "problem" and solution was with the ISP. Unbeknownst to me, they had pooled my router along with others (about a hundred of them) behind their own router's NAT. Once I called them up to get help with my router, they identified the problem and assigned my router its own IP address. Suddenly Port Forwarding worked.

So, sometimes the problem really isn't between the keyboard and the seat of the chair.

[Faust]

Good that you got your problem sorted , and thank you for posting back here ,
it all adds to the " knowledge base " and it aids continuity .

....... The reason I had a new router was because I have a new ISP ......

It makes me mad when ISPs make major decisions that affect their customers , then don't bother to tell them !
A recent example I came across :-
ISP " providing " customers with some sort of " Net Nanny " service then adding a few bucks to the monthly bill ( without asking )
and all of it on an opt-out basis ..... Incredible !

As usual , I won't name-and-shame ( it's beneath dignity )