I am trying to connect from an outside network via ssh with rsa keys to my Ubuntu server behind CH7465VF router.

I found the DS-Lite address of the router and I can ping6 its FQDN address without problem (IPv4 ping doesn't work).

Only few ports seem to be open from the outside, namely 21, 53, 80, 443, 8080.

In router management UI at 192.168.0.1 I disabled IPv6 Firewall and configured IPv6 port filtering as follows:

- Inbound

- Source IPv6 addresses = All

- Destination IPv6 address = my ubuntu server ipv6 address

- Protocol = TCP

- Source port = 8080

- Destination port = 22

- Allow

- Enabled

 

I chose 8080 as a test port to verify the ssh connectivity. I am trying several ssh options, the most relevant result to provide here is the following:

ssh -6 -p 8080  -vvv -i ~/.ssh/ubuntusrvrsa <user>@<routerDSLiteFQDN>

In the verbose log I can see that connection to router on port 8080 is established and not refused:

debug1: Connecting to <DSLiteFQDNaddress> port 8080.
debug1: Connection established.

then it throws 400 BadRequest

The request could not be understood by the server. Please verify the site you are attempting to access and retry.

 

I am trying different ssh options and getting different results, what I think is meaningful is that connections on port 8080 of the router are not refused.

 

Question is whether is possible to open different ports on the router from the outside and what configuration should be set up in the router configuration UI, which seems to be extremely basic and not many feature available.

I would recommend switching to an IPv4 address, there are often problems with IPv6 DS-lite in similar cases.

If you don't speak Czech, or don't have someone who can deal with this over the phone in Czech, you should write to Vodafone to request a change of IP address via the contact form:

https://tam.je/enforum

thx for your answer @tomus,not quite the one I was looking for though.

Why IPv6 shouldn't do the job?

What I am interested to explore is

- to have a non-standard protocol port open for inbound traffic, say 12345

- have port forwarding or virtual server enabled on the router. I am not sure that the section IP filtering is actually the right one to make ssh connections working from outside

With the current (limited in my opinion) set of features available in my router, is remote ssh connection possible to happen?

IPv6 should do the job, but why are you connecting to the router's address and not to the Ubuntu server's IPv6 address?

Port forwarding on ipv6 does not work..

There's no IPv6 NAT on the router, so there can't be any IPv6 forwarding by design. You need to open firewall, sometimes even disable it completely (the config options of the Compal router suck).

When connecting from the outside, connect to the IPv6 address of the Ubuntu server, that'll do the job.