Help with port forwarding to Hyper-V VM

[swill453]

I wonder if anyone can help me with a port forwarding issue?

I've had an old Raspberry Pi on my network for a long time. I set my Virgin cable broadband router (Hub 3.0) to forward port 22 to port 22 on the Pi (192.168.0.253). I have a Dynamic DNS hostname pointed to my external IP address, and from both outside and inside my network I can 'ssh user@hostname.ddns.net' and it works fine.

I'm now playing about with Hyper-V on my Windows 10 Pro system. I've created a VM running Ubuntu 20.04.1 LTS. I've added an external network switch to it, given it a static MAC address and told my Virgin router to always give it IP address 192.168.0.239. I've enabled ssh. So, for example, from the Pi I can 'ssh user@192.168.0.239' and this works fine.

However if I change the port forwarding rule on the router to forward port 22 to the Hyper-V VM's address (192.168.0.239), then if I try 'ssh user@hostname.ddns.net' it always just times out.

For testing purposes I've disabled the firewall on the VM 'ufw disable'.

Anyone got any clues what I might be doing wrong?

The main difference that I see between the two scenarios (Pi vs Hyper-V VM) is that the VM has two network interfaces, internal and external:

ifconfig eth0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.166.233 netmask 255.255.240.0 broadcast 172.17.175.255
inet6 fe80::8c71:36b7:64b8:500 prefixlen 64 scopeid 0x20<link>
ether 00:15:5d:38:01:00 txqueuelen 1000 (Ethernet)
RX packets 665 bytes 89716 (89.7 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 507 bytes 52926 (52.9 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

ifconfig eth1
eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.0.239 netmask 255.255.255.0 broadcast 192.168.0.255
inet6 fe80::d06e:e2df:73f6:d51a prefixlen 64 scopeid 0x20<link>
ether 00:15:5d:38:01:04 txqueuelen 1000 (Ethernet)
RX packets 3739 bytes 449064 (449.0 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 496 bytes 67607 (67.6 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

TIA

Scott.

[swill453]

Additional information in case it's relevant - the Pi is connected to the router by ethernet cable, while the Windows PC is wireless.

Scott.

[servodude]

Not used Hyper-V much but I spend too much time in VirtualBox; hopefully there's some overlap

The two eth interfaces does look strange: you could try and configure the VM so there's only one bridged connection
- that would reduce the surface area of the problem a bit: making it look like one endpoint uniquely on your network

The other thing I can think of is to check the listening address: I think if it's all 0 it should be listening on both

Code: Select all

$ sudo systemctl status ssh
[sudo] password for servodude:
● ssh.service - OpenBSD Secure Shell server
   Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
   Active: active (running) since Mon 2020-08-10 09:10:34 AEST; 2 days ago
     Docs: man:sshd(8)
           man:sshd_config(5)
 Main PID: 948 (sshd)
    Tasks: 1 (limit: 4915)
   Memory: 948.0K
   CGroup: /system.slice/ssh.service
           └─948 /usr/sbin/sshd -D

Aug 10 09:10:31 servodude-u20 systemd[1]: Starting OpenBSD Secure Shell server...
Aug 10 09:10:34 servodude-u20 sshd[948]: Server listening on 0.0.0.0 port 22.
Aug 10 09:10:34 servodude-u20 sshd[948]: Server listening on :: port 22.
Aug 10 09:10:34 servodude-u20 systemd[1]: Started OpenBSD Secure Shell server.


- there will be config for your ssh server to set this ( check in /etc/ssh)

It would be worth trying the PC on a wired connection if you can just to see if it makes a difference: I have had cases where windows wifi did swallow some traffic. That was using the hotspot feature though; it wouldn't pass traffic from an embedded linux device on its hotspot to my VM so I had to pass the adapter to the VM and run a hotpsot from ubuntu directly

good luck
- sd

[xeny]

There's no chance the VM's default route is via the "other" network interface rather than the one on the external Vswitch?

Presumably you can SSH to it from other hosts on the LAN?

[swill453]

Thanks, I think you both put me on the right track. I realised I don't actually need the "internal" network switch, so I removed it from the config just leaving the external one as eth0, and it works now. I can now ssh from the internet to the VM.

Playing around with bridging and/or routing might have achieved the same, but life's too short...

Now to add back the security and obscurity

Scott.