Remote Putty Connection to Node

[WQUQ715]

I'm new to Linux, and need some help.

I can connect to my node using Putty when my laptop is on the same router, but not from a different ISP.

Is there a Raspian setting to allow these connections? Is it a firewall setting?

I'm getting tired of dragging a laptop to my tower site to edit rpt.conf settings.

Oops! I've got to drive back over to the tower, I forgot to uncomment that macro number...

[KAF6045]

1 hour ago, WQUQ715 said:

I can connect to my node using Putty when my laptop is on the same router, but not from a different ISP.

Is there a Raspian setting to allow these connections? Is it a firewall setting?

Just out of curiosity, what IP# are you "using" when making those connection attempts?

Most routers issue LAN-side IP addresses in the 192.168.x.x block (though some may use 10.x.x.x). These are considered pseudo private IP addresses, that do not get propagated out to the WAN ("Internet"). You can, typically, connect from one LAN device to another LAN device as they are both "inside", and don't require routing packets to the Internet itself (though some routers will block WiFi connections from being seen internally, only allowing cabled computers to see each other).

The router normally performs NAT -- it keeps a table of outgoing connections and what it mapped them to on the outside:

LAN IP# / socket # / (TCP/UDP) <====> WAN IP# / socket # / (TCP/UDP)

where the WAN IP# is the number the ISP assigned to the router. This table is used to map incoming reply packets back to the device/application that initiated the connection.

If you are trying to connect from outside, the router is seeing an incoming packet that does not match to its translation table. You would need to configure the router (the one supplying the device you are trying to connect to, not the one at your end) to accept incoming requests and route them to one of the internal devices (being able to connect to multiple internal devices is much trickier -- many routers can designate a handler device for unsolicited inbound traffic). You would then need to connect to the IP# of the router.

A dynamic DNS provider may be of use, but requires being able to run periodic outbound updates from the device (so the DDNS provider can get the WAN IP# currently assigned).

 

[axorlov]

37 minutes ago, KAF6045 said:

You would need to configure the router (the one supplying the device you are trying to connect to, not the one at your end) to accept incoming requests and route them to one of the internal devices (being able to connect to multiple internal devices is much trickier -- many routers can designate a handler device for unsolicited inbound traffic). You would then need to connect to the IP# of the router.

That is the correct answer ^^^. However, you are opening your Pi for the great world of the outside, so configure your router and SSH accordingly, or you're risking your Pi will be joining russian botnet quick. If you are new to Linux, read up and make sure you understand how to configure SSH with self-signed certificates, this is harder to crack than user:password pair. But if password a must, then of course, it must be a strong password, 16 characters at least, no quotes from movies or literature. Three or four random words sprinkled with random numbers probably would be fine. And absolutely disable root login altogether. For dynamic DNS I use https://freedns.afraid.org Their minimalistic free service works fine for my needs.

[KAF6045]

Yeah... I have one R-Pi running a simple web-server. My router config page was designed with a whole slew of (ugh) games and required ports listed, along with a few server protocols. The only thing it should be accepting, as I have it, is inbound requests for port 80 (HTTP) {I don't have a valid certificate to make HTTPS an option}. A bit more secure than using the "IP Passthrough" tab which lets anything through to a designated device.

{Hmmm, it actually has three separate entries for mIRC!}