Cannot SSH to wired server from internal network using XB7

Need Help?

That's what we're here for! The goal of the Rogers Community is to help you find answers on everything Rogers. Can't find what you're looking for? Just ask!
cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
joebloe2
I Plan to Stick Around
Posts: 12

Cannot SSH to wired server from internal network using XB7

Prior to getting Rogers Ignite Internet XB7 modem, I had a PC wired to my old Hitron modem, with an IP on the 10.0.0.1/24 network and I had a second router wired to 10.0.0.1/24, but acting as a gateway for a 192.168.1.1/24 network.  With the Hitron, any PC that was on 192.168.1.1/24 was able to traceroute and SSH to the PC connected to 10.0.0.1/24.  Now that I have the XB7, with the same wired connections, this no longer works.  I am able to ping the PC on 10.0.0.1/24 from 192.168.1.1/24, but SSH and traceroute are now blocked from 192.168.1.1/24.  Is there anyway to make this work?  The fact that ping is working means the routing is fine, but I suspect the XB7 is blocking all TCP ports going to anywhere on 10.0.0.1/24.  Everything else works fine - devices connected to 192.168.1.1/24 are able to get out to the internet.

 

On a side note, I was very disappointed to see that the diagnostic tools on the Rogers Ignite Internet modem (XB7) are very dummied down.

 

 

**Labels Added**

-G-
Resident Expert
Resident Expert
Posts: 2,468

Re: Cannot SSH to wired server from internal network using XB7

@joebloe2 I'm having trouble picturing your network topology, what IP addressing is being used on which LAN segments, and how they interconnect.

 

Keep in mind that the Ignite gateways use 10.0.0.0/24 by default for the in-home LAN/WAN.  Did you change this or is the problem that you now have an addressing conflict?



joebloe2
I Plan to Stick Around
Posts: 12

Re: Cannot SSH to wired server from internal network using XB7

Yes, I understand that - I did not change the network on the XB7, it is still 10.0.0.1/24.  I have two devices wired into the ethernet ports of the XB7, a PC and a router/gateway.  The router/gateway has a WAN IP on the 10.0.0.1/24 network and hosts a 192.168.1.1/24 on its LAN side.  Anything connecting through the 192.168.1.1/24 network (i.e. having a 192.168.1.1/24 IP) can only ping devices on 10.0.0.1/24, but I am unable to SSH from a 192.168.1.1/24 device to the PC connected to 10.0.0.1/24 even though the SSH port is open on the PC.  Also, keep in mind that this exact same configuration worked with the Hitron in place of the XB7

-G-
Resident Expert
Resident Expert
Posts: 2,468

Re: Cannot SSH to wired server from internal network using XB7


@joebloe2 wrote:

Yes, I understand that - I did not change the network on the XB7, it is still 10.0.0.1/24.  I have two devices wired into the ethernet ports of the XB7, a PC and a router/gateway.  The router/gateway has a WAN IP on the 10.0.0.1/24 network and hosts a 192.168.1.1/24 on its LAN side.  Anything connecting through the 192.168.1.1/24 network (i.e. having a 192.168.1.1/24 IP) can only ping devices on 10.0.0.1/24, but I am unable to SSH from a 192.168.1.1/24 device to the PC connected to 10.0.0.1/24 even though the SSH port is open on the PC.  Also, keep in mind that this exact same configuration worked with the Hitron in place of the XB7


The Ignite gateway should not be blocking any connections or any connectivity between any devices on its internal LAN.

 

Also, be careful when you write things like10.0.0.1/24.  This is how you would write the IP address of a device (10.0.0.1) that is connected to the 10.0.0.0/24 network segment.



joebloe2
I Plan to Stick Around
Posts: 12

Re: Cannot SSH to wired server from internal network using XB7

something is being blocked, or it cannot find a route back.  As I implied, the only change is the XB7 is now in place of the Hitron.  When I had the Hitron it worked, now it does not.  It would be nice if I could do a traceroute from the XB7 and actually get to see the output.  At least with the Hitron I could

-G-
Resident Expert
Resident Expert
Posts: 2,468

Re: Cannot SSH to wired server from internal network using XB7


@joebloe2 wrote:

something is being blocked, or it cannot find a route back.  As I implied, the only change is the XB7 is now in place of the Hitron.  When I had the Hitron it worked, now it does not.  It would be nice if I could do a traceroute from the XB7 and actually get to see the output.  At least with the Hitron I could


Okay, so say the network looks something like this:

 

Internet

|

[Ignite gateway - 10.0.0.1/24]

|

+--------------------------------------------- 10.0.0.0/24 (Anything connected to the XB7 LAN ports will be on this segment)

|    ^[Server - 10.0.0.x/24]

|

[Router] (this device should have either a static or a reserved IP address on the 10.0.0.0/24 segment.

|

+--------------------------------------------- 192.168.1.0/24

|    ^ Various devices connected to this network segment with a default gateway pointing to Router

 

 

If your Router is acting as a firewall/gateway and has NAT enabled, then it should "just work".

 

 

However, if your Router is acting as an actual router, not a firewall/gateway, no NAT, then the Server on the 10.0.0.0/24 needs to somehow have a route back to the 192.168.1.0/24 network.  Do you have this static route configured on Server?  Unfortunately, I'm pretty sure that there is no way configure a static route on the XB6/XB7 gateway, nor is it capable of learning routes that are advertised by a routing protocol.

 

I don't see why devices on the 192.168.1.0/24 network can ping devices on the 10.0.0.0/24 network but cannot SSH to the Server.



joebloe2
I Plan to Stick Around
Posts: 12

Re: Cannot SSH to wired server from internal network using XB7

I agree, it should work, it worked for the Hitron.  As I have indicated, the only change is the introduction of the XB7 in place of the Hitron modem.  I did not change the configuration on any of the other devices, so I have to think it is something about the XB7.  The router hosting 192.168.1.0/24 is configured as a gateway, just as it was when I had the Hitron.  I have not changed any of the config on this router.

 

The interesting thing is when I try a traceroute, using the XB7 Diagnotic Tools page, to one of the Xi6-T devices connected to the XB7 WiFi, so on the 10.0.0.0/24 network, I get a result of "Status:Error! Traceroute Failed !", even though the Xi6-T device is working fine and activitely streaming content to a TV.  If I try the "Check for IPv4 Address Results" (ping??) I get a Connectivity: Error.

 

-G-
Resident Expert
Resident Expert
Posts: 2,468

Re: Cannot SSH to wired server from internal network using XB7


@joebloe2 wrote:

The interesting thing is when I try a traceroute, using the XB7 Diagnotic Tools page, to one of the Xi6-T devices connected to the XB7 WiFi, so on the 10.0.0.0/24 network, I get a result of "Status:Error! Traceroute Failed !", even though the Xi6-T device is working fine and activitely streaming content to a TV.  If I try the "Check for IPv4 Address Results" (ping??) I get a Connectivity: Error.


I'm pretty sure the connectivity tests in Troubleshooting only work for targets on the WAN side.  You cannot do a ping or traceroute to a device that is connected to Wi-Fi or the Local IP Network.



joebloe2
I Plan to Stick Around
Posts: 12

Re: Cannot SSH to wired server from internal network using XB7

Thanks. 

 

Again I will say that it is very disappointing that the XB7 has limited diagnostic capability or, more likely, Rogers has locked it down to be this way.

-G-
Resident Expert
Resident Expert
Posts: 2,468

Re: Cannot SSH to wired server from internal network using XB7


@joebloe2 wrote:

Again I will say that it is very disappointing that the XB7 has limited diagnostic capability or, more likely, Rogers has locked it down to be this way.


As far as I know, this is not something that Rogers locked down, accidentally or intentionally.  The Comcast Xfinity (Rogers Ignite) gateways are really, REALLY simplistic by design, at least from a user-facing perspective.  You have no visibility into what's going on with your network and no tools to troubleshoot any weird or complex issues.  Even the gateway's logs do not log anything useful when a problem happens.

 

When Ignite Internet was only available with Ignite TV, many Rogers Internet customers were clamouring to switch from the Hitron CODA to the XB6, and I cautioned users about wanting to make that change because they would end up losing features and configuration options.

 

 

As for your connectivity issues, I would suggest connecting your server and router to a LAN switch, and uplinking that switch to your Ignite gateway.  With this configuration, the XB7 would not be able to block any LAN traffic between your router and the server.  If you are still experiencing connectivity issues, it would be due to some problem with your setup, not the XB7.