Helpful Links

Why won't SSH Server port forwarding work on my 2wire DSL modem / router?


Why won't SSH Server port forwarding work on my 2wire DSL modem / router?

I spent numerous hours trying to get thru to the AT&T support people, and they act like port forwarding is a foreign language, totally unqualified support people. Then I finally found somone who knew something about the issue that worked for 2wire and after understanding the issue, they proclaim that the only one that can fix it is AT&T and they would not deliver the issue to them for rectification. Below, I've included the excerpt of the email support thread with the 2wire tech in the hopes that SOMEONE at AT&T might read it and provide some sort of solution that works. begin ******** * Home * Speed Meter * Site Map * Contact Us Solutions End to End Products+Platforms Software & Hardware * Gateway Platforms * Media Platforms * Management Systems and Applications Service Delivery Integration & Care Partners World Class Providers Support & Documentation Company About 2Wire Support Logged in as: Viewing Incident #24056: Created 02-03-2010 07:38 pm Status: New Category: 2Wire Products Last Updated: 02-03-2010 11:35 pm Attachments: Port Scan Open.JPG modem log.JPG Attach a file Subject: Why won't SSH Server port forwarding work on my 2wire DSL modem / router? Question: I need a ticket to be opened on this issue, please email confirmation of opened ticket to my email address: Response by on 02-03-2010 08:51 pm There may be a ticket opened up about six months ago. I had a technician remote view my desktop and demonstrated that the 2wire modem from AT&T did not pass traffic for a port forward on port 22, neither on the built-in SSH server rule or custom rule set for port 22. I need this looked at right away. Failure to solve this problem will make AT&T ineligible to be selected as my Internet provider. Response by Logan D.: on 02-03-2010 10:17 pm Based on your E-Mail address I do not see any previous incidents. How was it demonstrated that the 2Wire did not forward port 22? Response by on 02-03-2010 10:19 pm I showed the technician, via remote desktop view, every aspect of my network, logged into the server locally, verified the WAN IP address and tried that and ssh did not pass, you want to take a look? Response by on 02-03-2010 10:21 pm you can call me at 860-469-5011 and connect remotely to my PC and I could run through it again. Response by Logan D.: on 02-03-2010 10:23 pm This is E-Mail support, we are unable to make or schedule calls. What is the SN of your 2Wire? It is located on the bottom usually above a bar code. Depending on your Internet Service Provider I may be able to access your gateway remotely and help troubleshoot your problem. Response by on 02-03-2010 10:26 pm Model: 2701HG-B Gateway Serial Number: xxxxxxx Hardware Version: xxxxxxx Software Version: xxxxxxx Key Code: xxxxxxx As far as my internet provider, they are useless, they know nothing about port forwarding and won't support it adequately. By that I mean they don't initiate a ticket and leave it open til the problem is solved. I was hoping I could get better from your organization. Response by on 02-03-2010 10:30 pm I've got an SSH server rule set up now, so if you want to try to SSH into it, you'll be able to tell if it's working if you get a login prompt. "ssh mprelli@. Response by Logan D.: on 02-03-2010 10:32 pm Where are you testing the SSH from? The event log of your 2Wire does not show any traffic being stopped on port 22. Response by on 02-03-2010 10:34 pm I only have PC on local LAN to test from, but I've done it before with my cable modem connection previously so I know my method is sound. Response by on 02-03-2010 10:35 pm Are we sure passes SSH? Can you confirm their port blocking activity? Response by Logan D.: on 02-03-2010 10:36 pm Unfortunately at this time 2Wire does not support Loop back. Basically, it is not possible to try to access your External IP address from within the same network. You will only be able to test a device by using the local IP or by trying the External IP from outside of this network. Are you SSH-'ing' by entering the public/wan IP address into a web browser? Response by on 02-03-2010 10:39 pm When will loopback be supported? Having this is essential so I can test my configs when I set up a new server. I am entering this into my xterm "ssh mprelli@", and yes, that is the WAN IP addy. Response by on 02-03-2010 10:41 pm you can try that to confirm with me you get a password prompt, if you do, at least this time I can verify it's passing, but it won't solve my problem when I go to set up other servers later, the loopback function is essential, it's IP, routing should take care of it, shouldn't it? Response by on 02-03-2010 10:43 pm if you're on a windows PC you can try it with Putty and/or Cygwin bash shell. Response by Logan D.: on 02-03-2010 10:50 pm If you follow the link in this message it will take you to the 2Wire page where I have attached two pictures that you can see the port is being forwarded correctly. Response by on 02-03-2010 10:56 pm ok, so its working, but I currently have no way to test it, when will I be able to test it from within the LAN? Response by Logan D.: on 02-03-2010 10:57 pm Honestly you can't. The only way you will be able to SSH into the server from within the local network is by the local IP address. Response by on 02-03-2010 10:59 pm This is a deficient design. I can do it while using cable modem service. To be clear, what I'm asking is WHEN is this problem going to be fixed? Response by Logan D.: on 02-03-2010 11:00 pm It isn't a 'problem'. Just a feature that your 2Wire does not posses. Response by on 02-03-2010 11:02 pm Oh, so basic IP routing is now considered a "feature", that is so lame, forward this ticket to your superiors for further review and have them get back to me. Your response is totally unacceptable. Response by Logan D.: on 02-03-2010 11:08 pm We do not have a superior that will offer a different response. IP routing is supported, but true NAT Loopback is not a feature of your 2Wire HomePortal. Is their a specific reason you need to SSH from over the internet when connected to the same local network? Response by on 02-03-2010 11:09 pm I need to test it before telling others to connect. Response by Logan D.: on 02-03-2010 11:10 pm The only way to test the Firewall rule is by connecting from another network or WAN IP address. Response by on 02-03-2010 11:12 pm forward this thread to your management. I want this addressed in your Plan of Record for future releases. I want an email from 2wire on this thread when a firmware release has fixed this serious deficiency in your product. Response by Logan D.: on 02-03-2010 11:14 pm I will forward the thread. But features are dictated by your Internet Service Provider whom you purchased the product from. You will not receive an E-Mail about any firmware updates. Response by on 02-03-2010 11:17 pm Please ensure that awareness of my dissatisfaction is conveyed to my service provider at, when I try to call them, they claim ignorance and I can't even ever speak with anyone that has enough knowledge or experience to even understand my grievance. Response by on 02-03-2010 11:20 pm At least you understand the technical problem, and for that I'm appreciative, but if it doesn't go anywhere, AT&T DSL is disqualified from my list of service providers that I recommend to my home-based networking customers. Response by Logan D.: on 02-03-2010 11:20 pm Okay. Also even if your 2Wire did NAT-Loopback, like your cable modem. It does not test the Firewall rule because it intercepts the outgoing traffic and redirects to the local IP, never passing the Firewall, thus not testing the rule. Response by on 02-03-2010 11:22 pm then loopback is not what we're after, we need IP routing to tunnel out and back in, clearly that is not working and it needs to be looked at seriously. Response by Logan D.: on 02-03-2010 11:27 pm As mentioned, it is a feature that needs to be requested by your Internet Service Provider. Though I understand that frustration, as I had with my server. But I always preferred to test the connection from another network anyway. Response by on 02-03-2010 11:29 pm Are you telling me this will not go to your management and your management will not make aware of this issue? Response by Logan D.: on 02-03-2010 11:30 pm I am sure AT&T is aware, but for whatever reason does not feel it is a feature that needs to be added. Response by on 02-03-2010 11:30 pm That question solicited a yes or no response, so which one is it? Response by Logan D.: on 02-03-2010 11:31 pm I would not have any way of knowing what my managers will do, as I am not them. Response by on 02-03-2010 11:35 pm Just make them aware of my request that they notify that this is an issue that will affect numerous potential customers and that I expect confirmation of the communication from your management and subsequent plans as to it's resolution. Please confirm you will carry out your part in that process. ******* end I never got a response from my last post on this thread, they ignored me.
Message 1 of 3

Re: Why won't SSH Server port forwarding work on my 2wire DSL modem / router?

Hello networkr, I truly appreciate that you took your valuable time to let us know that you are experiencing issue while getting assistance with port forwarding issue on your 2 Wire router and please accept my sincere apologies for any inconvenience that you might have experienced. Attempting to access the internet with certain applications it is necessary to open specific ports on your AT&T CPE. To open a pre-defined firewall ports on 2Wire Gateways, do the following: 1. Open an Internet browser. 2. Type http://homeportal in the address bar. 3. Click the Go button or press the Enter key on the keyboard. 4. Click on the Firewall tab. 5. Click on the Firewall Settings link. 6. Choose the computer from the drop-down list that will be hosting the application. 7. Choose the type of application from the drop-down list that. If unsure of the type of application, choose All applications. 8. Choose the application from the drop-down list. 9. Click the ADD button. 10. Click the DONE button. 11. Once all ports are opened, please test your gaming device and/or internet application, it should work. DISCLAIMER: Opening ports in the modem firewall can leave your computers exposed to malicious attacks. AT&T is not responsible for potential attacks made to your computer systems or damage resulting from an attack caused by opening a port.


If the issue persists, we recommend that you contact our DSL support by clicking the link below.


DSL Support Chat

Remember to always mark items that you find useful as "Accepted Solutions”, you can even mark multiple
in a single thread.  This will help other users find this information too!!

Employee Contributor*
*I am an AT&T employee and the postings on this site are my own and don't necessarily represent AT&T's position, strategies or opinions.
Message 2 of 3

Re: Why won't SSH Server port forwarding work on my 2wire DSL modem / router?

Your issue has to do with NAT loopback on the 2wire router. For some reason, either 2wire or AT&T turned it off. I'm on u-verse and they recently did a update to either the firmware or the firewall rules at AT&T that fixed this for me and turned it back on . However, if you're on regular DSL, I'm not sure if it's fixed yet. This was only fixed recently for me, so it may be a while before it's resolved for everyone.
Message 3 of 3
Share this topic

Welcome to the internet boards! Check out our troubleshooting articles below and don’t forget to search the forums - your question may have been answered already!

Service acting up? Click here to troubleshoot now!

For DSL related issues, we are here to chat!

Additional Support