Portforwarding Port 22 ( for ssh ) over JioFiber Router not working ( port 22 is closed )

Question

I am using a JioFiber Router ( Firmware version : SRCMTF1_JCOW414_R2.52.1 ) . The host that I want to expose to the internet has Ubuntu Server 24.04.

Private IPs : 
Router                                                   : 192.168.29.1
My windows laptop ( through which I am submitting this ) : 192.168.29.171
Ubuntu Server ( ssh host )                               : 192.168.29.4 

Following are the several commands and results I collected from checking other users questions on this topic.

s@s:~$sudo systemctl status ssh
● ssh.service - OpenBSD Secure Shell server
     Loaded: loaded (/usr/lib/systemd/system/ssh.service; enabled; preset: enabled)
     Active: active (running) since Thu 2024-05-30 12:07:45 UTC; 5h 30min ago
TriggeredBy: ● ssh.socket
       Docs: man:sshd(8)
             man:sshd_config(5)
   Main PID: 1145872 (sshd)
      Tasks: 1 (limit: 4524)
     Memory: 2.2M (peak: 3.4M)
        CPU: 98ms
     CGroup: /system.slice/ssh.service
             └─1145872 "sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups"

s@s:/etc/ssh$ sudo lsof -i :22
COMMAND     PID     USER   FD   TYPE  DEVICE SIZE/OFF NODE NAME
systemd       1     root  172u  IPv6 1014536      0t0  TCP *:ssh (LISTEN)
sshd    1145872     root    3u  IPv6 1014536      0t0  TCP *:ssh (LISTEN)
sshd    2408678     root    4u  IPv6 2115204      0t0  TCP sdserver:ssh->192.168.29.171:65341 (ESTABLISHED)
sshd    2408981 sdserver    4u  IPv6 2115204      0t0  TCP sdserver:ssh->192.168.29.171:65341 (ESTABLISHED)

Last two rows are because I am currently connected via a local network.

s@s:~$ sudo netstat -tuln
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 127.0.0.54:53           0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN
tcp6       0      0 :::80                   :::*                    LISTEN
tcp6       0      0 :::22                   :::*                    LISTEN
udp        0      0 127.0.0.54:53           0.0.0.0:*
udp        0      0 127.0.0.53:53           0.0.0.0:*
udp        0      0 192.168.29.4:68         0.0.0.0:*
udp6       0      0 fe80::3660:f9ff:fec:546 :::*

s@s:~$ sudo ufw status
Status: active

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW       Anywhere
22/udp                     ALLOW       Anywhere
22/tcp (v6)                ALLOW       Anywhere (v6)
22/udp (v6)                ALLOW       Anywhere (v6)

result of cat /etc/ssh/sshd_config

s@s:/etc/ssh$ sudo sshd -T | grep -E 'gatewayports|allowtcpforwarding'
gatewayports yes
allowtcpforwarding yes

Following are some of the Router settings. Routing mode is NAT. I tried changing it to classic Routing but then internet stopped working. Image Showing which Features are enabled in the Router

Image showing the rules added to the Portforwarding tab in the Router Settings

Heres a text version

Action    | Service | Status | Source IP | Dest IP | Internal Port Range
Allow Always | ssh  |Enabled | ANY       | 192.168.29/4 | 22

( some tutorials add tcp in the service , for my router there was no pure TCP in the option , there was however SIP-TCP and DNS-TCP , I tried both and still port 22 was closed ) Here is an image of the other options : Image showing other service options

Canyouseeme and similar service say that port 22 is close. I tried with another device which is outside local network and it said Connection Timedout.

Somewhere I read that Setting up port forwarding in my router wont really help since The ISP has their own NAT on top of my routers NAT. This is the only direction I have not pursued yet.

ip addr show

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host noprefixroute
       valid_lft forever preferred_lft forever
2: enp3s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
    link/ether ec:b1:d7:3a:d2:f4 brd ff:ff:ff:ff:ff:ff
3: wlx3460f9c9c008: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 34:60:f9:c9:c0:08 brd ff:ff:ff:ff:ff:ff
    inet 192.168.29.4/24 metric 600 brd 192.168.29.255 scope global dynamic wlx3460f9c9c008
       valid_lft 72756sec preferred_lft 72756sec
    inet6 2405:201:8013:9999:3660:f9ff:fec9:c008/64 scope global dynamic mngtmpaddr noprefixroute
       valid_lft 4788sec preferred_lft 4788sec
    inet6 fe80::3660:f9ff:fec9:c008/64 scope link
       valid_lft forever preferred_lft forever
4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
    link/ether 02:42:7e:6b:d7:ac brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever

I am using wifi to enable the ubuntu server to connect to the router. The router indeed has a firewall but currently its set to allow all.

I have tried ssh -6 with both the ipv6. And in the case of 2405:201:8013:9999:3660:f9ff:fec9:c008 it was atleast able to resolve it but connection timed out. In the case of 2405:201:8013:9999:fe80::3660:f9ff:fec9:c008 it (ssh) could not even resolve the hostname.

This is when attempting ssh from outside the network. From inside the home router network, ssh -6 is working.

Answer 1

If your provider is using CGNAT (Carrier Grade NAT) ("double NAT" in some countries' terms), then you can't. The carrier most likely does not permit external port forwarding because of this.

Answer 2

Jiofiber, as well as other ISPs in India use Double NAT. So this even when I was ( probably ) doing everything correctly , I was getting port 22 closed.