Until now I've always used my OpenWRT router directly behind a bridging modem. Using the regular WAN port, I've allowed ssh from the "big bad internet" and protected it for brute force attacks by using IPT Recent (http://www.macsat.com/macsat/content/vi … /#sshbrute). My computers are using WIFI and 3 of the LAN ports, and I have connected a switch to the last port.

This week I have received a new ADSL modem/router which I have to use for VoIP. This new modem acts as a DHCP and DNS server, but has no accesspoint. Because the current switch I own is old, I wanted to see if my OpenWRT could run as a switch with accesspoint functionality, and succeeded by using the BridgingAccessPoint Howto. (http://wiki.openwrt.org/BridgingAccessPointHowto).

To still be able to use Wake-on-LAN, I've forwarded port 22 from my new modem/router to the OpenWRT "switch". This works perfectly. However, one of the first instructions in the BridgingAccessPoint manual was to disable the firewall, preventing IPT Recent to work. After enabling the firewall again IPT Recent does not work either, because all the connection requests are now received via the LAN connection (and automatically accepted). I have never really understood IP tables, so I couldn't find a solution in all the existing howto's and wiki's to enable Recent again.

Is it possible to enable IPT Recent for requests originating from the LAN (on port 22) without interfering with "normal" local traffic? And if so, what changes do I have to make to the /etc/init.d/S35firewall and /etc/firewall.user files?

Thanks!

p.s. I am using an Asus WL-500g Deluxe and White Russian version 0.9.