The content of this topic has been archived on 1 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.
hi , back into business;)
i have an installed wrt / white russian with webif2 webinterface
and want to give a friend access to my router via ssh.
Whats the simplest firewall rule i need to add and what adress in need to specify
under "Default gateway " under subnet , i use pppoe to connect.
thanks
(Last edited by macbroadcast on 15 Sep 2007, 18:24)
Hi dude
Just run this command from the console:
vi /etc/firewall.user
And then uncomment the "ssh port to wan" part
Its pretty simple and you cant miss it
To edit the file remember to press "l"
To write and save your config press "Esc" and then "wq!"
Cheers
Hi dude
Just run this command from the console:
vi /etc/firewall.user
And then uncomment the "ssh port to wan" part
Its pretty simple and you cant miss it
To edit the file remember to press "l"
To write and save your config press "Esc" and then "wq!"Cheers
hey soulfather69 ,
thanks i uncommented the 2 lines you mentioned
#!/bin/sh
### Open port to WAN
## -- This allows port 22 to be answered by (dropbear on) the router
iptables -t nat -A prerouting_wan -p tcp --dport 22 -j ACCEPT
iptables -A input_wan -p tcp --dport 22 -j ACCEPT
but still no access from outside :-(
do i need to reboot or something ?
thanks so much
P.S. i dont know what the <Default gateway> is in settings , is it a private ip from one of my computers
whitch i can choose by myself ?
(Last edited by macbroadcast on 16 Sep 2007, 21:44)
You need to restart the firewall services to take effect. Use
iptables -Lto see whether the rules have been loaded or not, my bet is you did not restart the firewall.
Hello, in my case my ISP does not permit the IP dinamically assigned to the router to hear for request on standard ports (I mean 1 to 1xxx tcp and udp ports) so I had to added a line in the iptable rules in order to redirect the traffic the router gets on the wan interface on port 65535 to the port 22 on the same IP. (remember port 22 is for ssh). Then you will have to send the ssh connection request to the port you decided to use.
i.e
iptables -A INPUT -p tcp --dport 65535 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp -d w.x.y.z --dport 65535 -j DNAT --to-destination w.x.y.z:22
I hope this is helpfull to you
Yeah give your router a restart 
Or to to reload your firewall (necessary to apply the firewall rules, sorry for not including it in my first post 
), run this command:
sh /etc/firewall.user
You do have a static or dyndns address pointing to your router right?
What address are you giving your mate to connect to your router?
Let me know
Cheers
Yeah give your router a restart
Or to to reload your firewall (necessary to apply the firewall rules, sorry for not including it in my first post
sh /etc/firewall.user
You do have a static or dyndns address pointing to your router right?
What address are you giving your mate to connect to your router?
Let me know
Cheers
hey soulfather69 ,
ok done , sh /etc/firewall.user restarts firewall ? :-)
I have a static ip pointing to my router, yes
thanks a lot marc
(Last edited by macbroadcast on 17 Sep 2007, 14:01)
Hehe yeah my bad
Yeah both worked, i successfully ssh'd into your static IP and your DNS record
btw you cannot ssh to your external IP address (WAN) from your internal network - you have to be on the RED zone (internet) to access the ssh console via the WAN interface
Glad to help
Cheers
Hehe yeah my bad
Yeah both worked, i successfully ssh'd into your static IP and your DNS record
btw you cannot ssh to your external IP address (WAN) from your internal network - you have to be on the RED zone (internet) to access the ssh console via the WAN interface
Glad to help
Cheers
YES!!! its working!!! you made my day , thanks so much
next steps will be configuring all the firewall and port forwarding stuff!!!
talk soon
cheers
Awesome
thanks Borromini and homero,
now i need to understand that "ssh" runs on my router and my bind and the webserver is on another mac
with a static private ip so this looks fine but does not work for me
### DNS forwarding
## -- This forwards port 53 on the WAN to port 53 on 192.168.1.102
iptables -t nat -A prerouting_wan -p tcp --dport 53 -j DNAT --to 192.168.1.102:53
iptables -A forwarding_wan -p tcp --dport 53 -d 192.168.1.102 -j ACCEPT
greetings
To check whether SSH (dropbear) runs, do this:
ps aux | grep dropbearHello, in my case my ISP does not permit the IP dinamically assigned to the router to hear for request on standard ports (I mean 1 to 1xxx tcp and udp ports) so I had to added a line in the iptable rules in order to redirect the traffic the router gets on the wan interface on port 65535 to the port 22 on the same IP. (remember port 22 is for ssh). Then you will have to send the ssh connection request to the port you decided to use.
i.e
iptables -A INPUT -p tcp --dport 65535 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp -d w.x.y.z --dport 65535 -j DNAT --to-destination w.x.y.z:22I hope this is helpfull to you
I could not get that to work on Kamimaze 7.09.
This is what works for me.
The "-d 192.168.1.1" in the second line makes sure that only the forwarded packets get forwardet. Without it port 22 would still be open on WAN, which I think is a security failure.
### Forward port 2222 to 22 on OpenWRT, when connection is comming in on WAN
iptables -t nat -A prerouting_wan -p tcp --dport 2222 -j DNAT --to 192.168.1.1:22
iptables -A input_wan -p tcp --dport 22 -d 192.168.1.1 -j ACCEPT
The discussion might have continued from here.