Hi,

   I have a openwrt installed at my sister-in-law and I want to be able to access it thru the Internet on port 22.

   The openwtr is connected to the ISP with DHCP so the IP change often.

   On my side I have a fix IP.

   How do I add a rule in the firewall to permit my IP to connect to the openwrt port 22 thru the internet.

Thanks.

If you vi /etc/firewall.user you will see:

### Open port to WAN
## -- This allows port 22 to be answered by (dropbear on) the router
iptables -t nat -A prerouting_wan -p tcp --dport 22 -j ACCEPT
iptables        -A input_wan      -p tcp --dport 22 -j ACCEPT

I have obviously uncommented this already.
Alternatively you can edit /etc/config/firewall in kamikaze adding:

accept:proto=tcp dport=22

Or for the new UCI firewall in Kamikaze trunk:

# uci add firewall rule
# uci set firewall.@rule[-1].src=wan
# uci set firewall.@rule[-1].target=ACCEPT
# uci set firewall.@rule[-1].proto=tcp
# uci set firewall.@rule[-1].dest_port=22
# uci commit firewall
# /etc/init.d/firewall restart

Hi,

   Is it possible to open port 22 only for 1 IP coming from the wan?  I dont want to open it for the world, just me

Thanks.

Use src_ip along with the other UCI commands if using the UCI firewall.

(Last edited by Jzor on 20 Sep 2008, 02:49)

Alternatively u can use following command to achieve the same.

$iptables -I INPUT 1 -s ur_ip -p tcp --dport 22 -j ACCEPT

But as this command is saved in RAM, on reboot it will be flushed out.

So, if you want to save it permanently, then copy same command to /etc/firewall.user file.