Topic: Question regarding SSH over Internet. Pls help

The content of this topic has been archived on 14 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Page 1 of 1

Post #1

ian_wk

25 Jan 2010, 08:30

Hi,

i have configure my firewall in such that it will redirect port 8448 to my port 22

config redirect
         option src           wan
         option name       ssh
         option proto        tcp
         option src_dport  8448
         option dest_ip     192.168.2.1    
         option dest_port  22

normally while accessing locally we -->ssh root@192.168.2.1

now i am try to access it through Internet -->ssh root@w.x.y.z:8448

but it give name or service not known..

More INFO

openwrt <---> ADSL router <----> INTERNET <--> this is where i am trying to ssh from
192.168.2.1 <---> 192.168.1.254

I have configured my ADSL router to allow port 8448 for the connecting openwrt router. openwrt router get an IP from ADSL router with 192.168.1.68

regards,

ian_wk

Post #2

jow

25 Jan 2010, 08:37

ian_wk wrote:

now i am try to access it through Internet -->ssh root@w.x.y.z:8448

The correct syntax is:

ssh -p 8448 root@w.x.y.z

~ JoW

Post #3

ian_wk

25 Jan 2010, 09:12

Thanks,, but now they put connection refused.. where else do I need to configure.

regards,
ian_wk

edit: do I have to installed any packages for ssh over wan to work?

(Last edited by ian_wk on 25 Jan 2010, 09:14)

Post #4

braveheartleo

25 Jan 2010, 14:27

ian_wk wrote:

Thanks,, but now they put connection refused.. where else do I need to configure.
regards,
ian_wk
edit: do I have to installed any packages for ssh over wan to work?

Quite simple, in the line

option name ssh

rename "name" to "_name" (without the quotes). Hope that helps

Post #5

fzwoch

25 Jan 2010, 16:02

I'm no iptables guru and even less familiar with the OpenWrt firewall strategy but it might be possible that you need another rule to accept TCP connection on port 8448 from your WAN device. Else it might get rejected even before your redirect rule can kick in.

Post #6

exovii

26 Jan 2010, 11:59

Hello,

Here a rule i use to redirect ssh:

config redirect
        option src              wan
        option src_dport        2222
        option dest             lan
        option dest_ip          192.168.0.7
        option dest_port        22
        option proto            tcp

And this one works great !

Seems you miss the "dest" option.

Hope this will help...

(Last edited by exovii on 26 Jan 2010, 12:00)

Post #7

ian_wk

26 Jan 2010, 16:41

Thanks... I will give it a try tomorrow.. update again

Post #8

ian_wk

27 Jan 2010, 16:37

the problem still exists.. connection refused. .

/etc/config/firewall

#Allow SSH through Internet
config rule
        option target ACCEPT
        option src              wan
        option proto            tcp
        option dest_port        8448

config redirect
        option src              wan
        option src_dport        8448
        option dest             lan
        option dest_ip          192.168.2.1
        option dest_port        22
        option proto            tcp

This is the config that I have in place.
Any other option that I can try?
I am using 8.09 r16650

regards,
ian_wk

Post #9

fzwoch

27 Jan 2010, 17:13

Perhaps the first rule isn't needed?

However in the first post you say that the OpenWrt router gets a local network address from the ADSL modem (192.168.x.x). In that case I assume that the ADSL modem is the device exposed directly to the net and not the OpenWrt router? In that case the ADSL modem also includes routing fire wall logic? Wouldn't you have to instruct the redirect rule on that device instead of the OpenWrt one?

The discussion might have continued from here.

Page 1 of 1