OpenWrt Forum Archive

Topic: How to change port from 22 to 2222

The content of this topic has been archived on 13 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
deanduan
28 May 2014, 09:24

i am a newcomer of Openwrt, thanks for your help to change port from 22 to 2222.

And if I only allow some IPs or MACs to connect to Router, or do not allow some IPs or MACs to connect, what should i do?

thanks again

(Last edited by deanduan on 28 May 2014, 09:24)

Post #2
spectrum
28 May 2014, 10:39

Hi, i am new here but i try to help,

for ssh, if you don't have an option for the port in the web ui, telnet the router ip and setup dropbear

http://wiki.openwrt.org/doc/uci/dropbear

openwrt uses UCI to manage configurations, so likely, change the dropbear UCI config file:

root@OpenWrt:/etc/config# cat dropbear
config dropbear
        option PasswordAuth 'on'
        option Port         '22'

22 to the port you want, then save and reboot.

To allow only some ip to connect, that's something related to firewalling, look if you have some web ui page for this, or study

http://wiki.openwrt.org/doc/uci/firewall

Regards
angelo

Post #3
deanduan
28 May 2014, 16:30

thanks for your knid reply.

Post #4
zxdavb
29 May 2014, 20:30

I presume you mean to change the SSH listener to use port 2222 rather than 22?  Another (better?) way is to execute the following commands:

uci set dropbear.@dropbear[0].Port=2222

uci commit dropbear
/etc/init.d/dropbear reload

Before you do that, you may want to enable access to port 2222 via the wan interface:

uci add firewall  rule
uci set firewall.@rule[-1].name=Allow-Inbound-SSH
uci set firewall.@rule[-1].src=wan
uci set firewall.@rule[-1].target=ACCEPT
uci set firewall.@rule[-1].proto=tcp
uci set firewall.@rule[-1].dest_port=2222
uci set firewall.@rule[-1].enabled=1

uci commit firewall
/etc/init.d/firewall reload

The UCI commands make changes to the config files (such as /etc/config/dropbear), and this is an alternative to editing those files directly.

Good luck!

(Last edited by zxdavb on 29 May 2014, 20:32)

Post #5
arokh
30 May 2014, 10:58

You don't need to change the listener address, just make a redirect:

firewall.@redirect[0]=redirect
firewall.@redirect[0].src=wan
firewall.@redirect[0].src_dport=2222
firewall.@redirect[0].dest=lan
firewall.@redirect[0].dest_ip=192.168.1.1
firewall.@redirect[0].dest_port=22
firewall.@redirect[0].proto=tcp
firewall.@redirect[0].name=EXTSSH
firewall.@redirect[0].target=DNAT
firewall.@rule[6]=rule
firewall.@rule[6].src=wan
firewall.@rule[6].dest_port=22
firewall.@rule[6].dest_ip=192.168.1.1
firewall.@rule[6].proto=tcp
firewall.@rule[6].target=ACCEPT
firewall.@rule[6].name=SSH

The discussion might have continued from here.