Allowing access to SSH port using iptables

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware
Author Message
blaughtmon
DD-WRT User


Joined: 29 Mar 2010
Posts: 115

PostPosted: Fri Jul 31, 2015 10:41    Post subject: Allowing access to SSH port using iptables Reply with quote
I recently installed OpenSSH on the DD-WRT Router using Optware. Everything is setup correctly and I can access the router using the OpenSSH port and connection on the local network. The issue I am having is with the need for the OpenSSH port to be allowed to be accessed from the Internet. I have tried the following commands but I cannot access OpenSSH remotely.

iptables -I INPUT -o br0 --dport (port #) -j ACCEPT
iptables -I INPUT -i br0 --dport (port #) -j ACCEPT
iptables -I INPUT -o br0 --sport (port #) -j ACCEPT
iptables -I INPUT -i br0 --sport (port #) -j ACCEPT

Does anyone have any ideas as to how this can be done? Thanks.
Sponsor
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 5698
Location: Akershus, Norway

PostPosted: Sat Aug 01, 2015 14:03    Post subject: Reply with quote
Administration->Management->Remote Access->SSH Management=Enabled

I don't know why you need OpenSSH? It should be installed by default.
blaughtmon
DD-WRT User


Joined: 29 Mar 2010
Posts: 115

PostPosted: Sun Aug 02, 2015 8:36    Post subject: Reply with quote
Thanks for not answering my question and telling me how to do something that I already know about. I want to use it as it more powerful than dropbear and will possibly allow me to install Duo Security. I am working with Duo right now to see if this is possible.
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 5698
Location: Akershus, Norway

PostPosted: Sun Aug 02, 2015 8:54    Post subject: Reply with quote
I see it now. You have specified the wrong interface. It should be the wan interface.

iptables -I INPUT -i `nvram get_wanface` --dport 22 -j ACCEPT
blaughtmon
DD-WRT User


Joined: 29 Mar 2010
Posts: 115

PostPosted: Sun Aug 02, 2015 15:38    Post subject: Reply with quote
I was able to figure this out using the DD-WRT iptables guide. I am using these commands to allow WAN access to the OpenSSH server.

iptables -I INPUT -p tcp -m tcp -d `nvram get lan_ipaddr` --dport (port #) -j logaccept
iptables -t nat -I PREROUTING -p tcp -m tcp -d `nvram get wan_ipaddr` --dport (port #) -j DNAT --to-destination `nvram get lan_ipaddr`:(port #)

Edit: I forgot to add. All port numbers are the same.
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum