Deprecated: Function set_magic_quotes_runtime() is deprecated in /membri/cyberstorm/phpBB3/common.php on line 106

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 112

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 112

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 112
[phpBB Debug] PHP Notice: in file /includes/functions.php on line 3390: Cannot modify header information - headers already sent by (output started at /includes/bbcode.php:472)
[phpBB Debug] PHP Notice: in file /includes/functions.php on line 3392: Cannot modify header information - headers already sent by (output started at /includes/bbcode.php:472)
[phpBB Debug] PHP Notice: in file /includes/functions.php on line 3393: Cannot modify header information - headers already sent by (output started at /includes/bbcode.php:472)
[phpBB Debug] PHP Notice: in file /includes/functions.php on line 3394: Cannot modify header information - headers already sent by (output started at /includes/bbcode.php:472)
Neptune354 :: View topic - Access to SSH from WAN
Neptune354
http://cyberstorm.altervista.org/phpBB3/

Access to SSH from WAN
http://cyberstorm.altervista.org/phpBB3/viewtopic.php?f=8&t=9
Page 1 of 1

Author:  diz2k [ 11 Jun 2007, 19:15 ]
Post subject:  Access to SSH from WAN

The next natural thing, after getting ssh to work, is to make it work from internet.

As I understand it's not as easy as it seems.

Ewentually I will use method described in there, but I would like to avoid messing so much with rules.
I was thinking about rule that is used when Administration -> Management ->Remote Management option is enabled. Maybe it would be possible to make similar rule for ssh access. Can someone check firmware source and see if that is possible?

Also, is there some public repository of Carciofone's sources? I know that there is this https://opensvn.csie.org/traccgi/neptune354 but I think it's not exactly what Carciofones is using. And it's slow as hell.

Author:  cyberstorm [ 11 Jun 2007, 22:35 ]
Post subject:  Re: Access to SSH from WAN

As you have read at now that is the only way to get access from WAN. You see, there is a lot of work still to do, but I dont have time for it, so you have to wait.

For sources is better to use http://opensvn.csie.org/neptune354/trunk/ , it is a bit faster without trac. About Carciofone, he hasn't a repository but maybe there are sources available on his site.

Author:  jimbob [ 11 Jun 2007, 22:38 ]
Post subject:  Re: Access to SSH from WAN

The original firmware supports port forwarding from the WAN side to an address on the local network. You could try using this to redirect port 22 from the WAN to 192.168.1.1:22 on the LAN side. I've used port forwarding before for SSH to a linux box on the LAN side and it worked fine, it might work to the br0 IP address too.

Jim

Author:  diz2k [ 12 Jun 2007, 10:41 ]
Post subject:  Re: Access to SSH from WAN

By mistake I have forwarded port 80 to 22 to router address instead of 22 to 22. But still this should work and it DOESN'T.
Will have to try with 22->22 tomorrow.

Author:  jimbob [ 12 Jun 2007, 13:30 ]
Post subject:  Re: Access to SSH from WAN

diz2k wrote:
By mistake I have forwarded port 80 to 22 to router address instead of 22 to 22. But still this should work and it DOESN'T.
Will have to try with 22->22 tomorrow.


I have found that I could never redirect port 80 from WAN -> LAN on the WAG354G. I tried to port forward to a web server on my LAN once and couldn't do it. Perhaps you cannot port forward to a port in use on the router itself, which would only have been port 80 on the stock firmware. If this is the case you might run into trouble doing port 22 -> 22 on Neptune354 since port 22 is being listened to.

Try forwarding another port to your internal server if you can get 22 working e.g. 2222 > 22. It's not a bad idea to move your ssh port if you want to avoid noisy bots trying to brute force a login.

Jim

Author:  diz2k [ 12 Jun 2007, 18:59 ]
Post subject:  Re: Access to SSH from WAN

No way I can make forwarding to work.

Author:  cyberstorm [ 13 Jun 2007, 16:24 ]
Post subject:  Re: Access to SSH from WAN

so i think that you have to wait for the next release of neptune, that (I think) will be in the late summer, cause now i am too busy with the summer exams session at my university...
cheers

Author:  diz2k [ 13 Jun 2007, 20:12 ]
Post subject:  Re: Access to SSH from WAN

I'm very impatient, I think I will do it myself rather then wait, hehe.

I have some questions to you though.
In here you provided wag_init_script.sh with such rules:
Code:
# Allow the world access to ports 22/80 on my WAG354G,

$IPTABLES -A INPUT -p tcp --dport 22 -j ACCEPT # internal ssh now works
[...]
$IPTABLES -A INPUT -i ppp0 -p tcp --dport 22 -j ACCEPT #this now works!

I have added second rule and ssh works remotely and locally now without problems (till restart of course).
Is there any reason for adding less specific first rule?

And another question, when enabling remote management TWO rules are added:
Quote:
0 0 ACCEPT tcp -- any any anywhere 192.168.1.1 tcp dpt:www
2 122 ACCEPT icmp -- ppp0 any anywhere anywhere state NEW
0 0 DROP all -- any any anywhere anywhere state INVALID
148 15189 ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
0 0 ACCEPT all -- lo any anywhere anywhere state NEW
14 858 ACCEPT all -- br0 any anywhere anywhere state NEW
0 0 limaccept udp -- any any anywhere anywhere udp dpt:route
0 0 limaccept tcp -- any any anywhere anywhere tcp dpt:12345
0 0 limaccept tcp -- any any anywhere 192.168.1.1 tcp dpt:www
0 0 DROP tcp -- ppp0 any anywhere anywhere tcp dpt:www
0 0 DROP tcp -- ppp0 any anywhere anywhere tcp dpt:telnet
0 0 limaccept icmp -- any any anywhere anywhere
41 2000 wan2lan all -- ppp0 any anywhere anywhere
0 0 DROP all -- any any anywhere anywhere

I know that this is how Linksys (or Cybertan) made it but maybe you know what is this limaccept policy for?
Should I replicate similar rule for ssh if I would go for modifying firmware?

Page 1 of 1 All times are UTC + 1 hour [ DST ]
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
http://www.phpbb.com/