Neptune354

diz2k · **Joined:** 07 Jun 2007, 22:06 **Posts:** 31

I think it would be nice to have that option in web interface.

I have looked inside neptune354 source.
In http://opensvn.csie.org/neptune354/trun ... firewall.c there is a code:

Code:

   if (remotemanage)
   {
      /* zhangbin 2005.3.21 */
      char http_wanport_buf[10];
      //char *http_wanport = nvram_safe_get("http_wanport");
      //char *http_wanport_buf = malloc(strlen(http_wanport) + 1);
      memset(http_wanport_buf,0,sizeof(http_wanport_buf));
   
      //strncpy(http_wanport_buf, http_wanport, strlen(http_wanport));
      strcpy(http_wanport_buf, nvram_safe_get("http_wanport"));
      //http_wanport_buf[strlen(http_wanport)] = '\0';

      save2file("-A PREROUTING -p tcp -m tcp -d %s --dport %s "
           "-j DNAT --to-destination %s:%d\n"
           , wan_if_addr[conn_no]
           , http_wanport_buf/*nvram_safe_get("http_wanport")*/
           , nvram_safe_get("lan_ipaddr")
           , web_lanport);
      //free(http_wanport_buf);
   }

I think it wouldn't be that hard to add similar code for ssh.

In Google Code I have found source code of tofu that does exactly that but with a bit different code:

Code:

    /* Enable remote management */
    if (remotemanage) {
      save2file("-A PREROUTING -p tcp -m tcp -d %s --dport %s "
           "-j DNAT --to-destination %s:%d\n",
           wanaddr, nvram_safe_get("http_wanport"),
           nvram_safe_get("lan_ipaddr"), web_lanport);
   }
    /* do the same for ssh remote management */
   if ((nvram_match("sshd_enable", "1")) && (nvram_match("sshd_remote", "1"))) {
      save2file("-A PREROUTING -p tcp -m tcp -d %s --dport %s "
         "-j DNAT --to-destination %s:%s\n",
         wanaddr, nvram_safe_get("ssh_wanport"),
         nvram_safe_get("lan_ipaddr"), nvram_safe_get("sshd_port"));
   }

diz2k · **Joined:** 07 Jun 2007, 22:06 **Posts:** 31

I have now compiled my own firmware with this feature.
Thanks Marco and/or Carciofone for almost implementing this option. Commented out code was was almost all that was needed. It was only nessecary to add one rule to firewall.c.

Also I have added /usr/sbin to default PATH and done some minor tweaks to web interface. My router is superb now, hehe.

cyberstorm · **Joined:** 04 Jun 2007, 17:55 **Posts:** 67

if u want you can send me some patches/files to put in svn
cheers

diz2k · **Joined:** 07 Jun 2007, 22:06 **Posts:** 31

Modifications were made on Carciofone sources so patch won't work I think (not to mention that I don't know how to make diff files).
Also, I'm worried that this modification might not be top quality. It should be tested in different conditions which I have not made. For example with firewall enabled (I have it switched off) and so on.
Anyway, it works for me and I will do anything needed to get this onto some of the public builds.

Neptune354

Option to allow SSH access from WAN

Who is online