Deprecated: Function set_magic_quotes_runtime() is deprecated in /membri/cyberstorm/phpBB3/common.php on line 106

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 112

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 112

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 112
[phpBB Debug] PHP Notice: in file /includes/functions.php on line 3390: Cannot modify header information - headers already sent by (output started at /includes/bbcode.php:472)
[phpBB Debug] PHP Notice: in file /includes/functions.php on line 3392: Cannot modify header information - headers already sent by (output started at /includes/bbcode.php:472)
[phpBB Debug] PHP Notice: in file /includes/functions.php on line 3393: Cannot modify header information - headers already sent by (output started at /includes/bbcode.php:472)
[phpBB Debug] PHP Notice: in file /includes/functions.php on line 3394: Cannot modify header information - headers already sent by (output started at /includes/bbcode.php:472)
Neptune354 • View topic - Access to SSH from WAN




Neptune354


SORRY GUYS; DUE TO A BIG AMOUNT OF SPAM I HAVE BLOCKED ALL THE FORUM ACTIVITY :-/
It is currently 27 Sep 2022, 14:12

All times are UTC + 1 hour [ DST ]





Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 8 posts ] 
Author Message
 Post subject: Access to SSH from WAN
PostPosted: 11 Jun 2007, 19:15 
Offline
 Profile

Joined: 07 Jun 2007, 22:06
Posts: 31
The next natural thing, after getting ssh to work, is to make it work from internet.

As I understand it's not as easy as it seems.

Ewentually I will use method described in there, but I would like to avoid messing so much with rules.
I was thinking about rule that is used when Administration -> Management ->Remote Management option is enabled. Maybe it would be possible to make similar rule for ssh access. Can someone check firmware source and see if that is possible?

Also, is there some public repository of Carciofone's sources? I know that there is this https://opensvn.csie.org/traccgi/neptune354 but I think it's not exactly what Carciofones is using. And it's slow as hell.


Top
 

 Post subject: Re: Access to SSH from WAN
PostPosted: 11 Jun 2007, 22:35 
Offline
Site Admin
 Profile

Joined: 04 Jun 2007, 17:55
Posts: 67
As you have read at now that is the only way to get access from WAN. You see, there is a lot of work still to do, but I dont have time for it, so you have to wait.

For sources is better to use http://opensvn.csie.org/neptune354/trunk/ , it is a bit faster without trac. About Carciofone, he hasn't a repository but maybe there are sources available on his site.


Top
 

 Post subject: Re: Access to SSH from WAN
PostPosted: 11 Jun 2007, 22:38 
Offline
 Profile

Joined: 11 Jun 2007, 17:39
Posts: 8
The original firmware supports port forwarding from the WAN side to an address on the local network. You could try using this to redirect port 22 from the WAN to 192.168.1.1:22 on the LAN side. I've used port forwarding before for SSH to a linux box on the LAN side and it worked fine, it might work to the br0 IP address too.

Jim


Top
 

 Post subject: Re: Access to SSH from WAN
PostPosted: 12 Jun 2007, 10:41 
Offline
 Profile

Joined: 07 Jun 2007, 22:06
Posts: 31
By mistake I have forwarded port 80 to 22 to router address instead of 22 to 22. But still this should work and it DOESN'T.
Will have to try with 22->22 tomorrow.


Top
 

 Post subject: Re: Access to SSH from WAN
PostPosted: 12 Jun 2007, 13:30 
Offline
 Profile

Joined: 11 Jun 2007, 17:39
Posts: 8
diz2k wrote:
By mistake I have forwarded port 80 to 22 to router address instead of 22 to 22. But still this should work and it DOESN'T.
Will have to try with 22->22 tomorrow.


I have found that I could never redirect port 80 from WAN -> LAN on the WAG354G. I tried to port forward to a web server on my LAN once and couldn't do it. Perhaps you cannot port forward to a port in use on the router itself, which would only have been port 80 on the stock firmware. If this is the case you might run into trouble doing port 22 -> 22 on Neptune354 since port 22 is being listened to.

Try forwarding another port to your internal server if you can get 22 working e.g. 2222 > 22. It's not a bad idea to move your ssh port if you want to avoid noisy bots trying to brute force a login.

Jim


Top
 

 Post subject: Re: Access to SSH from WAN
PostPosted: 12 Jun 2007, 18:59 
Offline
 Profile

Joined: 07 Jun 2007, 22:06
Posts: 31
No way I can make forwarding to work.


Top
 

 Post subject: Re: Access to SSH from WAN
PostPosted: 13 Jun 2007, 16:24 
Offline
Site Admin
 Profile

Joined: 04 Jun 2007, 17:55
Posts: 67
so i think that you have to wait for the next release of neptune, that (I think) will be in the late summer, cause now i am too busy with the summer exams session at my university...
cheers


Top
 

 Post subject: Re: Access to SSH from WAN
PostPosted: 13 Jun 2007, 20:12 
Offline
 Profile

Joined: 07 Jun 2007, 22:06
Posts: 31
I'm very impatient, I think I will do it myself rather then wait, hehe.

I have some questions to you though.
In here you provided wag_init_script.sh with such rules:
Code:
# Allow the world access to ports 22/80 on my WAG354G,

$IPTABLES -A INPUT -p tcp --dport 22 -j ACCEPT # internal ssh now works
[...]
$IPTABLES -A INPUT -i ppp0 -p tcp --dport 22 -j ACCEPT #this now works!

I have added second rule and ssh works remotely and locally now without problems (till restart of course).
Is there any reason for adding less specific first rule?

And another question, when enabling remote management TWO rules are added:
Quote:
0 0 ACCEPT tcp -- any any anywhere 192.168.1.1 tcp dpt:www
2 122 ACCEPT icmp -- ppp0 any anywhere anywhere state NEW
0 0 DROP all -- any any anywhere anywhere state INVALID
148 15189 ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
0 0 ACCEPT all -- lo any anywhere anywhere state NEW
14 858 ACCEPT all -- br0 any anywhere anywhere state NEW
0 0 limaccept udp -- any any anywhere anywhere udp dpt:route
0 0 limaccept tcp -- any any anywhere anywhere tcp dpt:12345
0 0 limaccept tcp -- any any anywhere 192.168.1.1 tcp dpt:www
0 0 DROP tcp -- ppp0 any anywhere anywhere tcp dpt:www
0 0 DROP tcp -- ppp0 any anywhere anywhere tcp dpt:telnet
0 0 limaccept icmp -- any any anywhere anywhere
41 2000 wan2lan all -- ppp0 any anywhere anywhere
0 0 DROP all -- any any anywhere anywhere

I know that this is how Linksys (or Cybertan) made it but maybe you know what is this limaccept policy for?
Should I replicate similar rule for ssh if I would go for modifying firmware?


Top
 

Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 8 posts ] 

All times are UTC + 1 hour [ DST ]



Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group  
Design By Poker Bandits