View Full Version : Telnet From Wan
Hi,
i can't access to my wl500gx by telnet from WAN.
it works from LAN, and i have added a rule in NAT Setting - Virtual server with port 23 to 192.168.1.1 on TCP, but telnet fails ...
semebody have an idea ?
thanks
Jean-Fabrice
17-05-2005, 00:09
what IP are you telnetting from WAN ?
192.168.1.1 ? if yes, better try you 'real' Internet IP adress (the one your ISP gives you). If no, I've no idea...
JF
i try my external address IP
somebody can help me to know why i can't access to my router by Telnet via Internet ?
i've open port in NAT setting, but telnet works only on LAN (with External IP address)
You need to enable Web admin WAN access if you want to have telnet to be WAN enabled. Alternatively you could modify post-firewall.
Anyway, enabling telnet WAN access is VERY risky, as password could be snooped in transit.
Hi,
i have enable http WAN access (port 8080)
i may enable other function to make WAN admin ?
i want to access to my routeur by telnet to wake one PC on My LAN, and the only way i have found is to launch a wakelan program on my wl500gx
thanks
The right way is using ssh instead.
i have activated the SSH, and from LAN i use putty, but from WAN it doesn't works
sure, you need to read info on my page and create post-firewall file.
my post-firewall is :
[admin@dhcppc0 sbin]$ more post-firewall
#!/bin/sh
iptables -D INPUT -j DROP
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 81 -j ACCEPT
iptables -t nat -A PREROUTING -i eth0 tcp --dport 80 -j DNAT --to-destination 192.168.1.1:81
# deny ftp access from WAN
# iptables -D INPUT -p tcp -m tcp -d "$2" --dport 21 -j ACCEPT
# Allow access to ssh server from WAN
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -t nat -A PREROUTING -i eth0 tcp --dport 22 -j DNAT --to-destination 192.168.1.1:22
iptables -A INPUT -j DROP
but it doesn't work anymore ... 8-((
my iptables :
Chain INPUT (policy ACCEPT)
target prot opt source destination
DROP all -- anywhere anywhere state INVALID
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere state NEW
ACCEPT all -- anywhere anywhere state NEW
ACCEPT udp -- anywhere anywhere udp spt:bootps dpt:bootpc
ACCEPT tcp -- anywhere anywhere tcp dpt:www
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere tcp dpt:www
ACCEPT tcp -- anywhere anywhere tcp dpt:81
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
DROP all -- anywhere anywhere
Well, as long as the ssh-server is running on the router you don't need to set up a virtual server, you just need to accept packets in the input table.
So try again without the nat PREROUTING line.
S.
i've the same pb without the PREROUTING line ...
Ok.
1. How do you test? Do you try to access from LAN using external ip, or do you try from another network?
2. Do you have something like a ADSL modem in front of router? Is it possible that your ISP is blocking ports?
You can try a service like shieldsup (use google to find), to test open, closed and stealth ports.
S.
i try with an other network
i have effectively an ADSL Modem in front of the router
i 'll try shieldsup ...
the port 22 seems to be open by shieldsup
i'll try from another Network
If you have a ADSL modem in front of router you might have to use port forwarding and open filters in your modem.
What is your WAN setup? Automatic IP? If so what is the WAN-ip of your router? 192.168..? Or 10.0.0.1...? If this is the case then you most likely have to get in to your modem and forward ports to your routers WAN-ip and possibly open up filter/firewall in your modem.
S.
Hi,
i've tried from another Wan, and ... it's OK !
i suppose the previous WAN i used block the port 22
thanks very much,
now, i can wake up my PC from SSH