Results 1 to 2 of 2

Thread: Dropbear WAN access - Please help

  1. #1

    Dropbear WAN access - Please help

    I have read the forums and completed the tutorials and cannot get access from the WAN to my wl-500gp via dropbear ( local access is perfect).

    The firmware I am using is:1.9.2.7-7f-pre8 (Oleg's)

    vsftpd is working perfectly but no luck with dropbear ssh on port 22

    Here is what I have in the /usr/local/sbin/post-firewall

    #!/bin/sh
    #SSH and FTP access from WAN
    iptables -D INPUT -j DROP
    iptables -A INPUT -p tcp --dport 22 -j ACCEPT
    iptables -A INPUT -p tcp --dport 21 -j ACCEPT
    iptables -t nat -A PREROUTING -i vlan1 -p tcp --dport 22 -j DNAT --to-destination $4:22
    iptables -t nat -A PREROUTING -i vlan1 -p tcp --dport 21 -j DNAT --to-destination $4:21
    iptables -A INPUT -j DROP
    On the asus web-interface I have set a rule in the "virtual server" option to forward the port to the router:

    Port-Range: 22
    Local IP: 192.168.1.1
    Local Port: <blank>
    Protocol: TCP
    Protocol No.: <blank>
    Description: Dropbear (22)

    FTP is fine but wan access to dropbear is a no - no. I have looked at the asus logs and can see the packets are still being dropped.


    Thanks in advance for any help on this:

  2. #2
    Ok - I was able to solve the problem by placing the following line in the post-firewall

    iptables -I INPUT -i ppp0 -s x.x.x.x -p tcp --dport 22 -j ACCEPT
    Where x.x.x.x is the external ip you are accessing the router from.

    So the my current post-firewall looks like this

    #!/bin/sh
    #SSH and FTP access from WAN
    iptables -D INPUT -j DROP
    iptables -I INPUT -i ppp0 -s x.x.x.x -p tcp --dport 22 -j ACCEPT
    iptables -A INPUT -p tcp --dport 21 -j ACCEPT
    iptables -t nat -A PREROUTING -i vlan1 -p tcp --dport 22 -j DNAT --to-destination $4:22
    iptables -t nat -A PREROUTING -i vlan1 -p tcp --dport 21 -j DNAT --to-destination $4:21
    iptables -A INPUT -j DROP
    Is this the best approach - I took this from the russian forum - but my russian is not great - actually I know none at all - Da!

Similar Threads

  1. remote access to WL-500G
    By pavelv2 in forum WL-500g Q&A
    Replies: 3
    Last Post: 15-06-2006, 12:22
  2. Simple and secure file access from MS over WAN
    By monnier in forum WL-500g Q&A
    Replies: 0
    Last Post: 17-04-2006, 17:14
  3. Deny WAN access
    By Artefacto in forum WL-500g Q&A
    Replies: 0
    Last Post: 26-03-2006, 04:59

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •