velcrow
31-10-2006, 13:07
I have read the forums and completed the tutorials and cannot get access from the WAN to my wl-500gp via dropbear ( local access is perfect).
The firmware I am using is:1.9.2.7-7f-pre8 (Oleg's)
vsftpd is working perfectly but no luck with dropbear ssh on port 22
Here is what I have in the /usr/local/sbin/post-firewall
#!/bin/sh
#SSH and FTP access from WAN
iptables -D INPUT -j DROP
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 21 -j ACCEPT
iptables -t nat -A PREROUTING -i vlan1 -p tcp --dport 22 -j DNAT --to-destination $4:22
iptables -t nat -A PREROUTING -i vlan1 -p tcp --dport 21 -j DNAT --to-destination $4:21
iptables -A INPUT -j DROP
On the asus web-interface I have set a rule in the "virtual server" option to forward the port to the router:
Port-Range: 22
Local IP: 192.168.1.1
Local Port: <blank>
Protocol: TCP
Protocol No.: <blank>
Description: Dropbear (22)
FTP is fine but wan access to dropbear is a no - no. I have looked at the asus logs and can see the packets are still being dropped.
Thanks in advance for any help on this:
The firmware I am using is:1.9.2.7-7f-pre8 (Oleg's)
vsftpd is working perfectly but no luck with dropbear ssh on port 22
Here is what I have in the /usr/local/sbin/post-firewall
#!/bin/sh
#SSH and FTP access from WAN
iptables -D INPUT -j DROP
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 21 -j ACCEPT
iptables -t nat -A PREROUTING -i vlan1 -p tcp --dport 22 -j DNAT --to-destination $4:22
iptables -t nat -A PREROUTING -i vlan1 -p tcp --dport 21 -j DNAT --to-destination $4:21
iptables -A INPUT -j DROP
On the asus web-interface I have set a rule in the "virtual server" option to forward the port to the router:
Port-Range: 22
Local IP: 192.168.1.1
Local Port: <blank>
Protocol: TCP
Protocol No.: <blank>
Description: Dropbear (22)
FTP is fine but wan access to dropbear is a no - no. I have looked at the asus logs and can see the packets are still being dropped.
Thanks in advance for any help on this: