can somebody please tell me how the settings are to connect from wan to dropbear? because i have tried some things, but it doesn't helped. (in lan everything works fine...)

am i wrong when i open the port 22 in the virtual server?

Port Range: 22
Local Ip 192.168.1.1
Local Port: empty
Protocol: TCP

thanks

grat182

What is connected to the other end of your wan cable? A modem/adsl router, or anything else that can handle port forwarding and NAT?

If there is another device, you need to forward the port there (as opposed to opening port 22 on the wl-700ge)

My router's WAN port is directly connected to my ISP. I put port 22 in both port entries. I confirmed the settings manually with the following iptables command. If your setup is like mine, you should see something similar to the following:

[root@WL700gE ~]$ iptables -t nat --list | grep ssh
DNAT tcp -- anywhere your.hostname dpt:ssh to:192.168.1.1:22

[root@WL700gE ~]$ iptables --list | grep ssh
ACCEPT tcp -- anywhere 192.168.1.1 tcp dpt:ssh

- K.C.

thanks for the answers.

the modem (cabel) doesn't have a firewall or block something.

where do i see the iptables? do i have to install something?

i know it's a stupid question but i have only less linux knowledge :-(

i hope that somebody could help :-)

thanks
grat182

or shall i do that aslike is there written:

http://www.sprayfly.com/wiki/SSH_Guide

?

thanks

grat182

thanks for the answers.
where do i see the iptables? do i have to install something?


You can open port 22 in Asus WEB-GUI - this is probably the easiest way that will also work after you restard the router.

- or your can open it manually by e.g.


iptables -I INPUT 7 -p tcp --dport 22 -j ACCEPT


For more complex solution please see http://wl700g.info/showthread.php?t=7712&highlight=iptables

[root@WL700gE ~]$ iptables --list | grep ssh
ACCEPT tcp -- anywhere 192.168.1.1 tcp dpt:ssh

- K.C.

K.C.,

is there a special reason to have it in nat table in addition to input?

Thanks & Rgds

@ dolphine

is this right how i opened it in the asus web-gui?

advanced --> nat --> virtual server

Port Range: 22
Local Ip 192.168.1.1
Local Port: empty
Protocol: TCP

?

grat182

PS: but this doesn't work... also not after reboot :-(

advanced --> nat --> virtual server

Port Range: 22
Local Ip 192.168.1.1
Local Port: empty
Protocol: TCP



I think that local prot should be 22 as well. Port range specifies the range of port on external (WAN) interface that are forwardded to local ip and local port. Therefore both ports shoudl be 22. The external port does not have to be 22.

Does it help?

thanks for your help dolphine.

i have changed the settings without success.

Port Range: 22
Local Ip 192.168.1.1
Local Port: 22
Protocol: TCP

when i connect local with the 192.168.1.1 everything works fine and when i turn of the fw it works also from wan (then it must be the firewall)

in the syslog i get following error:

Jan 21 21:46:38 dropbear[576]: Child connection from 91.*.*.*:2342
Jan 21 21:46:38 dropbear[576]: exit before auth: Failed to get remote version

could anybody help?

grat182

could somebody tell me why i don't have the iptables command? (or what do i wrong)?

[~]$ iptables
bash: iptables: command not found

i'm logged in as root

thanks

grat182

i had got problems with the paths! now it works...

thanks for help

grat182

K.C.,

is there a special reason to have it in nat table in addition to input?



Since the destination IP is non-routable, it has to be nat'd in order to get packets in and response packets back out to the WAN.

- K.C.

[root@WL700gE ~]$ iptables -t nat --list | grep ssh
DNAT tcp -- anywhere your.hostname dpt:ssh to:192.168.1.1:22

[root@WL700gE ~]$ iptables --list | grep ssh
ACCEPT tcp -- anywhere 192.168.1.1 tcp dpt:ssh

- K.C.

kfurge, have you wrote that then into the rc.local?

thanks
grat182

kfurge, have you wrote that then into the rc.local?

thanks
grat182

No. I did everything through the DMZ section of the web interface. The commands I showed were just a succinct way of confirming the tables contained the entries I exected.

No rc.local juggling was necessary for my setup.

- K.C.

I'am also struggling with ssh access from wan. My box is running Kfurge's firmware (thanks for the excellent job!). I can reach dropbear from the lan side alright, but in order to reach it from wan, I must disable the firewall (which I don't want : the point for using ssh is security, after all!)

Whatever my configuration effort through the Asus Web-GUI, if firewall is enabled, I can't ssh from wan. I have been reading yout posts regarding this problem, and I don't understand how you manage to get it working : I have tried all NAT Settings>Virtual server and Firewall>Wan & Lan filters setting I could imagine, none makes it work when firewall is enabled. And when firewall is disabled, it works right away without any special port tweaking in the GUI. Kfurge mentions using DMZ for setting up ssh from the Web GUI, but maybe he got confused, because I can only set an IP address on the LAN side in this window (no port setting).

I understand that I can set iptables right for being able to ssh from Wan by typing in commands or using a script, but that these changes are not permanent and that further requires periodically resetting using a cron job, which I would prefer to avoid, if possible.

Can anyone clarify how he/she got it to work? Thanks in advance,

Phil

with my box it also didn't worked with the virtual server, wan lan filter...

i have edited the rc.local aslike costinel in this thread wrote.

http://wl700g.info/showthread.php?t=7864&highlight=iptables

edit kfurge's rc.local and add (at the end):

iptables -I INPUT -p tcp --dport INSERT-YOUR-PORT-NUMBER-HERE -j ACCEPT

now it works... i don't know if the settings are also saved when i make some changes with the webui, i haven't tried it yet.

grat182