telnet/ssh to router from internet

[bigphantom]

hi all,

i have a PPoE connection, and i'm using a DDNS Service to map the current IP address to a name. (bxxx.gotdns.org)

the remote port for access from WAN is set to 6969. Accessing from WAN http://bxxx.gotdns.org:6969 i get to router interface.

I want to be able to telnet or ssh to router.
(from LAN telnet works)
eg: telenet 192.168.10.254 , then it request user & pass and everything is OK

from WAN, nothing happens.

I have on router a modified firmware (Olegs ... with busybox 1.13), and i've installed dropbear, so ssh is enabled and functional, only from LAN (like telnet);

It can be done what i want ?

[al37919]

Add the following line to /usr/local/post-firewall to enable ssh access from WAN:

iptables -A INPUT -p tcp --syn --dport 22 -j ACCEPT

Don't enable telnet on WAN, it's not secure method.

[thE_29]

This wont enable it! Because you APPEND this rule (with A)!

But one rule before is "DROP all -- anywhere anywhere"

And after this line every other package is throwin away (ignored)

http://wl500g.info/showthread.php?t=7314

Here is it explained how to use iptables!
After the line: "Put this in your post-firewall script, but do not forget to change 192.168.1.1 to match your wl500's LAN "
You can see, he drops the DROP all rule! Then add his custom rules (in your case just one) and then adding again the DROP all rule!

[viktike]

Had same issue before. ICMP (incoming Pings from WAN) is disabled by the firewall. Check the web interface. If not work, try to disable the firewall, to know, where the mistake is.

[bigphantom]

Add the following line to /usr/local/post-firewall to enable ssh access from WAN:

iptables -A INPUT -p tcp --syn --dport 22 -j ACCEPT

Don't enable telnet on WAN, it's not secure method.

okay, thanks,
i managed to put together files in post-firewall, just another stupid question
may i comment even in post-firewall a line by putting in front of it # ?

(i plan to start learning IPTABLES but i require some testing and i don't want to make something wrong to lock myself out of the box)

[al37919]

yeah, # comments the line out. Actually, post-firewall is just a program written in the language, which is called shell.
Check the result of applying of the rules with iptables -L

[piezomotor]

Add the following line to /usr/local/post-firewall to enable ssh access from WAN:

iptables -A INPUT -p tcp --syn --dport 22 -j ACCEPT

Don't enable telnet on WAN, it's not secure method.

I have these lines working for me with the XWRT firmware, is there any reason they should not work here?

Code:

### Open port to WAN
## -- This allows port 22 to be answered by (dropbear on) the router
# iptables -t nat -A prerouting_wan -p tcp --dport 22 -j ACCEPT
# iptables        -A input_wan      -p tcp --dport 22 -j ACCEPT