How to open up port for external access?

[Ehsan]

I have Oleg's firmware on my WL-500gP and ntorrent installed along with the CTCS web gui (http://wl500g.info/showthread.php?t=11691) for administration and upload of the torrents. The web gui is accessed on 192.168.1.1:18000

I however want to be able to access this page when I'm not at home so I can administer my torrent and start new downloads when I'm away. I have tried to open the port but I seem to do something wrong. It would be great if someone could write the command lines I should execute line by line since I'm a newbie and probably have missed something!

Thank you!

[cupacup]

In console enter following iptables -I INPUT -m tcp -p tcp --dport 18000 -j ACCEPT, however you should check if CTCS web gui is serving service on all ip addresses with lsof -i, or binding the ctorrent web gui to external address.

[Ehsan]

you should check if CTCS web gui is serving service on all ip addresses with lsof -i, or binding the ctorrent web gui to external address.

The lsof -i command doesn't work and how do I bind the web gui to an external address?

[adrianio]

The lsof -i command doesn't work and how do I bind the web gui to an external address?

Add the following in your /usr/local/sbin/post-firewall:

iptables -t nat -I PREROUTING 1 -d your_public_ip_address_here -m tcp -p tcp --dport 18000 -j DNAT --to-destination 192.168.1.1:18000
iptables -I INPUT 1 -m tcp -p tcp --dport 18000 -j ACCEPT

Don't forget to save:
flashfs save && flashfs commit && flashfs enable && reboot

If you do not have static public IP address the problem is little more complicated. You can get your public IP address from:

nvram get wan_ipaddr_t

Sorry, I've just corrected a mistake at iptables -t nat

[miguel_angelo]

I'm relative new in this things.. how can i configure my router to access from outside (another location)?

[mataanjin]

hello, i want to change my ssh port
'cos my isp blok port 1-1024. i want to change it to 3031
here is my post-firewall

Code:

#!/bin/sh
## FIREWALL
## set default policy
iptables -P INPUT DROP
## Allow access to various router services from WAN
for P in 3031 51413 9091; do
  iptables -I INPUT 1 -p tcp --syn -i "$1" --dport $P -j ACCEPT
done
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 3031 \
-j REDIRECT --to-port 22

anything wrong?
i'm using wl500-w.

[MMCM]

If you fully trust the (encrypted?) authentication mechanism of CTCS, then it's OK to open the port from the internet.
If you don't trust it, use ssh tunnelling only for such purposes, if possible with public key auth only and password auth disabled.