Telnet From Wan

**mao44** · 16-05-2005, 22:40

Hi,

i can't access to my wl500gx by telnet from WAN.
it works from LAN, and i have added a rule in NAT Setting - Virtual server with port 23 to 192.168.1.1 on TCP, but telnet fails ...

semebody have an idea ?

thanks

**Jean-Fabrice** · 17-05-2005, 00:09

what IP are you telnetting from WAN ?
192.168.1.1 ? if yes, better try you 'real' Internet IP adress (the one your ISP gives you). If no, I've no idea...

JF

**mao44** · 17-05-2005, 07:34

i try my external address IP

**mao44** · 17-05-2005, 10:26

somebody can help me to know why i can't access to my router by Telnet via Internet ?
i've open port in NAT setting, but telnet works only on LAN (with External IP address)

**Oleg** · 17-05-2005, 10:31

You need to enable Web admin WAN access if you want to have telnet to be WAN enabled. Alternatively you could modify post-firewall.
Anyway, enabling telnet WAN access is VERY risky, as password could be snooped in transit.

**mao44** · 17-05-2005, 10:36

Hi,

i have enable http WAN access (port 8080)
i may enable other function to make WAN admin ?

i want to access to my routeur by telnet to wake one PC on My LAN, and the only way i have found is to launch a wakelan program on my wl500gx

thanks

**Oleg** · 17-05-2005, 10:37

The right way is using ssh instead.

**mao44** · 17-05-2005, 10:38

i have activated the SSH, and from LAN i use putty, but from WAN it doesn't works

**Oleg** · 17-05-2005, 10:47

sure, you need to read info on my page and create post-firewall file.

**mao44** · 17-05-2005, 18:45

my post-firewall is :

[admin@dhcppc0 sbin]$ more post-firewall
#!/bin/sh
iptables -D INPUT -j DROP
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 81 -j ACCEPT
iptables -t nat -A PREROUTING -i eth0 tcp --dport 80 -j DNAT --to-destination 192.168.1.1:81
# deny ftp access from WAN
# iptables -D INPUT -p tcp -m tcp -d "$2" --dport 21 -j ACCEPT
# Allow access to ssh server from WAN
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -t nat -A PREROUTING -i eth0 tcp --dport 22 -j DNAT --to-destination 192.168.1.1:22
iptables -A INPUT -j DROP

**mao44** · 18-05-2005, 09:11

but it doesn't work anymore ... 8-((

my iptables :
Chain INPUT (policy ACCEPT)
target prot opt source destination
DROP all -- anywhere anywhere state INVALID
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere state NEW
ACCEPT all -- anywhere anywhere state NEW
ACCEPT udp -- anywhere anywhere udp spt:bootps dpt:bootpc
ACCEPT tcp -- anywhere anywhere tcp dpt:www
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere tcp dpt:www
ACCEPT tcp -- anywhere anywhere tcp dpt:81
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
DROP all -- anywhere anywhere

**barsju** · 18-05-2005, 10:03

Well, as long as the ssh-server is running on the router you don't need to set up a virtual server, you just need to accept packets in the input table.
So try again without the nat PREROUTING line.

S.

**mao44** · 18-05-2005, 10:09

i've the same pb without the PREROUTING line ...

**barsju** · 18-05-2005, 10:21

Ok.
1. How do you test? Do you try to access from LAN using external ip, or do you try from another network?
2. Do you have something like a ADSL modem in front of router? Is it possible that your ISP is blocking ports?

You can try a service like shieldsup (use google to find), to test open, closed and stealth ports.

S.

**mao44** · 18-05-2005, 10:41

i try with an other network
i have effectively an ADSL Modem in front of the router
i 'll try shieldsup ...

Thread: Telnet From Wan

Thread Tools

Rate This Thread

Display

Telnet From Wan

Similar Threads

How to telnet

Telnet

How to telnet WL-500gx

Telnet on another port

Telnet to wl-500g

Posting Permissions