Wednesday, April 15, 2009

OpenWRT: Allow SSH Access On WAN Interface

Here's the quick way to allow SSH Access for WAN interface on OpenWRT, I configure my ssh to run on port 12345 instead of 22 to avoid automated probes from internet using the web interface, then just run this in the terminal -

shell>/usr/sbin/iptables -I INPUT 1 -p tcp --dport 12345 -j LOG

shell>/usr/sbin/iptables -I INPUT 1 -p tcp --dport 12345 -j ACCEPT


To check if it loads properly -

shell>/usr/sbin/iptables -L | grep 12345
LOG tcp -- anywhere anywhere tcp dpt:12345 LOG level warning
ACCEPT tcp -- anywhere anywhere tcp dpt:12345

To make sure it survives reboot -

shell>nvram set rc_firewall="/usr/sbin/iptables -I INPUT 1 -p tcp --dport 12345 -j LOG"

shell>nvram set rc_firewall="/usr/sbin/iptables -I INPUT 1 -p tcp --dport 12345 -j ACCEPT"


shell>nvram commit

Thanks to the link here.

Done!

Cheers (;])

2 comments:

John said...
This comment has been removed by a blog administrator.
Anonymous said...
This comment has been removed by a blog administrator.