What's new

Changing WAN SSH Port

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

elfarto

Occasional Visitor
I'm trying to setup an RT-AC68U with the latest Merlin/AsusWRT version (348.1 iirc), i'm coming from a TP-LINK WDR4300 that ran DDWRT and i was used to the option of having SSH listen on the WAN port at a different port than on LAN, i can't find no such option on this router, of course port forwarding WAN:25022 to the 192.168.1.1:22 is not working due to the way iptables processes the packets..

Any help will be appreciated
 
While we wait i was able to make it work by:
1) Creating a port forward from Port 22022 to 192.168.1.1
2) Add the following rule to iptables:
iptables -I INPUT 13 -d 192.168.1.1 -p tcp --dport 22 -j ACCEPT

The "13" value is the rule number and may vary on your particular router, run
iptables -nvxL --line numbers and make sure you use a value that puts the inserted line before the DROP rule at the end
 
Alternative solution (without port forwarding):

create (executable) script in /jffs/scripts (for example "nat-start") with the following lines

#!/bin/sh

killall dropbear
sleep 1
dropbear -p 22022 -p 192.168.1.1:22 -a

You can add any flags to the last line (see dropbear --help)
 
Alternative solution (without port forwarding):

create (executable) script in /jffs/scripts (for example "nat-start") with the following lines

#!/bin/sh

killall dropbear
sleep 1
dropbear -p 22022 -p 192.168.1.1:22 -a

You can add any flags to the last line (see dropbear --help)

This looks like it should work, but for whatever reason, this causes me to completely lose ssh access to my 380.68 router. I made changes to your script example and used my router LAN address of course. I had to restore my jffs backup to restore ssh access.
 
Bumping this... just switched from DD-WRT to Merlin and noticed this is missing.

Alternative solution (without port forwarding):

create (executable) script in /jffs/scripts (for example "nat-start") with the following lines

#!/bin/sh

killall dropbear
sleep 1
dropbear -p 22022 -p 192.168.1.1:22 -a

You can add any flags to the last line (see dropbear --help)
Actually not sure if this will work, there are actually two dropbear processes, so you end up killing both the internal and external?
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top