What's new

firewall rule - question

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

peraburek

Senior Member
hello :) since update to Merlin FW 380.59 my ASUS RT-AC68U vpn connection is blocking connection to SSH/TELNET and HTTP/HTTPS
my ASUS RT-AC68U is running as VPN Client to another AC68U (FW 380.58) running as VPN Server

in Administration - System there is - Enable SSH - LAN Only

how to allow incoming connection from VPN Server to VPN Client - SSH - TCP port 22 (but only through tun11 interface)
how to allow incoming connection from VPN Server to VPN Client - HTTP - TCP port 80

when OpenVPN tunnel is running - ovpn server AC68U has 10.8.0.1 IP, my ovpn client AC68U has 10.8.0.2 IP

I have tried adding this rule to ovpn client AC68U, but it doesn't work I cannot connect to SSH or HTTP from ovpn server AC68U, and I am missing iptables skills
Code:
iptables -I INPUT -p tcp --dport 22 -s 10.8.0.1 -j ACCEPT
iptables -I INPUT -p tcp --dport 80 -s 10.8.0.1 -j ACCEPT

I am connecting to VPN Server sometimes from the road, and doing administration over VPN tunnel rather than exposing SSH and HTTP to the whole Internet

I would like to open those two ports on my ovpn client AC68U only to ovpn server IP address, that's all
 
Last edited:
Easiest way is to choose other ports 22 (ssh) and 80 (web) is used by router.
But you can move port 22 to ex 123 and port 80 to 8080.
There is no need to portforward openvpn server and clients port, will be done by program.
 
I am not sure you have understood my question. How to access WebUI of ovpn client router from ovpn server lan, when it is being blocked by firewall?

how to enable SSH for LAN+VPN, at the moment it works if I enable SSH for LAN+WAN but I don't want to expose SSH to WAN

the same question goes for WebUI of router HTTP/HTTPS
 
Last edited:
@RMerlin - I was trying to see changes in source code related to firewall between Merlin FW 380.58 and Merlin FW 380.59

When I am trying to access ports from OpenVPN Server (MerlinFW 380.58 @ AC68U) to OpenVPN Client (MerlinFW 380.59 @ AC68U)
ports are completely blocked (SSH 22, Telnet 23, HTTP 80, HTTPS 8443) however ICMP (echo, ping) works

I am pretty sure it used to work with MerlinFW 380.58, can I safely downgrade firmware from 380.59 to 380.58 ?
 

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top