Menu
What's new
By:
Filters Better Search

firewall rule - question

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

P

peraburek

Senior Member
hello :) since update to Merlin FW 380.59 my ASUS RT-AC68U vpn connection is blocking connection to SSH/TELNET and HTTP/HTTPS
my ASUS RT-AC68U is running as VPN Client to another AC68U (FW 380.58) running as VPN Server

in Administration - System there is - Enable SSH - LAN Only

how to allow incoming connection from VPN Server to VPN Client - SSH - TCP port 22 (but only through tun11 interface)
how to allow incoming connection from VPN Server to VPN Client - HTTP - TCP port 80

when OpenVPN tunnel is running - ovpn server AC68U has 10.8.0.1 IP, my ovpn client AC68U has 10.8.0.2 IP

I have tried adding this rule to ovpn client AC68U, but it doesn't work I cannot connect to SSH or HTTP from ovpn server AC68U, and I am missing iptables skills
Code: 
iptables -I INPUT -p tcp --dport 22 -s 10.8.0.1 -j ACCEPT
iptables -I INPUT -p tcp --dport 80 -s 10.8.0.1 -j ACCEPT

I am connecting to VPN Server sometimes from the road, and doing administration over VPN tunnel rather than exposing SSH and HTTP to the whole Internet

I would like to open those two ports on my ovpn client AC68U only to ovpn server IP address, that's all
 
Last edited:
Easiest way is to choose other ports 22 (ssh) and 80 (web) is used by router.
But you can move port 22 to ex 123 and port 80 to 8080.
There is no need to portforward openvpn server and clients port, will be done by program.
 
I am not sure you have understood my question. How to access WebUI of ovpn client router from ovpn server lan, when it is being blocked by firewall?

how to enable SSH for LAN+VPN, at the moment it works if I enable SSH for LAN+WAN but I don't want to expose SSH to WAN

the same question goes for WebUI of router HTTP/HTTPS
 
Last edited:
@RMerlin - I was trying to see changes in source code related to firewall between Merlin FW 380.58 and Merlin FW 380.59

When I am trying to access ports from OpenVPN Server (MerlinFW 380.58 @ AC68U) to OpenVPN Client (MerlinFW 380.59 @ AC68U)
ports are completely blocked (SSH 22, Telnet 23, HTTP 80, HTTPS 8443) however ICMP (echo, ping) works

I am pretty sure it used to work with MerlinFW 380.58, can I safely downgrade firmware from 380.59 to 380.58 ?
 
You must log in or register to reply here.

Similar threads

T
Internet connection via ISP despite existing VPN connection in the Asus RT-AC 86U
Replies
5
Views
379
tom
T
T
[Help] Problems setting up OpenVPN
Replies
7
Views
338
Thookie
T
H
Solved Beginners firewall question.
Replies
6
Views
1K
Henk-J
H
Sergyk
VPN client
Replies
6
Views
715
eibgrad
eibgrad
D
Nord Open VPN client connected but not secure?
Replies
1
Views
288
Dougj
D
Similar threads
Thread starter Title Forum Replies Date
Z Dual WAN + Dual Firewall Asuswrt-Merlin 11
K Asus router as adblock/firewall server (but not acting as a router) between modem and mesh routers Asuswrt-Merlin 7
M wan dhcpv6 blocked by firewall Asuswrt-Merlin 2
L is enabling firewall necessary (same for upnp) when on a provider with cgnat? Asuswrt-Merlin 5
M Advance firewall rules Asuswrt-Merlin 5
fffddd URL filtering in the firewall does not take effect Asuswrt-Merlin 7
G Feature request: firewall url filter log Asuswrt-Merlin 0
B Firewall lan - vpn? Asuswrt-Merlin 0
John Tetreault How to open ipv6 firewall to a port on the router? Asuswrt-Merlin 7
C Port Forwarding and Firewall - not working as I expect Asuswrt-Merlin 4

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 848 (members: 12, guests: 836)
Top