SSH tunneling question

[newnews]

now I’m confused: I just went to change my SSH setting to include my WAN to test it, and I see that my setting to allow SSH port forwarding is set to No even though I have changed my SSH port to an obscure five-figure port number. So now I’m not at all sure what exactly the setting to allow SSH port forwarding does. All I can suggest is changing that setting to No, applying it, and seeing what happens.


Edit: I think I get that setting now

https://www.snbforums.com/threads/ssh-port-forwarding-allowed-regardless-of-the-setting.9877/

so changing it to No isn’t going to close Port 22 for you. By the way, I presume a port scan from the WAN shows both Ports 443 and 22 listening.

If I set SSH port forwarding to NO, I am still able to connect SSH, but no internet access.
I think SSH is buggy in Merlin firmware. I did the following workaround to have SSH tunnel working properly:
1. Set SSH to LAN only
2. Set SSH port forwarding to NO
3. Now I forward external port 443 to port 22 of my 2nd router(192.168.10.2 acting as a repeater in my home network with Tomato firmware) instead of the main router 192.168.10.1.
4. Everything works fine. Putty now establish the tunnel to the 2nd router only at port 443 and internet works great.

 

[dave14305]

If I set SSH port forwarding to NO, I am still able to connect SSH, but no internet access.
I think SSH is buggy in Merlin firmware. I did the following workaround to have SSH tunnel working properly:
1. Set SSH to LAN only
2. Set SSH port forwarding to NO
3. Now I forward external port 443 to port 22 of my 2nd router(192.168.10.2 acting as a repeater in my home network with Tomato firmware) instead of the main router 192.168.10.1.
4. Everything works fine. Putty now establish the tunnel to the 2nd router only at port 443 and internet works great.

Found this older thread trying a similar scenario: https://www.snbforums.com/threads/ssh-port-forward-to-router.42760/

 

[newnews]

Found this older thread trying a similar scenario: https://www.snbforums.com/threads/ssh-port-forward-to-router.42760/

so the issue has been there for quite some years. Thank you for spending time for this!

 

[martinr]

If I set SSH port forwarding to NO, I am still able to connect SSH, but no internet access.
I think SSH is buggy in Merlin firmware. I did the following workaround to have SSH tunnel working properly:
1. Set SSH to LAN only
2. Set SSH port forwarding to NO
3. Now I forward external port 443 to port 22 of my 2nd router(192.168.10.2 acting as a repeater in my home network with Tomato firmware) instead of the main router 192.168.10.1.
4. Everything works fine. Putty now establish the tunnel to the 2nd router only at port 443 and internet works great.

After a bit of refreshing my memory and testing, the SSH port forwarding setting has to be set to Yes in order for local and dynamic SSH port forwarding to work i.e. tunnels doesn't work unless it's set to Yes. Something I'm sure I knew some years ago but which, because of OpenVPN use, got erased from my memory. Anyway, I'm glad you're sorted now and I hope you manage to achieve the aim in the first post. Perhaps you could let us know how you get on?