openwrt no ssh from wan












2















I would like to have access from wan through ssh to my openwrt router. I did the following:




  • Go to the Network / Firewall / Traffic Rules.

  • Scroll down to the “Open ports on router” section.

  • Enter a name for this rule, e.g. “Allow-SSH-WAN”.

  • Set “Protocol” to “TCP”.

  • Enter “22” as the “External Port”.

  • Click “Add”.

  • Click “Save and Apply”.


Unfortunately ssh root@myWANip does not answer.
What did I miss?










share|improve this question
















bumped to the homepage by Community 5 mins ago


This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
















  • from inside the routers NAT? Not supported (I think it's possible if you get fancy with iptables rules, but my OpenWrt CC doesn't implement it).

    – sourcejedi
    May 15 '17 at 7:27













  • i am looking for ssh from a different network to my openwrt through the WAN. not inside the routers NAT.

    – john
    May 15 '17 at 13:09











  • ok. client is Linux? you should try running sudo traceroute -T -p 22 myWANip. It might show whether there is another nasty firewall in the way or you have a clear path right up to the router using port 22.

    – sourcejedi
    May 15 '17 at 14:39











  • also, it would be clearer if you give a specific on "does not answer". I assume you get "connection refused". If instead it just hangs, I'd want to look at ssh -v or so to confirm where the hang happens.

    – sourcejedi
    May 15 '17 at 14:43
















2















I would like to have access from wan through ssh to my openwrt router. I did the following:




  • Go to the Network / Firewall / Traffic Rules.

  • Scroll down to the “Open ports on router” section.

  • Enter a name for this rule, e.g. “Allow-SSH-WAN”.

  • Set “Protocol” to “TCP”.

  • Enter “22” as the “External Port”.

  • Click “Add”.

  • Click “Save and Apply”.


Unfortunately ssh root@myWANip does not answer.
What did I miss?










share|improve this question
















bumped to the homepage by Community 5 mins ago


This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
















  • from inside the routers NAT? Not supported (I think it's possible if you get fancy with iptables rules, but my OpenWrt CC doesn't implement it).

    – sourcejedi
    May 15 '17 at 7:27













  • i am looking for ssh from a different network to my openwrt through the WAN. not inside the routers NAT.

    – john
    May 15 '17 at 13:09











  • ok. client is Linux? you should try running sudo traceroute -T -p 22 myWANip. It might show whether there is another nasty firewall in the way or you have a clear path right up to the router using port 22.

    – sourcejedi
    May 15 '17 at 14:39











  • also, it would be clearer if you give a specific on "does not answer". I assume you get "connection refused". If instead it just hangs, I'd want to look at ssh -v or so to confirm where the hang happens.

    – sourcejedi
    May 15 '17 at 14:43














2












2








2


1






I would like to have access from wan through ssh to my openwrt router. I did the following:




  • Go to the Network / Firewall / Traffic Rules.

  • Scroll down to the “Open ports on router” section.

  • Enter a name for this rule, e.g. “Allow-SSH-WAN”.

  • Set “Protocol” to “TCP”.

  • Enter “22” as the “External Port”.

  • Click “Add”.

  • Click “Save and Apply”.


Unfortunately ssh root@myWANip does not answer.
What did I miss?










share|improve this question
















I would like to have access from wan through ssh to my openwrt router. I did the following:




  • Go to the Network / Firewall / Traffic Rules.

  • Scroll down to the “Open ports on router” section.

  • Enter a name for this rule, e.g. “Allow-SSH-WAN”.

  • Set “Protocol” to “TCP”.

  • Enter “22” as the “External Port”.

  • Click “Add”.

  • Click “Save and Apply”.


Unfortunately ssh root@myWANip does not answer.
What did I miss?







openwrt






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited May 15 '17 at 8:18









dr01

16.1k114972




16.1k114972










asked May 15 '17 at 7:12









johnjohn

667




667





bumped to the homepage by Community 5 mins ago


This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.







bumped to the homepage by Community 5 mins ago


This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.















  • from inside the routers NAT? Not supported (I think it's possible if you get fancy with iptables rules, but my OpenWrt CC doesn't implement it).

    – sourcejedi
    May 15 '17 at 7:27













  • i am looking for ssh from a different network to my openwrt through the WAN. not inside the routers NAT.

    – john
    May 15 '17 at 13:09











  • ok. client is Linux? you should try running sudo traceroute -T -p 22 myWANip. It might show whether there is another nasty firewall in the way or you have a clear path right up to the router using port 22.

    – sourcejedi
    May 15 '17 at 14:39











  • also, it would be clearer if you give a specific on "does not answer". I assume you get "connection refused". If instead it just hangs, I'd want to look at ssh -v or so to confirm where the hang happens.

    – sourcejedi
    May 15 '17 at 14:43



















  • from inside the routers NAT? Not supported (I think it's possible if you get fancy with iptables rules, but my OpenWrt CC doesn't implement it).

    – sourcejedi
    May 15 '17 at 7:27













  • i am looking for ssh from a different network to my openwrt through the WAN. not inside the routers NAT.

    – john
    May 15 '17 at 13:09











  • ok. client is Linux? you should try running sudo traceroute -T -p 22 myWANip. It might show whether there is another nasty firewall in the way or you have a clear path right up to the router using port 22.

    – sourcejedi
    May 15 '17 at 14:39











  • also, it would be clearer if you give a specific on "does not answer". I assume you get "connection refused". If instead it just hangs, I'd want to look at ssh -v or so to confirm where the hang happens.

    – sourcejedi
    May 15 '17 at 14:43

















from inside the routers NAT? Not supported (I think it's possible if you get fancy with iptables rules, but my OpenWrt CC doesn't implement it).

– sourcejedi
May 15 '17 at 7:27







from inside the routers NAT? Not supported (I think it's possible if you get fancy with iptables rules, but my OpenWrt CC doesn't implement it).

– sourcejedi
May 15 '17 at 7:27















i am looking for ssh from a different network to my openwrt through the WAN. not inside the routers NAT.

– john
May 15 '17 at 13:09





i am looking for ssh from a different network to my openwrt through the WAN. not inside the routers NAT.

– john
May 15 '17 at 13:09













ok. client is Linux? you should try running sudo traceroute -T -p 22 myWANip. It might show whether there is another nasty firewall in the way or you have a clear path right up to the router using port 22.

– sourcejedi
May 15 '17 at 14:39





ok. client is Linux? you should try running sudo traceroute -T -p 22 myWANip. It might show whether there is another nasty firewall in the way or you have a clear path right up to the router using port 22.

– sourcejedi
May 15 '17 at 14:39













also, it would be clearer if you give a specific on "does not answer". I assume you get "connection refused". If instead it just hangs, I'd want to look at ssh -v or so to confirm where the hang happens.

– sourcejedi
May 15 '17 at 14:43





also, it would be clearer if you give a specific on "does not answer". I assume you get "connection refused". If instead it just hangs, I'd want to look at ssh -v or so to confirm where the hang happens.

– sourcejedi
May 15 '17 at 14:43










1 Answer
1






active

oldest

votes


















0














I ran into this issue and in my case it was down to the fact that the default config on Openwrt has its LAN network interface network set to 192.168.1.X and if your local network also uses this address range then you can't talk to the router when you're plugged into the WAN interface. This is because the Openwrt box tries to send the packets back on its LAN interface when you're plugged into the WAN interface (also with a 192.168.1.X address), as the box thinks the LAN interface is the best one for sending packets to 192.168.1.X.



The way to fix it is to change IP network address (in LuCI: Network->Interfaces->LAN->Edit->IPv4 Address) assigned to the LAN interface so it's different from your local network address (e.g. use 192.168.0.X, 10.0.0.X) and then should be able to connect to ssh over the WAN interface - given you've done the Firewall setup you mentioned.






share|improve this answer























    Your Answer








    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "106"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: false,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f365099%2fopenwrt-no-ssh-from-wan%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    0














    I ran into this issue and in my case it was down to the fact that the default config on Openwrt has its LAN network interface network set to 192.168.1.X and if your local network also uses this address range then you can't talk to the router when you're plugged into the WAN interface. This is because the Openwrt box tries to send the packets back on its LAN interface when you're plugged into the WAN interface (also with a 192.168.1.X address), as the box thinks the LAN interface is the best one for sending packets to 192.168.1.X.



    The way to fix it is to change IP network address (in LuCI: Network->Interfaces->LAN->Edit->IPv4 Address) assigned to the LAN interface so it's different from your local network address (e.g. use 192.168.0.X, 10.0.0.X) and then should be able to connect to ssh over the WAN interface - given you've done the Firewall setup you mentioned.






    share|improve this answer




























      0














      I ran into this issue and in my case it was down to the fact that the default config on Openwrt has its LAN network interface network set to 192.168.1.X and if your local network also uses this address range then you can't talk to the router when you're plugged into the WAN interface. This is because the Openwrt box tries to send the packets back on its LAN interface when you're plugged into the WAN interface (also with a 192.168.1.X address), as the box thinks the LAN interface is the best one for sending packets to 192.168.1.X.



      The way to fix it is to change IP network address (in LuCI: Network->Interfaces->LAN->Edit->IPv4 Address) assigned to the LAN interface so it's different from your local network address (e.g. use 192.168.0.X, 10.0.0.X) and then should be able to connect to ssh over the WAN interface - given you've done the Firewall setup you mentioned.






      share|improve this answer


























        0












        0








        0







        I ran into this issue and in my case it was down to the fact that the default config on Openwrt has its LAN network interface network set to 192.168.1.X and if your local network also uses this address range then you can't talk to the router when you're plugged into the WAN interface. This is because the Openwrt box tries to send the packets back on its LAN interface when you're plugged into the WAN interface (also with a 192.168.1.X address), as the box thinks the LAN interface is the best one for sending packets to 192.168.1.X.



        The way to fix it is to change IP network address (in LuCI: Network->Interfaces->LAN->Edit->IPv4 Address) assigned to the LAN interface so it's different from your local network address (e.g. use 192.168.0.X, 10.0.0.X) and then should be able to connect to ssh over the WAN interface - given you've done the Firewall setup you mentioned.






        share|improve this answer













        I ran into this issue and in my case it was down to the fact that the default config on Openwrt has its LAN network interface network set to 192.168.1.X and if your local network also uses this address range then you can't talk to the router when you're plugged into the WAN interface. This is because the Openwrt box tries to send the packets back on its LAN interface when you're plugged into the WAN interface (also with a 192.168.1.X address), as the box thinks the LAN interface is the best one for sending packets to 192.168.1.X.



        The way to fix it is to change IP network address (in LuCI: Network->Interfaces->LAN->Edit->IPv4 Address) assigned to the LAN interface so it's different from your local network address (e.g. use 192.168.0.X, 10.0.0.X) and then should be able to connect to ssh over the WAN interface - given you've done the Firewall setup you mentioned.







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Apr 10 '18 at 20:47









        PierzPierz

        22117




        22117






























            draft saved

            draft discarded




















































            Thanks for contributing an answer to Unix & Linux Stack Exchange!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f365099%2fopenwrt-no-ssh-from-wan%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            Popular posts from this blog

            Accessing regular linux commands in Huawei's Dopra Linux

            Can't connect RFCOMM socket: Host is down

            Kernel panic - not syncing: Fatal Exception in Interrupt