openwrt no ssh from wan
I would like to have access from wan through ssh to my openwrt router. I did the following:
- Go to the Network / Firewall / Traffic Rules.
- Scroll down to the “Open ports on router” section.
- Enter a name for this rule, e.g. “Allow-SSH-WAN”.
- Set “Protocol” to “TCP”.
- Enter “22” as the “External Port”.
- Click “Add”.
- Click “Save and Apply”.
Unfortunately ssh root@myWANip does not answer.
What did I miss?
openwrt
bumped to the homepage by Community♦ 5 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
add a comment |
I would like to have access from wan through ssh to my openwrt router. I did the following:
- Go to the Network / Firewall / Traffic Rules.
- Scroll down to the “Open ports on router” section.
- Enter a name for this rule, e.g. “Allow-SSH-WAN”.
- Set “Protocol” to “TCP”.
- Enter “22” as the “External Port”.
- Click “Add”.
- Click “Save and Apply”.
Unfortunately ssh root@myWANip does not answer.
What did I miss?
openwrt
bumped to the homepage by Community♦ 5 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
from inside the routers NAT? Not supported (I think it's possible if you get fancy with iptables rules, but my OpenWrt CC doesn't implement it).
– sourcejedi
May 15 '17 at 7:27
i am looking for ssh from a different network to my openwrt through the WAN. not inside the routers NAT.
– john
May 15 '17 at 13:09
ok. client is Linux? you should try runningsudo traceroute -T -p 22 myWANip
. It might show whether there is another nasty firewall in the way or you have a clear path right up to the router using port 22.
– sourcejedi
May 15 '17 at 14:39
also, it would be clearer if you give a specific on "does not answer". I assume you get "connection refused". If instead it just hangs, I'd want to look atssh -v
or so to confirm where the hang happens.
– sourcejedi
May 15 '17 at 14:43
add a comment |
I would like to have access from wan through ssh to my openwrt router. I did the following:
- Go to the Network / Firewall / Traffic Rules.
- Scroll down to the “Open ports on router” section.
- Enter a name for this rule, e.g. “Allow-SSH-WAN”.
- Set “Protocol” to “TCP”.
- Enter “22” as the “External Port”.
- Click “Add”.
- Click “Save and Apply”.
Unfortunately ssh root@myWANip does not answer.
What did I miss?
openwrt
I would like to have access from wan through ssh to my openwrt router. I did the following:
- Go to the Network / Firewall / Traffic Rules.
- Scroll down to the “Open ports on router” section.
- Enter a name for this rule, e.g. “Allow-SSH-WAN”.
- Set “Protocol” to “TCP”.
- Enter “22” as the “External Port”.
- Click “Add”.
- Click “Save and Apply”.
Unfortunately ssh root@myWANip does not answer.
What did I miss?
openwrt
openwrt
edited May 15 '17 at 8:18
dr01
16.1k114972
16.1k114972
asked May 15 '17 at 7:12
johnjohn
667
667
bumped to the homepage by Community♦ 5 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
bumped to the homepage by Community♦ 5 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
from inside the routers NAT? Not supported (I think it's possible if you get fancy with iptables rules, but my OpenWrt CC doesn't implement it).
– sourcejedi
May 15 '17 at 7:27
i am looking for ssh from a different network to my openwrt through the WAN. not inside the routers NAT.
– john
May 15 '17 at 13:09
ok. client is Linux? you should try runningsudo traceroute -T -p 22 myWANip
. It might show whether there is another nasty firewall in the way or you have a clear path right up to the router using port 22.
– sourcejedi
May 15 '17 at 14:39
also, it would be clearer if you give a specific on "does not answer". I assume you get "connection refused". If instead it just hangs, I'd want to look atssh -v
or so to confirm where the hang happens.
– sourcejedi
May 15 '17 at 14:43
add a comment |
from inside the routers NAT? Not supported (I think it's possible if you get fancy with iptables rules, but my OpenWrt CC doesn't implement it).
– sourcejedi
May 15 '17 at 7:27
i am looking for ssh from a different network to my openwrt through the WAN. not inside the routers NAT.
– john
May 15 '17 at 13:09
ok. client is Linux? you should try runningsudo traceroute -T -p 22 myWANip
. It might show whether there is another nasty firewall in the way or you have a clear path right up to the router using port 22.
– sourcejedi
May 15 '17 at 14:39
also, it would be clearer if you give a specific on "does not answer". I assume you get "connection refused". If instead it just hangs, I'd want to look atssh -v
or so to confirm where the hang happens.
– sourcejedi
May 15 '17 at 14:43
from inside the routers NAT? Not supported (I think it's possible if you get fancy with iptables rules, but my OpenWrt CC doesn't implement it).
– sourcejedi
May 15 '17 at 7:27
from inside the routers NAT? Not supported (I think it's possible if you get fancy with iptables rules, but my OpenWrt CC doesn't implement it).
– sourcejedi
May 15 '17 at 7:27
i am looking for ssh from a different network to my openwrt through the WAN. not inside the routers NAT.
– john
May 15 '17 at 13:09
i am looking for ssh from a different network to my openwrt through the WAN. not inside the routers NAT.
– john
May 15 '17 at 13:09
ok. client is Linux? you should try running
sudo traceroute -T -p 22 myWANip
. It might show whether there is another nasty firewall in the way or you have a clear path right up to the router using port 22.– sourcejedi
May 15 '17 at 14:39
ok. client is Linux? you should try running
sudo traceroute -T -p 22 myWANip
. It might show whether there is another nasty firewall in the way or you have a clear path right up to the router using port 22.– sourcejedi
May 15 '17 at 14:39
also, it would be clearer if you give a specific on "does not answer". I assume you get "connection refused". If instead it just hangs, I'd want to look at
ssh -v
or so to confirm where the hang happens.– sourcejedi
May 15 '17 at 14:43
also, it would be clearer if you give a specific on "does not answer". I assume you get "connection refused". If instead it just hangs, I'd want to look at
ssh -v
or so to confirm where the hang happens.– sourcejedi
May 15 '17 at 14:43
add a comment |
1 Answer
1
active
oldest
votes
I ran into this issue and in my case it was down to the fact that the default config on Openwrt has its LAN network interface network set to 192.168.1.X and if your local network also uses this address range then you can't talk to the router when you're plugged into the WAN interface. This is because the Openwrt box tries to send the packets back on its LAN interface when you're plugged into the WAN interface (also with a 192.168.1.X address), as the box thinks the LAN interface is the best one for sending packets to 192.168.1.X.
The way to fix it is to change IP network address (in LuCI: Network->Interfaces->LAN->Edit->IPv4 Address) assigned to the LAN interface so it's different from your local network address (e.g. use 192.168.0.X, 10.0.0.X) and then should be able to connect to ssh over the WAN interface - given you've done the Firewall setup you mentioned.
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f365099%2fopenwrt-no-ssh-from-wan%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
I ran into this issue and in my case it was down to the fact that the default config on Openwrt has its LAN network interface network set to 192.168.1.X and if your local network also uses this address range then you can't talk to the router when you're plugged into the WAN interface. This is because the Openwrt box tries to send the packets back on its LAN interface when you're plugged into the WAN interface (also with a 192.168.1.X address), as the box thinks the LAN interface is the best one for sending packets to 192.168.1.X.
The way to fix it is to change IP network address (in LuCI: Network->Interfaces->LAN->Edit->IPv4 Address) assigned to the LAN interface so it's different from your local network address (e.g. use 192.168.0.X, 10.0.0.X) and then should be able to connect to ssh over the WAN interface - given you've done the Firewall setup you mentioned.
add a comment |
I ran into this issue and in my case it was down to the fact that the default config on Openwrt has its LAN network interface network set to 192.168.1.X and if your local network also uses this address range then you can't talk to the router when you're plugged into the WAN interface. This is because the Openwrt box tries to send the packets back on its LAN interface when you're plugged into the WAN interface (also with a 192.168.1.X address), as the box thinks the LAN interface is the best one for sending packets to 192.168.1.X.
The way to fix it is to change IP network address (in LuCI: Network->Interfaces->LAN->Edit->IPv4 Address) assigned to the LAN interface so it's different from your local network address (e.g. use 192.168.0.X, 10.0.0.X) and then should be able to connect to ssh over the WAN interface - given you've done the Firewall setup you mentioned.
add a comment |
I ran into this issue and in my case it was down to the fact that the default config on Openwrt has its LAN network interface network set to 192.168.1.X and if your local network also uses this address range then you can't talk to the router when you're plugged into the WAN interface. This is because the Openwrt box tries to send the packets back on its LAN interface when you're plugged into the WAN interface (also with a 192.168.1.X address), as the box thinks the LAN interface is the best one for sending packets to 192.168.1.X.
The way to fix it is to change IP network address (in LuCI: Network->Interfaces->LAN->Edit->IPv4 Address) assigned to the LAN interface so it's different from your local network address (e.g. use 192.168.0.X, 10.0.0.X) and then should be able to connect to ssh over the WAN interface - given you've done the Firewall setup you mentioned.
I ran into this issue and in my case it was down to the fact that the default config on Openwrt has its LAN network interface network set to 192.168.1.X and if your local network also uses this address range then you can't talk to the router when you're plugged into the WAN interface. This is because the Openwrt box tries to send the packets back on its LAN interface when you're plugged into the WAN interface (also with a 192.168.1.X address), as the box thinks the LAN interface is the best one for sending packets to 192.168.1.X.
The way to fix it is to change IP network address (in LuCI: Network->Interfaces->LAN->Edit->IPv4 Address) assigned to the LAN interface so it's different from your local network address (e.g. use 192.168.0.X, 10.0.0.X) and then should be able to connect to ssh over the WAN interface - given you've done the Firewall setup you mentioned.
answered Apr 10 '18 at 20:47
PierzPierz
22117
22117
add a comment |
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f365099%2fopenwrt-no-ssh-from-wan%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
from inside the routers NAT? Not supported (I think it's possible if you get fancy with iptables rules, but my OpenWrt CC doesn't implement it).
– sourcejedi
May 15 '17 at 7:27
i am looking for ssh from a different network to my openwrt through the WAN. not inside the routers NAT.
– john
May 15 '17 at 13:09
ok. client is Linux? you should try running
sudo traceroute -T -p 22 myWANip
. It might show whether there is another nasty firewall in the way or you have a clear path right up to the router using port 22.– sourcejedi
May 15 '17 at 14:39
also, it would be clearer if you give a specific on "does not answer". I assume you get "connection refused". If instead it just hangs, I'd want to look at
ssh -v
or so to confirm where the hang happens.– sourcejedi
May 15 '17 at 14:43