WIKIABOUT

FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

Most popular tags

rut955 rut240 rut950 rutx11 rms vpn to openvpn wifi not sms trb140 firmware connection - ipsec on rutx12 rutx09 modbus
We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.

Ssh and webUI access control ports?

0 votes
1,806 views 1 comments
by anonymous
Hi to all,

on RUT230 I would like to have:
- ssh access on port 22 (from LAN)

- ssh remote access on port 8022 (from outside: WAN or mobile)

I checked only "enable ssh access" to port 22, so I can access from LAN on port 22, OK.
I set port forwarding rule as follows for port 8022 from outside instead 22:
- source zone = WAN
- external port = 8022
- internal zone = LAN
- internal port = 22
- internal IP address = left empty

So now I can access from outside on both 8022 and 22 ports...

What's wrong?
Thanks.

2 Answers

+1 vote
by anonymous
Hello,

Everything seems to work correctly. You configured port forwarding from 8022 to 22, but that doesn't mean you blocked port 22 access from WAN, so that's why they both work now.

You need to configure an additional rule that rejects connections to port 22 from WAN.
Best answer
0 votes
by anonymous
Hi to all, I post here to avoid to open new discussion....

After long time I use RUT230 again.
I updated firmware to RUT2XX_R_00.01.11.2 and I found default rule:
Enable_SSH_WAN_PASSTHROUGH, public port 22, private port 22, IP 127.0.0.1, protocol TCP.

I enabled SSH (local and remote) access on port 22 but I couldn't access from WAN using public IP.
To access I need to disable rule "Enable_SSH_WAN_PASSTHROUGH".

At same time, if I want change remote port (from 22 to 2222) I can't nat from 2222 to 127.0.0.1:22 but I need to use LAN ip address, so 192.168.1.1:22.
Why 127.0.0.1 doesn't work?
Thanks.
by anonymous

Hello again,

Why 127.0.0.1 doesn't work?

By default, the kernel does not route external traffic to 127.0.0.0/8. You can change this setting by executing the following command via SSH/CLI.

sysctl -w net.ipv4.conf.wwan0.route_localnet=1

(wwan0 is the name of your mobile interface. If you're using wired WAN, replace it with eth1.)

The command above should be used for testing. It will not remain active after a reboot. To make it permanent, the value needs to be stored in /etc/sysctl.conf. Like this:

echo "net.ipv4.conf.wwan0.route_localnet=1" >> /etc/sysctl.conf

I hope I was able to help, good luck with your solution.