The reason I used 8080 is I talked to IT at work and they said that the firewall is open for that port. Something isn't right as I can SSH from home on the LAN but not from WAN. I may have to talk to him and take a look at the corporate firewall to see if it blocking me getting out. I created an identical rule for 443 (HTTPS) and that works to get to the web interface of the router from the WAN. He said he had 8080 open but maybe he was wrong. He will open port 22 for me for testing but I'd rather not have the router listening on port 22, since that port seems to be getting a lot of attention lately.
webif interface wrote:Firewall:
Here you can forward ports and more. If you wish to manually configure these instead, use '/etc/config/firewall', not '/etc/firewall.user'. Although either works, only the former is used by this page.
Looks like either should work.
Yes my router is at 192.168.1.1 for now
danielb wrote:iptables -t nat -A prerouting_wan -p tcp --dport 8080 -j DNAT --to 192.168.1.1:22
iptables -A forwarding_wan -p tcp --dport 22 -d 192.168.1.1 -j ACCEPT
This appears to be similar but different then what I have. If I'm reading it correctly those rules
route WAN port 8080 to LAN port 22
Accept port 22 on LAN
What my rules did is
Accept port 8080 on WAN
Forward Port 8080 WAN to LAN port 22
My understanding is, by default, everything is blocked on the WAN side unless you open it up and forward it to the LAN.
@alexsamad
Once, I get this working I'll probably move on to OpenVPN as that's a whole other 'can of worms'. Admin rights isn't a problem, I have that on all machines involved.
I did some reading and still looking into TAP vs. TUN and what exactly needs to be done on the router besides installing OpenVPN (that's already done)
The webif interface is nice, it makes point and click configuration easy. Once I get SSH working though I'll switch back to good old CLI for configuring. Though I still want to get the proxy to work.