Hello,
My setup: Router is a TP-Link C7 v5 running on an OpenWrt 19.07.8 custom image. An openssh server runs in it.
If I were to SSH into this router and to run (where me
represents a user account)
ssh -D 0.0.0.0:1080 me@localhost
Would that create a dynamic forward to the router itself and listening on all interfaces (including WAN)?
If yes, does that mean anybody having access to Internet could use my router for a SOCKS proxy (simply by setting their SOCKS5 proxy to 1.1.1.1:1080
where 1.1.1.1 represents my public I.P. address)?
Oh yes, guidance on bind address seems to say that you need GatewayPorts yes
in /etc/ssh/sshd_config
. Suppose I did that.
I am not proposing to do this. I am trying to learn how things work.
Assuming I got that much right, what would be a bind address that says, "Accept a forward request from all machines within LAN but from the Internet"?
Thanks very much.