Port forwarding question


I'm a novice and English is not my first language so I have some questions.
I've read many great threads here on that forum but still not sure about some things.

With port forwarding can I have access to my router or pc from elsewhere than my home ( local network) ? Cause with ssh (putty) I thought I could access to that outside of my network but not.. putty ssh need to be connect to my wifi if impossible to connect .

So if I want to have access to my router, ie: can I do that if I am in coffee shop for example? Or go to my pc?


You would use traffic rules to open your router itself to the internet. But this is strongly discouraged! It presents security risks unless you know what you are doing (ssh with keys is generally okay, but user/pass is not a good idea). Do not open the web interface to the internet -- the web server in OpenWrt is not security hardened (it is designed to be lightweight).

A VPN would be much better as it is encrypted -- check out wireguard.

1 Like

Ok thanks.
I have a VPN, so using port forwarding with VPN..

If you have a VPN (server/endpint) in your OpenWrt config or behind it that is externally accessible, you don't need to port forward any additional ports, just make sure the firewall allows connections from your VPN zone to the local device. This way, the only open port(s) relate to the VPN itself.


another option is to do a dnat that forwards packets onto the machine and ssh connection of your choice, trick is do it on an unusual port (so you rewrite both address and port); you need to do this in prerouting. By using an unusual port, it will stop most port scans.

Only hassle then is working out how to let the packets through the firewall, you don't want to do this by just opening up port 22, as that will open it for the whole world, and you get hack attempts on the openwrt. But you will need to let through the forwarded packets. My solution here hasn't yet been tested (turned out to be no need for it), but do put some thought into it.