Hi friends, I need some help with Port Forwarding ssh.
I have a PC connected to the WAN port, and I need to ssh to a device connected on LAN0 of my router. So ssh is not into my router (that is fine), I need to ssh into the device connected to the router on the lan firewall. I have several Port Forwarding configuration for wan to lan at different ports, and everything is fine. Also, I can access a https server on the lan device, so I thought will be super easy also getting access to the ssh. But it's not working.
Any suggestion about this. I'm attaching a diagram of my configuration
with tcpdump I see that output is from 192.168.1.1 to 192.168.68.1, and to get a reply back, it needs to come from 192.168.68.0, but if I set that IP address to receive from wan, and changing the port to 9000; otherwise it will get re-directed to openwrt, as soon I set port 9000 I get a "Connection refuse"
I'm not IT, so sorry if I'm missing a big concept here.
An IP address like 192.168.1.0/24 is not valid. Conventionally, the router is configured as .1 in each /24 lan network, and the other devices on the lan are 192.168.1.2 or higher, up to 254 (255 is not valid either).
That config looks substantially correct, but for the issue mentioned by @mk24. Here's my working config, the router's lan address is 10.1.1.1 and the destination server is at 10.1.1.200. We connect from the wan via port 10022 (so ssh -p 10022 somebody@<wan-address>). server200 is listening on 22, and this config rule generates all appropriate NATting and reflection rules (you can confirm them with nft list ruleset | grep 'SSH-into').
option name 'SSH-into-server200'
option target 'DNAT'
option src 'wan'
option src_dport '10022'
option dest 'lan'
option dest_ip '10.1.1.200'
option dest_port '22'
list proto 'tcp'