Port Translation on Firewall Rule

Ive tried various combinations, but is it possible to accept an inbound connection to the OpenWRT router on port 2222 and translate the port to 22? Effectively using port 2222 as the SSH connection port to the router. I can open port 2222 in dropper but wanted to do this via the firewall.

Also, if the destination is a server inside the lan, such as ServerA.lan, and I want to connect via SSH, is it possible to both translate the port and forward to that server on port 22 when the client port is 3322? translate 3322 to 22

Final question, if using port forwarding as in ServerA above, is a traffic rule also required to open the port? Or does the port forward open the port and forward in using one rule?

Don’t open ssh to the internet, even if you change the port.

Instead, use a vpn such as wireguard. This will greatly improve security.

For the port redirect to the lan - where is the source of the connection request? Is it from the lan or the wan?

2 Likes

hi I understand the risks but login is limited ssh certificate login not using a password. Can they ports be translated?

config redirect
        option name 'SSH-to-router'
        option src 'wan'
	    list proto 'tcp'
        option src_dport '2222'
        option dest_port '22'
        option target 'DNAT'
config redirect
	    option name 'SSH-to-Server'
        option src 'wan'
	    option dest 'lan'
        list proto 'tcp'
	    option src_dport '3322'
        option dest_port '22'
        option dest_ip '192.168.1.101' # ServerA.lan IP address
        option target 'DNAT'

In both cases you don't need additional traffic rules, because there are predefined rules that accept redirects.

1 Like

perfect thank you!!!!