I am trying to forward some remote service to my router's local port via ssh,so that I can access the service just by connecting to this port on my router (192.168.1.1). Yet, I can't access this port from my computer (192.168.1.2).
I've tried to debug this problem.
On my router, I can use the command nc localhost 8888 to determine whether the port 8888 is up. And there is no problem. But on my computer, nc 192.168.1.1 8888 is refused. I also tried port 22 and 80, and they are both OK. Of course, this is reasonable because I can log in to my router via ssh and access the LuCI web page as well. But I don't know why I can't access other ports even though I set firewall rules for them.
I suppose all the ports on the router should be accessible within LAN by default, but for whatever reason, it just does not work. I've googled it, but all the posts are discussing how to connect OpenWrt from WAN. I can't find problems like mine. Can any OpenWrt veteran help me?
I'm very grateful to everybody who is committing to this project.
Use netstat -l on the router to see if the service is listening on all interfaces or only localhost. Reconfigure the service if necessary. It isn't necessary to limit to only lan because the firewall will block an "all interfaces" service from a connection on wan.
By default the firewall will allow any incoming connection from a lan machine to the router, but the service has to be listening on the br-lan IP interface. The result is "Connection refused" whether the firewall rejects it (which again, it should not) or no application has the port open.
I've tried netstat -l | grep 8888 and configuring firewall rules for that port before my post. The service was listening absolutely. Although the firewall wasn't supposed to block my request from within LAN, I still tried adding rules for it to exclude the possibility. But it didn't work anyway.
I've configured ssh forwarding and debugged port accessiblity many times on my Ubuntu, which was not quite complicated. But when it comes to OpenWrt this time, it's so wired I got stuck...
The situation now is:
On the router,
br-lan IP: 192.168.1.1 nc localhost 8888, OK; nc 192.168.1.1 8888, Connection refused; nc My-Public-IP 8888, Connection refused;
On my machine, there is only "Connection refused" for different combinations.
BTW, my firmware version is :
OpenWrt 19.07.7 r11306-c4a6851c72 / LuCI openwrt-19.07 branch git-21.044.30835-34e0d65
Finally, I found that it's was my carelessness that caused this problem.
I forgot *: in the command ssh -fCNL *:1234:localhost:2234 -p 5678 name@123.123.123.123
ssh in OpenWrt behaves the same as in other standard Linux distributions, no matter how it is implemented, dropbear or not. I shouldn't doubt this. My fault. Orz...
