SSH into OpenWRT from another Network

Hi All,

Hopefully someone can help me resolve this issue? Trying to lock down SSH to a specific interface (MGT). Currently it allows all via dropbear.

I have two interface and two zones, both have an IP addresses assigned LAN and MGT.

I want to be able to ssh into my router from LAN but using the MGT interface.

Say LAN is 192.168.50.0/24
MGT is 192.168.1.0/24

Host (192.168.50.10) --> SSH --> OpenWrt (192.168.0.1)

The most obvious rule is allow LAN SSH to INPUT.

config rule                                     
        option name 'Allow-LAN-LOCAL-SSH'       
        option family 'ipv4'           
        option src 'lan'                  
        option dest_port '22'                   
        option proto 'tcp'                      
        option target 'ACCEPT'   

Although this does not work. So I tried adding

config rule                                     
        option name 'Allow-LAN-MGT-SSH'         
        option src 'lan'
        option dest 'mgt' 
        option proto 'tcp'                      
        option dest_port '22'                   
        option target 'ACCEPT'                                                     

Although it still does not work? Am I missing something.

I would have thought the first rule work have worked?

I have forwarding enabled as well

config forwarding                               
        option src 'lan'                        
        option dest 'mgt'

Thank you.

Then you must have altered the firewall (which blocks SSH by default except for on LAN).

(You can select what Interface dropbear is bound to. The option is easily accessed in the web GUI.)

You can also just do a traffic rule (assuming default firewall configuration).

Damn... this was my fault - I was using a system that had the gateway configured for another router... really did my head in.

Cheers.