I am trying to SSH from anywhere to 192.168.1.10:1234. All clients are isolated in wireless and I want to be able to do this from anywhere, so I have set up port forwarding like so:
Match: IPv4-tcp
From any host in wan
Via any router IP at port 1234
To 192.168.1.10:1234 in lan.
SSH is working in the host; I can connect via localhost and netstat shows it listening. In addition, iptables has been set up to allow incoming connections to 1234 and outgoing to all.
From my terminal, ssh to the public IP address via port 1234 times out.
What could be wrong?
What do you mean by public IP? Can you ssh to 192.168.1.10:1234 using a different computer or the router? If by public you mean the public IP address of the router then you would need to use port 38271.
Sorry. I meant to make it easier by using 1234 and forgot to change it only there. Anyways, I can SSH from my router. I want to SSH to publicip:1234. I can't SSH to 192.168... as clients are isolated (but the router can and does properly).
If all you are interested in is forwarding incoming SSH connections to your host, then you could set up a DNAT rule in your firewall to do port forwarding:
config redirect
option name Forward-SSH-to-Host
option src wan
option dest lan
option proto tcp
option src_dport 1234
option dest_ip 192.168.1.10
option target DNAT
I've added that to /etc/config/firewall and reloaded it with service firewall reload.
It doesn't fix the problem though. I can see it in luci too.
The one I had added is:
config rule
option enabled '1'
option target 'ACCEPT'
option src 'wan'
option name 'forw'
option family 'ipv4'
option proto 'tcp'
option dest 'lan'
option dest_ip '192.168.1.10'
option dest_port '1234'
I'm using ssh user@publicip -p 1234. Unfortunately still doesn't work