Hi all,
I'm having some difficulty ssh tunneling properly into my router so I can access lan services. It used to work, but I changed some settings in my firewall that were incompatible with another service I wanted to expose to the internet.
SS's of firewall settings: (see posts below due to image limit for new users)
The following is the only setting I changed that prevented connecting correctly:
I believe I changed the internal and/or the external ports to explicitly be 2222. It worked as expected before this change, but exposed all ports.
Dropbear uses port 2222 and gateway is on.
I've already tried a few different ways to connect to the luci interface as a test.
From LAN: https://192.168.0.1:80 works as expected. ssh -L 8080:127.0.0.1:80 root@192.168.0.1 -p 2222 -vvv with https://127.0.0.1:8080 does not bring up a luci interface. ssh informs me that it is redirecting traffic to 192.168.0.1
The goal is that if I can SSH tunnel to 192.168.0.1 and redirect the luci interface to 8080 on my local pc, I should be able to do what I'd like to.
I also removed any port forwards. I appreciate the SOCKS suggestion and I've seen that floating around, but that doesn't really apply to what I'm trying to do.
Notably ssh -L 8080:localhost:80 with either a lan address or an external address still does not make a tunnel that I can access the web interface.
I'm just using the luci interface as a test to make sure the tunnel is working as expected.
I gave that command a shot again: ssh -L 8080:192.168.0.1:80 -p2222 but notably with the same result.
I also, just to verify, connected to a different service on my local network with ssh -L 8080:192.168.0.xxx:80 -p2222 and that one seemed to tunnel and work as expected. I'm not sure why OpenWrt is having issues with this. netstat -tln shows ssh tunnel on local machine listening on 8080, as expected. nc -v -v localhost 8080 shows port open when tunnel is active and refuses when the tunnel is closed, which is expected.
I tried something a little different and ssh -p2222 -L127.0.0.1:8000:127.0.0.1:80 root@192.168.0.1 worked as expected. I should be able to get the rest of my stuff working correctly from here, although its curious why this command worked and the previous did not.
I also changed the listening address under /etc/config/uhttpd to 127.0.0.1:80 instead of 0.0.0.0:80.