Swconfig list?

spongiform · March 18, 2025, 4:52pm

This page->https://openwrt.org/docs/guide-user/firewall/fw3_configurations/fw3_dmz says to use

swconfig list

to see how the physical ports are configured. However when I use that command I get : -ash: swconfig: not found. What am I doing wrong? What should I do instead? Thanks.

OpenWRT 24.10. BT HomeHub 5a.

psherman · March 18, 2025, 4:55pm

That page is likely outdated.... your device uses DSA.

What are you trying to achieve, specifically? Obviously you're trying to setup some sort of DMZ config, but can you provide details about your goals?

spongiform · March 18, 2025, 5:52pm

Thank you for taking the time to reply. My objective is to test economics experiment software zTree. I've set it up on a server and I want to make it accessible to participants over the web using their browsers. Additionally some tasks must be done using the ssh interface. This is all experimental, just to see if i can get the software working.

psherman · March 18, 2025, 5:55pm

I don't think you need to setup a DMZ for this, but if you want to do so as a method to protect the rest of your lan, you can simply remove one port from br-lan and use that port as the device in a new network interface.

spongiform · March 19, 2025, 8:08am

I was following the advice on this page: https://openwrt.org/docs/guide-user/firewall/fw3_configurations/fw3_nat
However, I'm only interested in getting the zTree software working over the internet. It seems like I should just port-forward the ssh port and the port for the web page? With regard to the ssh port, as a security measure I've moved the port number to a random high number and disabled password login, using only key login. What security measures should I take for the web access? Thanks again.

psherman · March 22, 2025, 4:39pm

I'm assuming the ztree software is running on a host behind your OpenWrt router, right? You'll just use normal port forwarding for this -- assuming you want it to be available to the internet at large.

That said, there is a better option if you are the only one who needs access (or a small number of people that you trust) -- a VPN would be far more secure.

Port number changes don't improve security by any significant amount... the key based login is good, though. But again, a VPN is better.

Do not expose it to the interent.

A VPN like WireGuard is easy to configure, highly performant, and will allow you to securely access your router and your devices on your lan, too.