WAN ssh and web access permissions

I'm working on a project that involves configuring MikroTik Hex S routers (RB760iGS) using a bash script.

The purpose of this project is to create a secure environment for practical work with students to test security vulnerabilities.

There is a room equipped with routers (for now I have 2) connected to the room's switch, to which students will connect via LAN, and the teacher who is connected to the room's switch.

The teacher will only need to run their bash script to configure the routers as desired by connecting via SSH to the room's routers.

After outlining the context, here is my issue:

In one of the configurations, I need to install cshark and luci-app-cshark for a class. Therefore, the router needs to have internet access.

The router should be connected to the WAN through the switch, and the teacher should only be connected to the switch to have SSH and web access to the router.

I understand that by default, web and SSH access is not allowed on the WAN port. This authorization needs to be set up for the WAN, unlike the LAN.

However, I'm having trouble setting up the permissions for the WAN.

The gateway of my network via the switch is 10.10.193.1, and I have configured my two routers as 10.10.193.2 and 10.10.193.3.

Could you help me with my search? I hope I've explained the problem well, and if you have any questions, please don't hesitate to ask.

Thank you for your assistance!

Hello and thank you for your response.

I tried with your approach, but I'm unable to connect to my router via SSH and with LUCI.

I'm sharing some photos of my setup and my firewall settings on the router.

The TP-LINK switch is connected with the cable highlighted in yellow. The router is connected to the WAN in red. And I am connected to the switch in blue.

Thank you for your assistance!

the rule works, I tried it.

you're either using the wrong IP, or changed the standard config, where busybox/ssh binds to all interfaces.

1 Like

Hello! I was just wondering, for ssh over WAN should there be a dropbear instance listening on WAN? Thanks.
-Gamma

all interfaces = lan + wan + etc.

Yeah. That makes sense. Thanks :slight_smile:
-Gamma

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.