Hello all,

This is my first venture into OpenWRT w/ Luci. I'm trying to figure out how to access my router from the internet. For instance, when I'm at work and want to change a setting on my router. How can I do this through the Luci interface? This is the exact firmware I am using: https://forum.openwrt.org/viewtopic.php?pid=152423

I tried configuring Dropbear and then forwarding the port but that didn't work. Anyone have any clues?

Thanks!
Matt

Why would you do port forwarding when the port is on the device you want to reach?
Just open a firewall port will do and some anti-brute force script.

How exactly would I go about that? Again, I'm new to this...

Actually LuCI Dropbear has an option to allow internet login
If you want the Web Interface you have to open Port 80 on the firewall section incoming because uhttp is running port 80
As for anti brute force script google openwrt ssh ant brute force

i'm a bit confused. you're talking about luci and then about dropbear, so don't know what exactly you want.

anyway, i suggest a ssh-only setup with ssh-port-forwarding for LUCI access.

this is how it can be done:

1. configure dropbear securely ('PasswordAuth' 'off' + 'RootPasswordAuth' 'off') and upload your ssh key
2. open port device:22 for your remote ip-adress(es) or 0.0.0.0 for the whole evil internet.
2. add some iptables voodoo to mitigate ssh brute force attacks, here the IPv4 version (you need iptables-mod-tarpit and kmod-ipt-tarpit for it)
# ipv4 with TARPIT
iptables -N ssh_flood
iptables -A ssh_flood -s <your remote address/network -j RETURN
iptables -A ssh_flood -p tcp -m recent --name SSH --update --seconds 300 --hitcount 1 -j TARPIT
iptables -A ssh_flood -p tcp -m recent --name SSH --set
iptables -I zone_wan_forward -p tcp -m tcp --dport 22 -m state --state NEW -j ssh_flood

3. done

you can now access your router from remote via ssh and via HTTP(S) by using ssh-port-forwarding.

that's basically my setup and it works.

-p

I'm using the Luci interface with dropbear as a package. It was part of my firmware. It's a GUI for all the packages.

This is what it looks like: http://img.techpowerup.org/120302/untitled522.jpg
Does it make sense now?

Also, is there where I would open the port? http://img.techpowerup.org/120302/untitled683.jpg
What exactly would I type in?

I'm just looking for something comparable to what Linksys routers do with Remote Management...

(Last edited by mrw1986 on 2 Mar 2012, 23:04)

Just open port 443  on your WAN and go to town... the webserver already listens on that port and supports https.

(Last edited by aport on 3 Mar 2012, 01:15)

Yeah I give up, I can't get it to work, no matter what I do.

really making changes on your router from work. You should be fired!

I will have no ports listening on this network wan

Hey dude, here in my country (Brazil), it is very common that the ISP blocks regular ports, such as 21, 80, 443...
You can't pass these ISP filters. So change the port number to a higher value and create a port forwarding rule to redirect to the 443 port. For example, one can choose the 4443 port for this, then you would administer openwrt typing:

https://example.dyndns.com:4443

in your browser.