Hi,
in my OpenWRT (Chaos Calmer) if I've configured SSH Access in Dropbear to
listening on WAN interface, SSH access is working and I can login to router
via SSH to it, but this means, that my SSH port is open to the Internet.
If I've configured SSH Access to LAN interface (as it is by default)
fwknop2 sends SPA packet, in systemLog it shows me that port is open for
that external IP for some time:
Thu Jul 14 23:05:07 2016 daemon.info fwknopd[7244]: (stanza #1) SPA Packet
from IP: 46.XX.XX.XX received with access source match
Thu Jul 14 23:05:07 2016 daemon.info fwknopd[7244]: Added access rule to
FWKNOP_INPUT for 46.XX.XX.XX -> 0.0.0.0/0 tcp/22, expires at 1468530367
Thu Jul 14 23:06:07 2016 daemon.info fwknopd[7244]: Removed rule 1 from
FWKNOP_INPUT with expire time of 1468530367
but my SSH connection fails to "Connection timeout".
Should be SSH Access setup to the LAN, right? Is this configuration below
wrong?
My setup:
- Using ssh keys, which are mentioned in /etc/dropbear/authorized_keys
- UCI:
password - OFF
rootLogin - OFF
- OpenWRT - System - Administration - SSH Access - Dropbear instance -
Interface: LAN
- Names of interfaces:
WAN: eth0.1
LAN: br-lan
- access.conf
SOURCE ANY
keytype Base 64 key
hkeytype Base 64 key
KEY_BASE64 xxxxxx
HMAC_KEY_BASE64 xxxxxxx
OPEN_PORTS tcp/22
- fwknopd.conf
PCAP_INTF eth0.1
ENABLE_IPT_FORWARDING y
Thank you for your help.
Have a nice day,
Tomas
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
Fwknop-discuss mailing list
Fwknop-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
