Forgot to mention... (I work for DSL tech support, keep this in mind)
"Last night, I hooked this router up to my DSL at home and was unable to connect with SSH or HTTP from the external address. (It should be noted that I have made no changes to the settings in the router, aside from setting the WAN address to static and back to DHCP today.) The router I'm using right now is presently setup to forward requests on port 1221 to port 22 of my linux server. Given that THAT is working, I don't believe my DSL gateway is blocking the traffic. (I changed the default SSH port on the router to 1221 rather than 22 and I'm able to connect on that port here at work while I'm testing it.)" Keep in mind, this can and often does partially work when you have a router without bridging your DSL modem properly. A couple of things could be happening, one is sometimes UPnP will make port forwarding partially work and partially not. Another is if you have DMZ/IP Passthrough enabled on the DSL modem to the router, the fact that the modem still has an active firewall running is often overlooked. Finally, in bridged/routed mode (not fully bridged) the modem sometimes will decide to not forward everything. Finally, keep in mind your ISP themselves may be blocking some traffic. If you have AT&T residential DSL, the only external port blocked at the moment is port 25 (as far as I'm aware, the ports they used to block such as windows messenger service etc aren't currently being blocked). This is subject to change like everything with AT&T, so YMMV. Also, many times things aren't routed properly so it's best to test remotely, would recommend using ping.eu to verify if the port is open from a known-working off site location. Finally, wanted to mention that I've not used openwrt much since it had a browser interface. Its not always merely a matter of traffic being forwarded to the proper place, the http server has to be listening on the WAN interface and be accepting connections from your location. I would suspect it's likely related to security features of the built in httpd. You need to know how/where to configure the httpd in order to make sure it's listening on the WAN interface and accepting connections from your IP. As already suggested, I would begin checking in the administration interface for a "remote management" section. Typically, it will have an option for listening on the WAN interface, what port to use on the WAN. Also, very common to have a whitelisted or blacklisted IP range that you'll wanna check. BTW, I'm not a big fan of DD-WRT. This article explains why if you weren't previously aware. http://www.linuxplanet.com/linuxplanet/reports/6735/1 On Thu, May 12, 2011 at 6:52 PM, Chad Bailey <[email protected]> wrote: > My recommended solution isn't much help, but here goes. Since it's > rather obvious I'll have fun with it. > > What I'm thinking of is argued to be a fruit, however many people > think it's a vegetable. > > I have quite enjoyed the switch myself, but I'm also not doing as much > with my router as I used to do. (well, in other ways I'm doing more > though) > > On Thu, May 12, 2011 at 4:46 PM, William L. Thomson Jr. > <[email protected]> wrote: >> On Thu, 2011-05-12 at 14:31 -0400, Paul Spicer wrote: >>> Alright, I _THOUGHT_ I had it setup where I could access both SSH and luci >>> from WAN, but evidently I was wrong... >>> >>> Here's how I tested it. I set the WAN port with a static address >>> (192.168.20.1) and set my machine up with a static address (192.168.20.100) >>> and plugged my machine into the WAN port. I wasn't able to connect through >>> HTTP, but I was able to SSH into the router. >> >> Not very familiar with openwrt, but is there some setting some where you >> enable remote HTTP connections to luci? Also seems it might be running >> on port 8080, were you trying that or just port 80? Usually web >> interfaces on routers default to only allowing access from the LAN side. >> You have to enable/allow access from the wan side. >> >>> So then I took the router to work, set the WAN port for DHCP, and plugged it >>> into the network. It got an address of 192.168.1.40. From my workstation, I >>> was able to connect to the router with SSH, but still no HTTP. >>> >>> With the router disconnected from any WAN, I plugged my machine into one of >>> the LAN ports, got a DHCP address from the router and was able to connect to >>> it with SSH from both the internal address (192.168.77.9) and the external >>> WAN address it was still holding onto from the previous test (192.168.1.40). >>> I was also able to access the HTTP side with the internal address, but not >>> the external. >> >> This kinda confirms my suspicion. If you can access HTTP interface from >> LAN and not WAN. Likely some setting making it so, not sure again not >> familiar with openwrt. But most routers are that way, assuming openwrt >> is similar. Googling seems to imply such. >> >>> Last night, I hooked this router up to my DSL at home and was unable to >>> connect with SSH or HTTP from the external address. (It should be noted that >>> I have made no changes to the settings in the router, aside from setting the >>> WAN address to static and back to DHCP today.) >> >> How were you access the router? Were you using the public IP address for >> your DSL line? Are you sure it was the right address? Were you external >> or internally trying to access that IP address? >> >> Some routers, won't let you ping/communicate with the WAN IP via the >> LAN. Since your already behind, and can access that via a LAN IP >> address, usually the gateway IP address. Some do allow you to ping the >> routers LAN and WAN IP address, but I recall several not allowing such. >> Usually to test out things from the WAN side you need to do that >> remotely, via your cell phone, a machine on another network, external to >> yours, etc. >> >>> The router I'm using right now is presently setup to forward requests on >>> port 1221 to port 22 of my linux server. Given that THAT is working, I don't >>> believe my DSL gateway is blocking the traffic. (I changed the default SSH >>> port on the router to 1221 rather than 22 and I'm able to connect on that >>> port here at work while I'm testing it.) >> >> Probably change of IP or something like that if SSH was working via DSL >> and then stopped for some reason. Good you can access WAN IP internally, >> thats not always the case. >> >>> So I was thinking I need to setup a firewall rule to forward requests from >>> port 80 to the router's internal IP address, but that doesn't work, either. >> >> Should be no need, if the web server is running on the router. Port 80 >> is already mapped to that machine. Have you tried port 8080 at all? >> Might be 80 internally and 8080 remotely, not sure. Maybe Gene or others >> will comment there, being more familiar with openwrt. >> >>> Can anyone suggest what I'm doing wrong here? I'll gladly supply more info >>> as needed. >> >> No real suggestions here, just some things to check. Hopefully they >> help, but might not do anything just the same. :) >> >> -- >> William L. Thomson Jr. >> Obsidian-Studios, Inc. >> http://www.obsidian-studios.com >> >> >> --------------------------------------------------------------------- >> Archive http://marc.info/?l=jaxlug-list&r=1&w=2 >> RSS Feed http://www.mail-archive.com/[email protected]/maillist.xml >> Unsubscribe [email protected] >> >> > --------------------------------------------------------------------- Archive http://marc.info/?l=jaxlug-list&r=1&w=2 RSS Feed http://www.mail-archive.com/[email protected]/maillist.xml Unsubscribe [email protected]
