[OpenWrt-Users] SSH tunneling to Debian System through openwrt

[James Allsopp]

Hi,
I've a Debian System running mpd (music player system) that I use SSH
tunneling to use at work.
I've altered the openwrt configuration to port forward to that machine, I've
included the contents of the /etc/config/firewall at the end of this mail.

I can ssh into the debian machine fine from anywhere. In Linux, I'm using
the following commands to set up the tunnel.

ssh -f ja@<ip-address> -L 6600:<ipaddress>:6600 -N
ssh -f ja@<ipaddress> -L 8000:<ipaddress>:8000 -N

In windows, I can just use putty.

Using windows from work or at home when connected to the wireless I can
access my music fine. From work linux machines or
from my laptop via a mobile phone tether I get the following, after the
connection has succesfully been set up.
channel 2: open failed: connect failed: Connection refused

I'm wondering if this is a work firewalling problem, or an openwrt setup
problem? I'm stumped. I think mpd uses TCP for the client connect on prot
6600. If you need anymore information, let me know.

Thanks, Jim

/etc/config/firewall
config defaults
    option syn_flood    1
    option input        ACCEPT
    option output        ACCEPT
    option forward        REJECT

config zone
    option name        lan
    option input    ACCEPT
    option output    ACCEPT
    option forward    REJECT

config zone
    option name        wan
    option input    REJECT
    option output    ACCEPT
    option forward    REJECT
    option masq        1
    option mtu_fix    1

config forwarding
    option src      lan
    option dest     wan

# We need to accept udp packets on port 68,
# see https://dev.openwrt.org/ticket/4108
config rule
    option src        wan
    option proto        udp
    option dest_port    68
    option target        ACCEPT

# include a file with users custom iptables rules
config include
    option path /etc/firewall.user


### EXAMPLE CONFIG SECTIONS
# do not allow a specific ip to access wan
#config rule
#    option src        lan
#    option src_ip    192.168.45.2
#    option dest        wan
#    option proto    tcp
#    option target    REJECT

# block a specific mac on wan
#config rule
#    option dest        wan
#    option src_mac    00:11:22:33:44:66
#    option target    REJECT

# block incoming ICMP traffic on a zone
#config rule
#    option src        lan
#    option proto    ICMP
#    option target    DROP

# port redirect port coming in on wan to lan
#editted 23rd February to get access to apache
config redirect
    option src            wan
        option src_dport    80
    option dest            lan
    option dest_ip        192.168.1.2
    option dest_port    80
    option proto        tcp


### FULL CONFIG SECTIONS
#config rule
#    option src        lan
#    option src_ip    192.168.45.2
#    option src_mac    00:11:22:33:44:55
#    option src_port    80
#    option dest        wan
#    option dest_ip    194.25.2.129
#    option dest_port    120
#    option proto    tcp
#    option target    REJECT

#config redirect
#    option src        lan
#    option src_ip    192.168.45.2
#    option src_mac    00:11:22:33:44:55
#    option src_port        1024
#    option src_dport    80
#    option dest_ip    194.25.2.129
#    option dest_port    120
#    option proto    tcp

##Edit for ssh
config 'redirect' 'ssh'
    option 'src' 'wan'
    option 'proto' 'tcp'
    option 'src_ip' ''
    option 'src_dport' '22'
    option 'dest_ip' '192.168.1.2'
    option 'dest_port' '22'

config 'rule'
    option 'src' 'wan'
    option 'proto' 'tcp'
    option 'src_ip' ''
    option 'dest_ip' ''
    option 'dest_port' '22'
    option 'target' 'ACCEPT'

_______________________________________________
openwrt-users mailing list
openwrt-users@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-users