AX1800 - Reverse ssh fails

Hi All could you help?

I am configuring reverse ssh and I cant pass the port for some reason.
root@GL-AX1800:~# ssh: Remote TCP forward request failed (port 4343 → localhost:22)
Any idea what could be blocked?

Who/what is that remote host? Have you access to its CL? If so

  • check /etc/ssh/sshd_config for GatewayPorts setting (see e.g. here)

If PermitListen is configured correctly then usually the port on the server is just taken, happens randomly with hi-ports as they’re ‘free to use’.

  • do a “netstat -anp | grep 4343” in the servers shell to see if that is the issue

After, pls report back.


edit: Had a short look in the man pages and :face_with_spiral_eyes:
My fault, Gatewayports define if remote PF binds to localhost or the actual IP addddress(es). What one was looking for on an openSSH server was

I am connected via to ssh terminal but I cant see the sshd_conf file anywhere.

Does it have in a different place or the ssh is not installed actually?

pls describe your setup better:

  • What device is the server you try to connect to?
  • which client/command do you use?

ok I have just found that the ssh server was not installed. I installed it and now I have the sshd_conf file.

I have got a device in the network that can see it diagnostic page (port 80)

Device1 -------------------GL.INET(AX1800)---------NAT---------(INTERNET) --------MyLAPTOP

I want to initiate the reverse ssh connection on AX1800 to be able to display a page from a device1 on my Laptop.

Device1 = 192.168.8. 200
AX1800 =
MyLaptop = PublicIP

On AX1800:
Command: ssh -fN -R 4343:localhost:22 my_user@PublicIP_of_My_Laptop
Output: my_user@PublicIP_of_My_Laptop’s password:
root@GL-AX1800:/# ssh: Remote TCP forward request failed (port 4343 → localhost:22)

I only have the MT-1300 but I guess your AX1800 is running openWRT as well?
Then you had dropbear (config in /etc/config/dropbear) as SSH server.

For this you needed local PF on the laptop, not remote on the AX (PF is seen from the SSH clients side).

Device1 =, (web?)pages on device served on port 1234
AX1800 = - DDNS name ← your DDNS name

On your laptop you do ssh -fN -L 4343: (or use PuTTY or another SSH client)
You then opened localhost:4343 in your web browser (or connected your app to localhost:4343).


Please note, the ssh in the router is using dropbear, not openssh etc.

You can install openssh to replace dropbear. Just need to stop dropbear ssh.

Yes I know now. I am using both at the moment.

I think I am close and with your help I can resolve my problem.

On AX1800 I can see running process: (ps | grep ssh) no errors.

ssh -p xxx -fN -R 4343:localhost:22 my_user@PublicIP_of_My_Laptop

(bear in mind my home router does not allow to open 22 port that is why I am connecting via xxx)
I am not sure if localhost:22 or localhost:xxx should be in this command.

Next, I log in to my Laptop and execute command:
ssh -g -L 4343: -p xxx my_user@localhost_of_My_Laptop

bind [::]:4343: Address already in use
channel_setup_fwd_listener_tcpip: cannot listen to port: 4343
Could not request local forwarding.


  1. The tunnel on AX1800 seems to be correct but I am not sure about the ssh port 22 or xxx
  2. There is something wrong on my Laptop command. This is probably wrong port or IP.

Any idea?

binds port 4343 on your laptop to SSH (your command requests to forward everything arriving at port 4343 of the laptop to port 22 on the AX)

tries to bind port 4343 on your laptop to SSH - which it cannot bc it’s already bound to SSH by your other command (your command requests to forward everything arriving at port 4343 of the laptop to port 22 on

As written in my last reply: You only need the latter command

ok we are very close now :wink: I do understand 97% but the last quote is not clear to me:

On your laptop you do ssh -fN -L 4343:

What machine is this?

In general it’s the host name or IP address to reach your AX1800 from whereever you are - most likely its DDNS name or public IP address. is the placeholder for your individual DDNS name of your AX1800 (in case you use GL-inets DDNS service it’s sth. like - on my MT-1300 I find it in WebUI | APPLICATIONS | Remote Access):

Solved! It was so easy with DDNS. It is great! Thank you.