SSH connection from wan to the router throught a main router

clark · March 22, 2017, 7:07am

Hi,

My network configuration :

Main router connected to the internet
PC linked to the main router, it can access to the wan and lan (so to the AR300M)
AR300M linked to the main router through the LAN interface of the AR300M
AR300M is set to get an IP corresponding to the local network of the main router and the PC
- AR300M : 19.168.2.AA
- PC : 192.168.2.BB
- Main routeur : 192.168.2.MM

=> AR300M, Main router, PC can join each other through the local network.

I would like to connect to AR300M by SSH.

I succeeded through the local network with the PC.

I would like to connect to AR300M by SSH through the internet.

I opened the port 22 on my main router to forward every input connection on this port to the AR300M 192.168.2.AA
1. It is like I always did to forward incoming request to my PC for other service
I didn't succeed to connect to the AR300M

I tried to modify a lot of thing on the router (firewall and interface without success).

Can you explain to me how to do that ?

I have the same issue with the WAN interface on port 83, I think it is the same issue with the same solution :).

Regards,

alzhao · March 22, 2017, 10:00am

You need to open port 22 in AR300M. You can do this in Luci.

clark · March 22, 2017, 10:42pm

Thanks for your reply.

I tried to do this but without success.

I think I don’t use this graphic interface, I only used mainstream router like DLINK.

Can you describe action to open port 22 ?

I think it is the same to access to the web UI from the internet on part 83 ?

Regards,

alzhao · March 23, 2017, 10:10am

Go the Luci (advanced settings from the UI) or http://192.168.8.1/cgi-bin/luci

Then go to Network->firewall, then click “Traffic Rules” tab.

find “Open ports on router” and input

name -> 22
protocol -> TCP+UDP
External Port ->22

Now click “Add”. Then find “Save & Apply” at the bottom of the page and click it.

clark · March 26, 2017, 9:23am

Thanks for your reply, but that doesn’t work.

Is there any log on this device to see if request is received by it ?

clark · March 26, 2017, 9:29am

With the print screen of device configuration.

alzhao · March 27, 2017, 9:31am

It seems fine. How you tested? Can you make sure the port forward on your main router is also working?

You can try to do “ssh root@192.168.8.xx” from you main router to see if this works.

clark · March 27, 2017, 2:11pm

Hi,

I can’t do that from my main router.

But I tested with a SSH server connected to the main router, withe the port 22 forwarded to the server => It works.

Just SSH server of the AR300M is not reachable.

Does it exist log that I can consult to see if the request is rejected by AR300M ? Or check if it never received.

Regards,

alzhao · March 27, 2017, 6:46pm

You can check the log with

logread

if port is opened you will see logs of ssh.

Mid port is not opened you may not see the log because data is just rejected.

clark · March 27, 2017, 8:15pm

Hi,

I would like to see log of Firewall, not of SSH service.

My connection falls in timeout, so I know that SSH server didn’t answer to the connection request from my SSH client.

Is it possible to see log of firewall what it accepted or denied ?

Regards,

alzhao · March 27, 2017, 8:16pm

Actually yes. You can check openwrt firewall log. I didn’t try but i know there is a way.

clark · March 28, 2017, 9:40am

Ok, so log is not available in the GUI.

You say that log should be available.

Can you explain to me how, I’m a newby in Linux and with this kind of configuration with this kind of router. I used to mainstream router and I never had any issue to configure it before.

Thanks in advance ;),

clark · March 28, 2017, 2:41pm

Apparently, AR300M don’t manage sftp server., right ?

alzhao · March 28, 2017, 5:54pm

only ssh. No sftp.

I tried in my side with my mifi firmware v2.251 and had the same problem as you. But finally I found it is a problem of multiple devices in my network with same IP. NO idea of why this happend because I reinstalled the firmware.

Start with a clean firmware v2.25. You can reset the firmware to factory status if you are using this firmware.
add port 22 in luci
It works

clark · March 28, 2017, 6:28pm

Hi Thanks,

I will try, I already reset with factory status recently.

I did it wit the dedicated button on the side of the AR300M.

Just to be sure that you understand all of my network settings.

My main router is my DHCP.

The DHCP of my main Router attribut the following IP to the AR300M : 192.168.2.11

I configured the AR300M with the same IP to access it by my local network : 192.168.2.11

I didn’t see option for the AR300M get an IP by DHCP.

Do you think this can be the cause of the issue ?

Regards

rootKR · April 4, 2018, 2:56am

Hi!
Apparently works ! Shell

alzhao · April 5, 2018, 5:41am

thanks for bring the old post back. I tried to check through again.

So everything works now?

guyinsb · December 11, 2018, 5:09pm

Which screen should be used to add port 22 in luci? If I connect to my MT300N’s wifi, I can SSH to the MT300N’s lan IP address (192.168.8.1). But if I try to SSH to the MT300’s wan port (192.168.67.125), the connection attempt is refused. That is typical for many routers; they typically require some box to be checked to allow SSH access via the WAN port.

The MT300N simple GUI does not have such a check box. The Luci GUI has a screen under System → Administration SSH Access, but it apparently just sets up listening.

To actually allow WAN SSH access, one must use Network → Firewall → Traffic Rules (Open ports on router).