WRT54GS and port forwarding ssh

Hi all,

I've got a WRT54GS that I just upgraded to HyperWRT 1.21 Beta 1. I'm
having a problem. I can't seem to get port forwarding to work on my
router, either before or after the upgrade. I've got a linux box as my
machine and I'm trying to port forward ssh and a HTTP server on port
1000. I've set up the router to forward those ports, enabled them saved
the configuration, all of that, but I can't connect to the ports at all
on the IP assigned to the router by my provide. I use Charter as my
provider, and they tell me they don't block any ports from their end.

Any suggestions would be most appreciated.

Thanks,
Doug

In comp.os.linux.networking (E-Mail Removed):
> Hi all,

> I've got a WRT54GS that I just upgraded to HyperWRT 1.21 Beta 1. I'm
> having a problem. I can't seem to get port forwarding to work on my
> router, either before or after the upgrade. I've got a linux box as my
> machine and I'm trying to port forward ssh and a HTTP server on port
> 1000. I've set up the router to forward those ports, enabled them saved
> the configuration, all of that, but I can't connect to the ports at all
> on the IP assigned to the router by my provide. I use Charter as my
> provider, and they tell me they don't block any ports from their end.

> Any suggestions would be most appreciated.

Found those usual cheapo hw router/firewall/WLAN access-point/etc
an utter piece of crap and complete useless devices.

Linux can do all this for you much better, with routing,
fire-walling, shaping and alike capabilities not affordable from
serious vendors like cisco/etc for home usage.

--
Michael Heiming (X-PGP-Sig > GPG-Key ID: EDD27B94)
mail: echo (E-Mail Removed) | perl -pe 'y/a-z/n-za-m/'
#bofh excuse 304: routing problems on the neural net

Michael Heiming <michael+(E-Mail Removed)> wrote:
>In comp.os.linux.networking (E-Mail Removed):
>> Hi all,
>
>> I've got a WRT54GS that I just upgraded to HyperWRT 1.21 Beta 1. I'm

....

>Found those usual cheapo hw router/firewall/WLAN access-point/etc
>an utter piece of crap and complete useless devices.
>
>Linux can do all this for you much better, with routing,
>fire-walling, shaping and alike capabilities not affordable from
>serious vendors like cisco/etc for home usage.

You didn't know the WRT54GS is a little Linux box? Full blown
2.4 kernel... with routing, firewalling, etc. all very
affordable (oh yeah, it's a Cisco product, too).

The point he was making about upgrading to HyperWRT firmware
is that it provides telnet access to get a shell command line.
Makes a pretty nice little system.

--
Floyd L. Davidson <http://web.newsguy.com/floyd_davidson>
Ukpeagvik (Barrow, Alaska) (E-Mail Removed)

In comp.os.linux.networking Floyd L. Davidson <(E-Mail Removed)>:
> Michael Heiming <michael+(E-Mail Removed)> wrote:
>>In comp.os.linux.networking (E-Mail Removed):
>>> Hi all,
>>
>>> I've got a WRT54GS that I just upgraded to HyperWRT 1.21 Beta 1. I'm


>>Found those usual cheapo hw router/firewall/WLAN access-point/etc
>>an utter piece of crap and complete useless devices.
>>
>>Linux can do all this for you much better, with routing,
>>fire-walling, shaping and alike capabilities not affordable from
>>serious vendors like cisco/etc for home usage.

> You didn't know the WRT54GS is a little Linux box? Full blown
> 2.4 kernel... with routing, firewalling, etc. all very
> affordable (oh yeah, it's a Cisco product, too).

Ah see, didn't knew, thx. The cisco products I'm a little
comfortable with are out of the larger catalyst series, nothing
someone would run for home usage. ;-)

> The point he was making about upgrading to HyperWRT firmware
> is that it provides telnet access to get a shell command line.
> Makes a pretty nice little system.

Yep, a pity that cisco still uses telnet protocol to access IOS.

--
Michael Heiming (X-PGP-Sig > GPG-Key ID: EDD27B94)
mail: echo (E-Mail Removed) | perl -pe 'y/a-z/n-za-m/'
#bofh excuse 286: Telecommunications is downgrading.

>>>>> "M" == Michael Heiming <michael+(E-Mail Removed)> writes:

>>> Found those usual cheapo hw router/firewall/WLAN access-point/etc
>>> an utter piece of crap and complete useless devices.
>>>
>>> Linux can do all this for you much better, with routing,
>>> fire-walling, shaping and alike capabilities not affordable from
>>> serious vendors like cisco/etc for home usage.

>> You didn't know the WRT54GS is a little Linux box? Full blown 2.4
>> kernel... with routing, firewalling, etc. all very affordable (oh
>> yeah, it's a Cisco product, too).

M> Ah see, didn't knew, thx. The cisco products I'm a little
M> comfortable with are out of the larger catalyst series, nothing
M> someone would run for home usage. ;-)

I guess Linux should not be used for home usage? Whatever. Linux is a
full blown product.

>> The point he was making about upgrading to HyperWRT firmware is
>> that it provides telnet access to get a shell command line. Makes
>> a pretty nice little system.

M> Yep, a pity that cisco still uses telnet protocol to access IOS.

SSH is an option also. There are limits on storage space but you can
bascially these little boxes can do a lot! Well you cannot attach a
monitor. ;-)

Later,

Alan

Now see, all of this banter was interesting, but completely off topic
and not very helpful to my problem, sorry to say. I do know the WRT54GS
is a linux box internally, and that the HyperWRT 1.21 Beta 1 upgrade I
applied made it a more accessible linux box. I also have a linux box as
my main PC behind the WRT54GS. However, I'm still fairly new to linux
and don't really understand iptables all that well, at least not well
enough to use my linux box as the firewall/router for my home network.
This seems like a simple thing, and probably I'm overlooking a simple
setting, but I'm still having problems port forwarding ssh and a web
server on port 1000. Any help with that would be greatly appreciated.

Thanks,
Doug

In comp.os.linux.networking Alan Walpool <(E-Mail Removed)>:
>>>>>> "M" == Michael Heiming <michael+(E-Mail Removed)> writes:
[..]

> >> You didn't know the WRT54GS is a little Linux box? Full blown 2.4
> >> kernel... with routing, firewalling, etc. all very affordable (oh
> >> yeah, it's a Cisco product, too).

> M> Ah see, didn't knew, thx. The cisco products I'm a little
> M> comfortable with are out of the larger catalyst series, nothing
> M> someone would run for home usage. ;-)

> I guess Linux should not be used for home usage? Whatever. Linux is a
> full blown product.

Sure it is. The point was that if you look at the price of the
above mentioned cisco products. It's obvious you won't use them
at home
[..]

> M> Yep, a pity that cisco still uses telnet protocol to access IOS.

> SSH is an option also. There are limits on storage space but you can
> bascially these little boxes can do a lot! Well you cannot attach a
> monitor. ;-)

Good.

--
Michael Heiming (X-PGP-Sig > GPG-Key ID: EDD27B94)
mail: echo (E-Mail Removed) | perl -pe 'y/a-z/n-za-m/'
#bofh excuse 78: Yes, yes, its called a design limitation

(E-Mail Removed) wrote:
>Now see, all of this banter was interesting, but completely off topic

It may not be useful to you, but that doesn't make it off topic.

>and not very helpful to my problem, sorry to say. I do know the WRT54GS
>is a linux box internally, and that the HyperWRT 1.21 Beta 1 upgrade I
>applied made it a more accessible linux box. I also have a linux box as
>my main PC behind the WRT54GS. However, I'm still fairly new to linux
>and don't really understand iptables all that well, at least not well
>enough to use my linux box as the firewall/router for my home network.
>This seems like a simple thing, and probably I'm overlooking a simple
>setting, but I'm still having problems port forwarding ssh and a web
>server on port 1000. Any help with that would be greatly appreciated.

I use several WRT54G's, but have never tried doing what you
want, so I have no idea what you need. Try posting to
alt.internet.wireless, and you might get some help. I haven't
seen anyone mention exactly that situation, but there are some
people doing a lot of stuff with a variety of different
equipment and you might get lucky.

--
Floyd L. Davidson <http://web.newsguy.com/floyd_davidson>
Ukpeagvik (Barrow, Alaska) (E-Mail Removed)

Michael Heiming <michael+(E-Mail Removed)> wrote:
>In comp.os.linux.networking Alan Walpool <(E-Mail Removed)>:
>>>>>>> "M" == Michael Heiming <michael+(E-Mail Removed)> writes:
>[..]
>
>> >> You didn't know the WRT54GS is a little Linux box? Full blown 2.4
>> >> kernel... with routing, firewalling, etc. all very affordable (oh
>> >> yeah, it's a Cisco product, too).
>
>> M> Ah see, didn't knew, thx. The cisco products I'm a little
>> M> comfortable with are out of the larger catalyst series, nothing
>> M> someone would run for home usage. ;-)
>
>> I guess Linux should not be used for home usage? Whatever. Linux is a
>> full blown product.
>
>Sure it is. The point was that if you look at the price of the
>above mentioned cisco products. It's obvious you won't use them
>at home

Certainly not when there are perfectly adaquate models available
for less than $100.

Likewise, it is quite true that the Linksys WRT54 equipment is
consumer grade, and a company that might lose thousands of
dollars an hour if one of them failed wouldn't hesitate to skip
that $100 price tag and go for the industrial strength models.

>> M> Yep, a pity that cisco still uses telnet protocol to access IOS.
>
>> SSH is an option also. There are limits on storage space but you can
>> bascially these little boxes can do a lot! Well you cannot attach a
>> monitor. ;-)
>
>Good.

Telnet access is just the starting point that gives initial
access to a shell prompt to allow reconfiguration. From that
point there isn't much that can't be done.

In addition to the HyperWRT firmware there are at least two
other third party products that provide a full service upgrade.

--
Floyd L. Davidson <http://web.newsguy.com/floyd_davidson>
Ukpeagvik (Barrow, Alaska) (E-Mail Removed)

On Sat, 05 Mar 2005 14:55:25 -0800, writeson wrote:

> Hi all,
>
> I've got a WRT54GS that I just upgraded to HyperWRT 1.21 Beta 1. I'm
> having a problem. I can't seem to get port forwarding to work on my
> router, either before or after the upgrade. I've got a linux box as my
> machine and I'm trying to port forward ssh and a HTTP server on port
> 1000. I've set up the router to forward those ports, enabled them saved
> the configuration, all of that, but I can't connect to the ports at all
> on the IP assigned to the router by my provide. I use Charter as my
> provider, and they tell me they don't block any ports from their end.
>
> Any suggestions would be most appreciated.

How does each entry appear in the port forward section of the router
config ?
For example, on my wrt54g ( running just the latest firmware from
Linksys...) I am forwarding ssl to a specific machine. The entry for that
has the following settings :

application-->https ( just the descriptive name I gave it)
Start-->443 ( starting port to forward )
End-->443 ( ending port to forward )
Protocol-->TCP ( protocol used by ports that are forwarded )
IPAddress-->192.168.1.10 ( internal address t forward ports to )
Enable--> checked on ( whether to enable the port forwarding for this
entry )

Also, have you checked the obvious ??? Like the correct IP the ports are
getting forwarded to ? Is any firewalling on the Linux box preventing
access to those ports ?

Finally, I've seen some dsl modems that are also NAT'ing type devices, and
have some basic firewalling built in. They effectively block most inbound
traffic by default, so to do port forwarding like this, you first have to
configure the modem to forward traffic to your router, which then forwards
to specific devices behind it.

--
- Matt -