1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SSH remote forwarding

Discussion in 'DD-WRT Firmware' started by mk14, May 22, 2007.

  1. mk14

    mk14 Network Guru Member

    I'm trying to set up an SSH forwarding through my WRT54G (v3.1) with DD-WRT v23 SP2.
    The WRT is and it's running SSH with key-based login.

    Local forwarding
    ssh -L 8080:localhost:80 root@ -p 2222
    works just fine (as expected, I get the DD-WRT web interface when I access http://localhost:8080 on my computer).

    But remote forwarding
    ssh -R 8080:localhost:80 root@ -p 2222
    doesn't work - I should get to the webserver my computer is running on port 80 when accessing

    When I run netstat -a on DD-WRT after connecting through SSH -R, I also can't see anything running on port 8080.

    How can I use remote forwarding with the WRT? Could it be a firewall issue on the WRT?

    EDIT: When I'm sshed into the WRT and run telnet localhost 8080 and then type GET / HTTP/1.0 and hit return twice, I get the HTML code of the start page on my web server. So it seems like DD-WRT's Dropbear doesn't allow other hosts to connect to port forwardings.
  2. mk14

    mk14 Network Guru Member

    I was able to solve the problem by having DD-WRT run the following commands on startup (can be set on Administration - Diagnose in the web interface):

    killall dropbear
    dropbear -b /tmp/loginprompt -r /tmp/root/.ssh/ssh_host_rsa_key -d /tmp/root/.ssh/ssh_host_dss_key -p 2222 -s -a
    This runs dropbear with option "-a Allow connections to forwarded ports from any host".
    iptables -P INPUT ACCEPT
    iptables -P OUTPUT ACCEPT
    iptables -P FORWARD ACCEPT
    iptables -F
    iptables -X
    This disables the firewall.

    Now I can connect and the portforwarding works:
    ssh -R root@ -p 2222
    But it only works if I specify the WRT's external IP ( in the -R command and use instead of localhost.

Share This Page