Tomato 1.19 telnet/ssh remote access problem

Discussion in 'Tomato Firmware' started by tamato, May 12, 2008.

  1. tamato

    tamato Addicted to LI Member

    I have a buffalo Buffalo WHR-HP-G54 router flashed with tomato 1.19 firmware. It works well except I can't access its ssh and telnet interface remotely(WAN side), I can access both from LAN side. Here is my configuration:

    Tomato 1.19
    DSL (pppoe) connection
    SSH and telnet daemon enabled, default port, remote access enabled
    DHCP disabled, using static address in LAN
    HTTP interface remote access disabled
    Gateway mode

    Seems that I can't get connected to telnet and ssh ports(23 and 22) from WAN side, but no problem from LAN side. I tried different ISPs but no luck. Checked tomato log, it does record the connection effort, the dest port is right (23 and 22), but src port is 3119 and 3120(for one isp).

    I need some help here, thanks in advance.
  2. Rob650

    Rob650 Addicted to LI Member

    You say Tomato is actually seeing the connection attempt? What does the log say in Tomato? What error are you getting in your client?

    edit: After looking at my router, SSH defaults to listening to port 2222 on the WAN side. Did you change this, or are you entering port 2222 in your client? Also, I can't find a way to enable remote telnet access in the web interface, unless I'm missing something...
  3. nvtweak

    nvtweak LI Guru Member

    Good catch Rob

    tamato, you can't access port 22 from the WAN. So use port 2222

    And no, remote telnet cannot be enabled from the GUI. It would be insecure to do so, since transmissions over telnet are not encrypted like they are with HTTPS or SSH.
  4. tamato

    tamato Addicted to LI Member

    Yeah, thanks. Actually I made ssh working.

    1. change the connection port from 22 to 2222(I just realized 22 is only used by LAN, kind of dumb).

    2. I have to configure the proxy setup(the current isp uses a http proxy).

    Now I can access ssh shell from WAN. But telnet is still not working, I guess it's proxy related, not sure how to set up it in command window. But anyway I don't care it now.(edit: I will look at how telnet is setup back at home, maybe I misunderstand the meaning of GUI option).

    Now is the new question, how to set up the tunneling of web browsing session? What command should I use on tomato server side? Thanks, I am kind of new on ssh and linux.
  5. Rob650

    Rob650 Addicted to LI Member

    I have an openssh-server running on a computer behind my router on which I'm able to do what you're describing. Here's one guide to accomplish it - I'm not sure the Tomato router itself is up to the task though.
  6. tamato

    tamato Addicted to LI Member

    Thanks for reply.

    I am reading this

    What I am trying to do is to use my router with tomato as the SSH server, so I can connect back to it browsing in a secure way, without turning on my PC.

    In the comment section, some user mentions it, but I don't know how to set it up. I checked my tomato shell ssh command, there is no -ND option available.

    I am using Bitvise Tunnelier, and have got key authentication working. It's kind of fun to play with tomato.
  7. tamato

    tamato Addicted to LI Member

    Ok, finally I made tomato tunneling working.

    Following the instruction in section "Tunnelier as a Port Forwarding Client" in

    You can connect to the tomato router and do secure browsing. IE works fine but firefox has some problem, it always treats the page as binary type (application/octet-stream), trying to download instead of open it, kind of puzzle.

    I will try to figure it out, also want to see how putty works.

    Edit: firefox works fine as well, but you need to config the proxy as socket 4, instead of socket 5 as in the figure. I can't make putty work, it complains about the key file. I think Tunnelier is a better SSH client, very easy to use, and free as well.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice