With only SSH access to Tomato, need to forward a port

Discussion in 'Tomato Firmware' started by sauce, May 31, 2008.

  1. sauce

    sauce Network Guru Member

    Hello. Not at the office right now, need to open up a port. I have only SSH access. How can I do it?
  2. bogderpirat

    bogderpirat Network Guru Member

  3. sauce

    sauce Network Guru Member

    *edit* That link you sent me did not work, I had to use different commands

    here is how I did it

    iptables -t nat -A PREROUTING -i vlan1 -p tcp -m tcp -d WAN_IP_HERE --dport 10000 -j DNAT --to-destination SERVER_IP_HERE
    iptables -I FORWARD -p tcp -m tcp -d SERVER_IP_HERE --dport 10000 -j ACCEPT
    and i found it by searching these forums for PREROUTING
  4. fyellin

    fyellin LI Guru Member

    If you're trying to open up a port temporarily rather than permanently, you can also use the fact that ssh can do its own port forwarding. This also has the advantage that the port forwarding is restricted just to you.

    For example, I have the following in my .ssh/config file:

    Host router
    HostName myMachine.myDomain.com
    User root
    Port 1234
    LocalForward 8001 localhost:80
    LocalForward 8002 othermachine:80​

    When I type "ssh router", ssh automatically goes to the right port on the right machine and users the right userid. In addition, durin the time I'm ssh'ed into my router, I can browse http://localhost:8001 to see my router's home page, or http://localhost:8002 to see othermachine's home page.

    The names "localhost" and "othermachine" are interpreted by the target machine. You can reference internal machines by name or by IP address. You can forward to any port, not just to 80.

    Note also, that unless you go out of your way to make them gateways, this is also secure. Only your local machine is allowed to talk to port 8001 and 8002.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice