I’ve been struggling for a while with getting what I’ve always called “remote administration” working for some Linksys WRT54GL routers running OpenWrt with the X-Wrt extensions. My routers are currently on OpenWrt White Russian – With X-Wrt Extensions 0.9. Rules added through the web interface or in /etc/config/firewall never worked, and I finally ran across this post in the OpenWrt forums. The rule given by eisbaw works a treat for getting remote SSH access to the router. However, I’m not one who likes to open that for everyone to be able to SSH in, as they may be able to guess the password. Also, I wanted to be able to access the Webif interface also, so I made some tweaks. Here is the resulting /etc/firewall.user file:
## Open port to WAN
## — This allows port 22 to be answered by (dropbear on) the router
iptables -s 66.20.xx.xxx -t nat -A prerouting_wan -p tcp –dport 22 -j ACCEPT
iptables -s 66.20.xx.xxx -A input_wan -p tcp –dport 22 -j ACCEPT
iptables -s 66.20.xx.xxx -t nat -A prerouting_wan -p tcp –dport 1080 -j DNAT –to 192.168.0.1:80
iptables -s 66.20.xx.xxx -A input_wan -p tcp –dport 80 -j ACCEPT
I simply replicated the first rule and changed it to a DNAT to get remote Webif access via port 1080 on the WAN side. Also, you’ll notice that I added the “-s 66.20.xx.xxx” – this only allows access to those two ports if the traffic is coming from our corporate office. If you copy and paste, be sure to modify or remove that directive, otherwise, you’ll still be unable to remotely admin your router.