HowTo-Enable Remote Access

From X-Wrt

Jump to: navigation, search

A word of caution. Opening your router for remote access is a security risk, and it is being exploited. Make sure your have a good password, and consider avoiding access through standard ports. Read the official announcement from OpenWrt here: http://forum.openwrt.org/viewtopic.php?pid=84492#p84492

Enabling remote access by configuring Iptables directly

You can enable remote access with ssh to your OpenWrt router by un-commenting the last two of the following lines in /etc/firewall.usr: 

### Open port to WAN
## -- This allows port 22 to be answered by (dropbear on) the router
# iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport 22 -j ACCEPT
# iptables        -A input_rule      -i $WAN -p tcp --dport 22 -j ACCEPT

If you want to access the web-interface webif remotely, you can add the following two lines to /etc/firewall.usr: 

iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport 8080 -j DNAT --to 192.168.1.1:80
iptables        -A input_rule      -i $WAN -p tcp --dport 80   -j ACCEPT


You can now try to access the web-interface remotely through port 8080, e.g., replace mydomain with your external IP address or domain name, and try to access http://mydomain:8080 in your favourite browser. Also, replace 192.168.1.1 with your routers LAN IP if it is different. Note the the first line forwards port 8080 to port 80 on your router. You can mimic the set-up for ssh if you want access through port 80 externally. Similarly you can mimic the set-up of webif for ssh if you want to forward a port different from 22 to ssh on your router, which actually can be a very good idea.

Enabling remote access with the X-Wrt web-interface webif

You can use the web-interface webif directly to achieve remote access through ssh or http, providing a more user friendly approach. You can set-up remote access to webif by using the firewall configuration in webif. Just add an accept rule for TCP protocol on port 80 to access webif remotely, and on port 22 to access ssh remotely. Note that the /etc/firewall.usr example above forwards port 8080 from the internet to port 80 on your router, which is convenient if your ISP is blocking port 80, or just to avoid unwanted traffic. This is how a working set-up using port 8080 looks like (remember to change 192.168.1.1 if you have given your router another IP, e.g., to avoid conflict with the IP of a router/modem supplied by your ISP): Image:remotewebif.png

Access it through http://domain:8080, where domain is replaced by your external IP or registered domain name.

Retrieved from "http://wiki.x-wrt.org/index.php/HowTo-Enable_Remote_Access"
Personal tools