ssh from wan!

An area specifically for port forwarding, firewalls and other (on-line) security related issues.
Post Reply
peraro
Novice
Novice
Posts: 13
Joined: Sat Jun 09, 2012 11:26 am

ssh from wan!

Post by peraro » Fri Sep 14, 2012 10:39 pm

Hello,

I need to ssh my router from wan, i found an iptables rule to do this:

Code: Select all

iptables -I INPUT -i ppp0 -p tcp --dport 22 -j ACCEPT
and it's work fine until the the router has been rebooted, then after doing:

Code: Select all

iptables -vnL
All rules that i have wrote are gone? and back to default. By using GUI from Advance->Access Control
Enable Access Control ticked
WAN: telnet/ssh ticked.
LAN group 1: telnet/web/ftp/ssh ticked
It doesn't work!!!

Where does RouterTech firmware save iptables rules? and how can i save it to add my own rules?
User avatar
thechief
RouterTech Team
RouterTech Team
Posts: 12067
Joined: Wed Feb 01, 2006 10:22 pm
Location: England, the Centre of Africa
Contact:

Re: ssh from wan!

Post by thechief » Sat Sep 15, 2012 6:31 pm

Post the system diagnostics.
The Chief: :afro: Be sure to read the Firmware FAQ and do a Forum Search before posting!
No support via PM. Ask all questions on the open forum.
peraro
Novice
Novice
Posts: 13
Joined: Sat Jun 09, 2012 11:26 am

System Diagnostics

Post by peraro » Sat Sep 15, 2012 7:10 pm

Note: i did this command, but it doesn't work.

Code: Select all

setenv ip4.sh ";/sbin/iptables -I INPUT -i ppp0 -p tcp --dport 22 -j ACCEPT"

Code: Select all

ROUTERTECH SYSTEM DIAGNOSTICS

Client browser information
Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.19 (KHTML, like Gecko) Ubuntu/12.04 Chromium/18.0.1025.168 Chrome/18.0.1025.168 Safari/535.19
You might have problems with Chrome. Use Firefox instead.

Router operating system version
Linux version 2.4.17_mvl21-malta-mips_fp_le (developers at RouterTech dot Org) #1 Mon May 2 00:45:04 BST 2011

Firmware version information
BUILD=RouterTech_3.6.0D_20110502_2.96
VERSION=3.6.0D-RouterTech-1P-Adam2
BOARD=AR7RD
TARGET=Adam2-4mb-flash
FSSTAMP=20110502004836
ROHS=0

PSP version information

Linux OS DSL-PSPOhioL version 4.5.0.5 Best and Final on BasePSP Version 5.7.6.12  May  2 2011 00:46:02 
Avalanche SOC Version: 0x20005 operating in cached, write back, write allocate mode
Cpu Frequency:150 MHZ
System Bus frequency: 125 MHZ


Driver version information
Core Logic version: 3.6.0D
Texas Instruments CPMAC driver version: 1.5
Texas Instruments CPMAC HAL version: CPMAC 01.07.08 May  2 2011 00:45:14
ATM Driver version:[7.05.01.00]
DSL HAL version: [7.05.01.00]
DSP Datapump version: [7.05.01.00] Annex A
SAR HAL version: [01.07.2c]
PDSP Firmware version:[0.54]
Chipset ID: [7300/7300A]

Modem Modulation Information
NO_MODE			0x0
ADSL_G.dmt			0x3
ADSL_G.lite			0x4
ADSL_G.dmt.bis			0x8
ADSL_G.dmt.bis_DELT			0x9
ADSL_2plus			0x10
ADSL_2plus_DELT			0x11
ADSL_re-adsl			0x20
ADSL_re-adsl_DELT			0x21
ADSL_ANSI_T1.413			0x2
MULTI_MODE			0x1
ADSL_G.dmt.bis_AnxI			0x0
ADSL_G.dmt.bis_AnxJ			0x0
ADSL_G.dmt.bis_AnxM			0x400
ADSL_2plus_AnxI			0x0
ADSL_2plus_AnxJ			0x0
ADSL_2plus_AnxM			0x2000
G.shdsl			0x0
IDSL			0x0
HDSL			0x0
SDSL			0x0
VDSL			0x0

System environment (/proc/sys/dev/adam2/environment)
memsize	0x01000000
flashsize	0x00400000
modetty0	38400,n,8,1,hw
modetty1	38400,n,8,1,hw
bootserport	tty0
cpufrequency	150000000
sysfrequency	125000000
bootloaderVersion	0.22.02
ProductID	AR7DB
HWRevision	Unknown
SerialNumber	none
my_ipaddress	192.168.1.199
maca	00:0F:3D:85:E1:84
prompt	Adam2_AR7DB
firstfreeaddress	0x9401d328
req_fullrate_freq	125000000
mtd0	0x9008d000,0x903f0000
mtd1	0x90010090,0x9008d000
mtd2	0x90000000,0x90010000
mtd3	0x903f0000,0x90400000
autoload	1
usb_vid	0x0
usb_pid	0x0
usb_man	N/A
usb_prod	N/A
autoload_timeout	5
mtd4	0x90010000,0x903f0000
StaticBuffer	120
vcc_encaps0	0.0
vcc_encaps1	0.0
vcc_encaps2	0.0
vcc_encaps3	0.0
vcc_encaps4	0.0
vcc_encaps5	0.0
vcc_encaps6	0.0
vcc_encaps7	0.0
modulation	0x1
connection1	0xa695

led_conf	led.500t
darkstat_enable	1
darkstat_parms	-i ppp0 --hosts-max 256 --ports-max 80

CPU information
processor		: 0
cpu model		: MIPS 4KEc V4.8
BogoMIPS		: 149.91
wait instruction	: no
microsecond timers	: yes
extra interrupt vector	: yes
hardware watchpoint	: yes
VCED exceptions		: not available
VCEI exceptions		: not available

Memory (RAM) information
        total:    used:    free:  shared: buffers:  cached:
Mem:  14553088 13979648   573440        0   151552  5103616
Swap:        0        0        0
MemTotal:        14212 kB
MemFree:           560 kB
MemShared:           0 kB
Buffers:           148 kB
Cached:           4984 kB
SwapCached:          0 kB
Active:           6108 kB
Inactive:         1964 kB
HighTotal:           0 kB
HighFree:            0 kB
LowTotal:        14212 kB
LowFree:           560 kB
SwapTotal:           0 kB
SwapFree:            0 kB

Flash memory (chip) information
Flash_type=AMD; Manufacturer=ATMEL.
Manufacturer_ID=0x001F; Chip_ID=0x00C8; Chip_Size=0x400000; Erase_Regions=0x0002

Mount points
/dev/mtdblock/0 / squashfs ro 0 0
none /dev devfs rw 0 0
proc /proc proc rw 0 0
ramfs /var ramfs rw 0 0

Filesystems
nodev	rootfs
nodev	bdev
nodev	proc
nodev	sockfs
nodev	tmpfs
nodev	shm
nodev	pipefs
nodev	ramfs
	minix
nodev	devfs
	squashfs

MTD
dev:    size   erasesize  name
mtd0: 00363000 00010000 "mtd0"
mtd1: 0007cf70 00010000 "mtd1"
mtd2: 00010000 00002000 "mtd2"
mtd3: 00010000 00010000 "mtd3"
mtd4: 003e0000 00010000 "mtd4"

Kernel modules
tiatm                 138672   1

Interrupts
  7:  7242423   R4000 timer/counter [MIPS interrupt]
  8:        0   unified secondary [hw0 (Avalanche Primary)]
 15:      400   serial [hw0 (Avalanche Primary)]
 23:    70622 + SAR  [hw0 (Avalanche Primary)]
 27:   323444 + Cpmac Driver [hw0 (Avalanche Primary)]
 47:       78 + DSL  [hw0 (Avalanche Primary)]

Devices
Character devices:
  1 mem
  2 pty/m%d
  3 pty/s%d
  4 tts/%d
  5 cua/%d
 10 misc
108 ppp
128 ptm
136 pts/%d
162 raw

Block devices:
  7 loop
 31 mtdblock

Serial port information
serinfo:1.0 driver:5.05c revision:2001-07-08
0: uart:16550A port:A8610E00 irq:15 baud:2258 tx:6012 rx:0 RTS|DTR
1: uart:16550A port:A8610F00 irq:16 tx:0 rx:0 RTS|DTR

Processes
  PID USER       VSZ STAT COMMAND
    1 root      1056 S    init
    2 root         0 SW   [keventd]
    3 root         0 SWN  [ksoftirqd_CPU0]
    4 root         0 SW   [kswapd]
    5 root         0 SW   [bdflush]
    6 root         0 SW   [kupdated]
    7 root         0 SW   [mtdblockd]
  478 root      2300 S    /usr/sbin/mini_httpd -d /usr/www -u root -p 80 -c /c
  479 root      2568 S    /usr/bin/cm_pc
  481 root      4180 S    /usr/bin/cm_logic -m /dev/ticfg -c /etc/config.xml
  500 root       744 S    /sbin/dproxy -c /etc/resolv.conf -d
  572 root      1056 S    init
  863 root      2396 S    /usr/sbin/pppd plugin pppoe nas0 user [blanked]  
  904 root       920 S    /sbin/msntp -r 2 -t 5 -p 30 -s wwv.nist.gov ntp2b.mc
  910 root       696 S    /usr/sbin/upnpd ppp0 br0
  912 root       684 S    /usr/sbin/udhcpd /var/tmp/udhcpd.conf
 1109 root      4216 S    /usr/local/bin/darkstat -i ppp0 --hosts-max 256 --po
 1110 root      1720 S    /usr/local/bin/darkstat -i ppp0 --hosts-max 256 --po
 6907 root      1068 S N  /bin/sh diagnostics.cgi
 6908 root      2344 S    /usr/sbin/mini_httpd -d /usr/www -u root -p 80 -c /c
 6913 root      1188 S N  /usr/local/bin/diagnostics
 6914 root      1060 S N  sh -c /usr/local/bin/diagnostics.sh
 6915 root      1124 S N  /bin/bash /usr/local/bin/diagnostics.sh
 6953 root      1056 R N  /bin/ps

ADSL Modem information

AR7 DSL Modem Statistics:
--------------------------------
[DSL Modem Stats]
	US Connection Rate:	128	DS Connection Rate:	512
	DS Line Attenuation:	16	DS Margin:		31
	US Line Attenuation:	12	US Margin:		31
	US Payload :		5350944	DS Payload:		23777808
	US Superframe Cnt :	4257195	DS Superframe Cnt:	4257195
	US Transmit Power :	2	DS Transmit Power:	-3
	LOS errors:		0	SEF errors:		0
	Errored Seconds:	0	Severely Err Secs:	0
	Frame mode:		3	Max Frame mode:		0
	Trained Path:		1	US Peak Cell Rate:	301
	Trained Mode:		3	Selected Mode:		1
	ATUC Vendor Code:	4946544E	ATUC Revision:	1
	Hybrid Selected:	1	Trellis:		1
	Showtime Count:		1	DS Max Attainable Bit Rate: 10496 kbps
	BitSwap:		1	US Max Attainable Bit Rate:	n/a
	Annex: 			AnxA	psd_mask_qualifier: 0x0000
	ATUC ghsVid:  b5 00 49 46 54 4e 82 77
	T1413Vid: 00 00		T1413Rev: 00		VendorRev: 00
	ATUR ghsVid:  b5 00 54 53 54 43 00 00
	T1413Vid: 00 00	T1413Rev: 00	VendorRev: 00

	[Upstream (TX) Interleave path]
	CRC: 	0	FEC: 	0	NCD: 	0
	LCD: 	0	HEC: 	0

	[Downstream (RX) Interleave path]
	CRC: 	0	FEC: 	0	NCD: 	0
	LCD: 	0	HEC: 	0

	[Upstream (TX) Fast path]
	CRC: 	0	FEC: 	0	NCD: 	1
	LCD: 	0	HEC: 	0

	[Downstream (RX) Fast path]
	CRC: 	0	FEC: 	0	NCD: 	0
	LCD: 	0	HEC: 	0

[ATM Stats]
	[Upstream/TX]
	Good Cell Cnt:	111478
	Idle Cell Cnt:	21736768


	[Downstream/RX)]
	Good Cell Cnt:	495371
	Idle Cell Cnt:	86897584
	Bad Hec Cell Cnt:	0
	Overflow Dropped Cell Cnt:	0

[SAR AAL5 Stats]
	Tx PDU's:	34743
	Rx PDU's:	35874
	Tx Total Bytes:	4386445
	Rx Total Bytes:	23092539
	Tx Total Error Counts:	0
	Rx Total Error Counts:	0


[OAM Stats]
	Near End F5 Loop Back Count:	0
	Near End F4 Loop Back Count:	0
	Far End F5 Loop Back Count:	0
	Far End F4 Loop Back Count:	0
	SAR OAM Ping Response Drop Count=15

Modem DSL link information
SHOWTIME
1
failTrains=2

Trained modulation: 
ADSL_G.dmt

Path mode: 
Interleaved

Network statistics
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       
tcp        0      0 0.0.0.0:2048            0.0.0.0:*               LISTEN      
tcp        0      0 0.0.0.0:5000            0.0.0.0:*               LISTEN      
tcp        0      0 0.0.0.0:www             0.0.0.0:*               LISTEN      
tcp        0      0 0.0.0.0:domain          0.0.0.0:*               LISTEN      
tcp        0      0 0.0.0.0:ftp             0.0.0.0:*               LISTEN      
tcp        0      0 0.0.0.0:ssh             0.0.0.0:*               LISTEN      
tcp        0      0 0.0.0.0:telnet          0.0.0.0:*               LISTEN      
tcp        0      0 0.0.0.0:667             0.0.0.0:*               LISTEN      
tcp        0      0 mygateway1.AR7RD:www    192.168.1.2:35609       TIME_WAIT   
tcp        0      0 mygateway1.AR7RD:www    192.168.1.2:35611       TIME_WAIT   
tcp        0      0 mygateway1.AR7RD:www    192.168.1.2:35613       TIME_WAIT   
tcp        0      0 mygateway1.AR7RD:www    192.168.1.2:35607       TIME_WAIT   
tcp     1553      0 mygateway1.AR7RD:ssh    192.168.1.2:48946       CLOSE_WAIT  
tcp        0      0 mygateway1.AR7RD:www    192.168.1.2:35608       TIME_WAIT   
tcp        0      0 mygateway1.AR7RD:www    192.168.1.2:35610       TIME_WAIT   
tcp        0      0 mygateway1.AR7RD:www    192.168.1.2:35612       TIME_WAIT   
tcp        0      0 mygateway1.AR7RD:www    192.168.1.2:35614       ESTABLISHED 
tcp        0      0 mygateway1.AR7RD:www    192.168.1.2:35606       TIME_WAIT   
udp        0      0 mygateway1.AR7RD:2049   0.0.0.0:*                           
udp        0      0 0.0.0.0:domain          0.0.0.0:*                           
udp        0      0 0.0.0.0:bootps          0.0.0.0:*                           
udp        0      0 0.0.0.0:tftp            0.0.0.0:*                           
udp        0      0 0.0.0.0:1900            0.0.0.0:*                           
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags       Type       State         I-Node Path
unix  2      [ ACC ]     STREAM     LISTENING       1317 /var/run/miniupnpd.ctl
unix  2      [ ]         DGRAM                       559 /var/tmp/cm_miniHttpd.ctl
unix  2      [ ]         DGRAM                       569 /var/tmp/cm_pc.ctl
unix  2      [ ]         DGRAM                       583 /var/tmp/cm_logic.ctl
unix  5      [ ]         DGRAM                       596 /dev/log
unix  2      [ ]         DGRAM                       598 /dev/klog
unix  3      [ ]         STREAM     CONNECTED       1655 
unix  3      [ ]         STREAM     CONNECTED       1654 
unix  2      [ ]         DGRAM                      1232 
unix  2      [ ]         DGRAM                      1178 
unix  2      [ ]         DGRAM                       985 
unix  2      [ ]         STREAM                      555 
unix  2      [ ]         DGRAM                       554 
unix  2      [ ]         DGRAM                        25 

Iptables chains
Chain PREROUTING (policy ACCEPT 4181 packets, 298K bytes)
 pkts bytes target     prot opt in     out     source               destination         
    4   228 DNAT       tcp  --  ppp0   *       0.0.0.0/0            0.0.0.0/0          tcp dpt:22 to:192.168.1.2:22 
    0     0 DNAT       udp  --  ppp0   *       0.0.0.0/0            0.0.0.0/0          udp dpts:6881:6889 to:192.168.1.2:6881-6889 
    0     0 DNAT       tcp  --  ppp0   *       0.0.0.0/0            0.0.0.0/0          tcp dpts:6881:6889 to:192.168.1.2:6881-6889 
  667 51333 UPNP       all  --  ppp0   *       0.0.0.0/0                 

Chain POSTROUTING (policy ACCEPT 2432 packets, 723K bytes)
 pkts bytes target     prot opt in     out     source               destination         
 2281  150K MASQUERADE  all  --  *      ppp0    0.0.0.0/0            0.0.0.0/0          

Chain OUTPUT (policy ACCEPT 2567 packets, 732K bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain UPNP (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain INPUT (policy ACCEPT 128K packets, 5646K bytes)
 pkts bytes target     prot opt in     out     source               destination         
 2354 99977 CFG        tcp  --  any    any     192.168.1.2          anywhere           tcp dpt:www Records Packet's Source Interface 

  238 22278 ACCEPT     all  --  ppp0   any     anywhere             anywhere           state RELATED,ESTABLISHED 
    9   756 ACCEPT     icmp --  ppp0   any     anywhere             anywhere           icmp echo-request state NEW 
    5   368 ACCEPT     all  --  ppp0   any     anywhere             anywhere           state RELATED,ESTABLISHED 
    0     0 ACCEPT     icmp --  any    any     anywhere             anywhere           icmp fragmentation-needed 
    1    60 ACCEPT     tcp  --  ppp0   any     anywhere             anywhere           tcp dpt:ssh 
    0     0 DROP       icmp -f  any    any     anywhere             anywhere           
  342 32171 DROP       all  --  ppp0   any     anywhere             anywhere           
    0     0 DROP       all  --  ppp0   any     anywhere             anywhere           

Chain FORWARD (policy ACCEPT 25118 packets, 3096K bytes)
 pkts bytes target     prot opt in     out     source               destination         
34612   17M ipaccount  all  --  any    any     anywhere             anywhere           
17482   14M ACCEPT     all  --  ppp0   any     anywhere             anywhere           state RELATED,ESTABLISHED 
    4   228 ACCEPT     tcp  --  ppp0   any     anywhere             192.168.1.2        tcp dpt:ssh 
    0     0 ACCEPT     udp  --  ppp0   any     anywhere             192.168.1.2        udp dpts:6881:6889 
    0     0 ACCEPT     tcp  --  ppp0   any     anywhere             192.168.1.2        tcp dpts:6881:6889 
 1331 79848 TCPMSS     tcp  --  any    ppp0    anywhere             anywhere           tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU 
    0     0 ACCEPT     icmp --  any    any     anywhere             anywhere           icmp fragmentation-needed 
    2   173 UPNP       all  --  ppp0   !ppp0   anywhere             anywhere           
    2   173 DROP       all  --  ppp0   any     anywhere             anywhere           

Chain OUTPUT (policy ACCEPT 148K packets, 24M bytes)
 pkts bytes target     prot opt in     out     source               destination         
   36 20736 ACCEPT     icmp --  any    any     anywhere             anywhere           icmp fragmentation-needed 
    0     0 DROP       icmp --  any    ppp0    anywhere             anywhere           icmp destination-unreachable 
    0     0 DROP       icmp --  any    ppp0    anywhere             anywhere           state INVALID 

Chain UPNP (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ipaccount (1 references)
 pkts bytes target     prot opt in     out     source               destination         
50767   25M            all  --  any    any     anywhere             anywhere           account: network/netmask: 192.168.1.0/255.255.255.0 name: mynetwork short-listing 

Network interface details
br0       Link encap:Ethernet  HWaddr 00:0F:3D:85:E1:84  
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:153556 errors:0 dropped:0 overruns:0 frame:0
          TX packets:172584 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:9577879 (9.1 MiB)  TX bytes:47606229 (45.4 MiB)

br1       Link encap:Ethernet  HWaddr 00:00:00:00:00:00  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

br2       Link encap:Ethernet  HWaddr 00:00:00:00:00:00  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

eth0      Link encap:Ethernet  HWaddr 00:0F:3D:85:E1:84  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:153559 errors:0 dropped:0 overruns:0 frame:0
          TX packets:172584 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:11727969 (11.1 MiB)  TX bytes:47606229 (45.4 MiB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:18 errors:0 dropped:0 overruns:0 frame:0
          TX packets:18 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:1656 (1.6 KiB)  TX bytes:1656 (1.6 KiB)

nas0      Link encap:Ethernet  HWaddr 00:00:02:03:04:05  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:35993 errors:0 dropped:0 overruns:0 frame:0
          TX packets:34867 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:22245581 (21.2 MiB)  TX bytes:4399301 (4.1 MiB)

ppp0      Link encap:Point-to-Point Protocol  
          inet addr:  P-t-P:163.121.171.38  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1400  Metric:1
          RX packets:27556 errors:0 dropped:0 overruns:0 frame:0
          TX packets:26430 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:21636930 (20.6 MiB)  TX bytes:3187092 (3.0 MiB)


System Log
May  2 00:48:14 | Valid Configuration Tree 
May  2 00:48:14 | NTP Polling Timer for DHCP Started succesfully. 
May  2 00:48:14 | DSL Polling Timer Started succesfully. 
May  2 00:48:14 | PSP Boot environment  Modem Modulation Change: 0x1 
May  2 00:48:14 | Firewall NAT service started 
May  2 00:48:14 | Bridge Created: br0 
May  2 00:48:16 | Bridge VLAN0 add eth0 
May  2 00:48:16 | Bridge VLAN AUTO OFF. 
May  2 00:48:16 | Bridge Created: br1 
May  2 00:48:18 | Bridge Created: br2 
May  2 00:48:19 | Bridge Interface Added: eth0 
May  2 00:48:21 | USB is disabled  
May  2 00:48:24 | DSL Carrier is down 
May  2 00:48:30 | password auth succeeded for 'root' from 192.168.1.2:48946 
May  2 00:48:44 | DSL Carrier is up 
May  2 00:48:44 | sar read trained mode (1)(ADSL_G.dmt) 
May  2 00:48:45 | ---}}} Start of connection delayed for 6 sec 
May  2 00:48:51 | PPPoE Launch after conn delay timeout ... 
May  2 00:48:52 | pppd 2.4.4 started by root, uid 0 
May  2 00:48:52 | Got connection: a695 
May  2 00:48:52 | New PPP_ID: 0xa695  
May  2 00:48:52 | Saved Session ID: 0 
May  2 00:48:52 | AC MAC address: 00-27-0c-56-94-1a 
May  2 00:48:52 | Connect: ppp0 {--} nas0 
May  2 00:48:53 | PAP authentication succeeded 
May  2 00:48:53 | local  IP address  
May  2 00:48:53 | remote IP address  [blanked] 
May  2 00:48:53 | PPPoE Connect with IP Address   
May  2 00:48:53 | PPPoE Connection Successfully Established  
May  2 00:48:53 | Renew PPPoE Session ID: 0xa695  
May  2 00:48:53 | PPPoE Connect with Gateway IP Address:  [blanked] 
May  2 03:48:55 | DDNS noip: Update error : : Bad hostname. 
May  2 03:48:56 | miniupnpcmd.sh: upnpd initialized  
May  2 03:48:56 | HTTP listening on port 5000 
Sep 15 00:48:47 | onconnectWAN: Starting darkstat ("-i ppp0 --hosts-max 256 --ports-max 80").  
Sep 15 00:48:56 | onconnectWAN: cron has been disabled in the bootloader environment.  
Sep 15 00:51:04 | password auth succeeded for 'root' from 192.168.1.2:49007 
Sep 15 00:55:15 | DDNS: Set Force Update for service noip 
Sep 15 00:55:16 | DDNS noip: Update Successful ip  from ppp0 
Sep 15 00:55:18 | DDNS: Set Force Update for service noip 
Sep 15 00:55:18 | DDNS noip: No Change ip  from ppp0 
Sep 15 00:55:20 | DDNS: Set Force Update for service noip 
Sep 15 00:55:21 | DDNS noip: No Change ip  from ppp0 
Sep 15 00:57:06 | password auth succeeded for 'root' from 192.168.1.2:49222 
Sep 15 01:04:02 | password auth succeeded for 'root' from 192.168.1.2:49289 
Sep 15 02:03:09 | Firewall rule SSH (ALLOW) for IP 192.168.1.2 added 
Sep 15 13:52:53 | modulation(0x1) 
Sep 15 14:48:26 | password auth succeeded for 'root' from 192.168.1.2:45959 
Sep 15 15:04:53 | Got group error |ACL locked, processing request| 
Sep 15 15:08:07 | password auth succeeded for 'root' from 192.168.1.2:46173 
Sep 15 15:23:21 | password auth succeeded for 'root' from 192.168.1.2:46295 

Miscellaneous information
RouterTech firmware release: 2.96
Connecting from: 192.168.1.1 [192.168.1.2]
Router's internal name: mygateway1.AR7RD
Linux version 2.4.17_mvl21-malta-mips_fp_le (developers at RouterTech dot Org) #1 Mon May 2 00:45:04 BST 2011
BUILD=RouterTech_3.6.0D_20110502_2.96
VERSION=3.6.0D-RouterTech-1P-Adam2
BOARD=AR7RD
TARGET=Adam2-4mb-flash
FSSTAMP=20110502004836
ROHS=0
Core logic version: 3.6.0D
Boot Loader: Adam2 v0.22.02
ATM Driver version:[7.05.01.00]
DSL HAL version: [7.05.01.00]
DSP Datapump version: [7.05.01.00] Annex A
SAR HAL version: [01.07.2c]
PDSP Firmware version:[0.54]
Chipset ID: [7300/7300A]
Ethernet ports: 1
Upstream rate (kbps):  128
Downstream rate (kbps):  512
Trained Modulation: ADSL_G.dmt
Path Mode: Interleaved
System uptime: 20hr 7min - 0 day(s), 20 hour(s), 7 minute(s), and 35 second(s) (system 99% idle)
Bandwidth usage:
	Downloads : 22.0391 MB
	Uploads   : 4.1946 MB
Line attenuation: 
	DS Line Attenuation:	16	DS Margin:		31
	US Line Attenuation:	12	US Margin:		31
Memory usage:
	In active use : 77% of 14212 kb
	Available     : 23% (3380 kb) of 14212 kb (of which 2588 kb is marked as "Inactive" and 792 kb is free)
Environment fragmentation: 
	Fragmentation level is "12" (out of 53 records). The threshold is "30".
Connection information: 
WAN Uptime: 20hr 6min 37sec
WAN IP Address: 
Connection Check #1 : 1 connection(s)
Connection Check #2 : 1 connection(s)
connection1 
Edit: sensitive data blanked out by thechief
User avatar
thechief
RouterTech Team
RouterTech Team
Posts: 12067
Joined: Wed Feb 01, 2006 10:22 pm
Location: England, the Centre of Africa
Contact:

Re: ssh from wan!

Post by thechief » Sat Sep 15, 2012 8:06 pm

1. Defragment your environment
2. I do not know what you mean by "it doesn't work" with respect to the command that you ran.
The Chief: :afro: Be sure to read the Firmware FAQ and do a Forum Search before posting!
No support via PM. Ask all questions on the open forum.
peraro
Novice
Novice
Posts: 13
Joined: Sat Jun 09, 2012 11:26 am

Re: ssh from wan!

Post by peraro » Sun Sep 16, 2012 6:03 am

Hello,

Thank you so much for helping me, but i need to understand what do you mean by "Defragment your environment"!

The second thing i mean by saying "it doesn't work" that i do this command and it appear in the environment file:

Code: Select all

setenv ip4.sh ";/sbin/iptables -I INPUT -i ppp0 -p tcp --dport 22 -j ACCEPT"

Code: Select all

System environment (/proc/sys/dev/adam2/environment)
memsize	0x01000000
flashsize	0x00400000
modetty0	38400,n,8,1,hw
modetty1	38400,n,8,1,hw
bootserport	tty0
cpufrequency	150000000
sysfrequency	125000000
bootloaderVersion	0.22.02
ProductID	AR7DB
HWRevision	Unknown
SerialNumber	none
my_ipaddress	192.168.1.199
maca	00:0F:3D:85:E1:84
prompt	Adam2_AR7DB
firstfreeaddress	0x9401d328
req_fullrate_freq	125000000
mtd0	0x9008d000,0x903f0000
mtd1	0x90010090,0x9008d000
mtd2	0x90000000,0x90010000
mtd3	0x903f0000,0x90400000
autoload	1
usb_vid	0x0
usb_pid	0x0
usb_man	N/A
usb_prod	N/A
autoload_timeout	5
mtd4	0x90010000,0x903f0000
StaticBuffer	120
vcc_encaps0	0.0
vcc_encaps1	0.0
vcc_encaps2	0.0
vcc_encaps3	0.0
vcc_encaps4	0.0
vcc_encaps5	0.0
vcc_encaps6	0.0
vcc_encaps7	0.0
modulation	0x1
connection1	0x8562

led_conf	led.500t
darkstat_enable	1
darkstat_parms	-i ppp0 --hosts-max 256 --ports-max 80
;/sbin/iptables -I INPUT -i ppp0 -p tcp --dport 22 -j ACCEPT
but after restarting my router, all rules that i have wrote are gone? and back to default. So i can't ssh because the next rule is not working (not found):

Code: Select all

iptables -I INPUT -i ppp0 -p tcp --dport 22 -j ACCEPT

Code: Select all

    0     0 ACCEPT     tcp  --  ppp0   any     anywhere             anywhere           tcp dpt:ssh 
My question is: How can i save iptables rules to be in my router configuration even after restart?

Thank you so much. :waves:
User avatar
thechief
RouterTech Team
RouterTech Team
Posts: 12067
Joined: Wed Feb 01, 2006 10:22 pm
Location: England, the Centre of Africa
Contact:

Re: ssh from wan!

Post by thechief » Sun Sep 16, 2012 1:55 pm

The Chief: :afro: Be sure to read the Firmware FAQ and do a Forum Search before posting!
No support via PM. Ask all questions on the open forum.
peraro
Novice
Novice
Posts: 13
Joined: Sat Jun 09, 2012 11:26 am

Re: ssh from wan!

Post by peraro » Sun Sep 16, 2012 2:32 pm

Thank you so much, that was very helpful. I am gonna try then tell you the result.

Thank you again :wink:
peraro
Novice
Novice
Posts: 13
Joined: Sat Jun 09, 2012 11:26 am

wrong lines in System environment (/proc/sys/dev/adam2/envir

Post by peraro » Wed Sep 19, 2012 11:05 pm

Hi all,
I added a wrong 2 lines to (/proc/sys/dev/adam2/environment), how can i delete theme? Please help i am afraid it's can't be deleted and my router was damaged!

ip4.sh;/sbin/iptables -I INPUT -i ppp0 -p tcp --dport 22 -j ACCEPT
ip4.sh/sbin/iptables -I INPUT -i ppp0 -p tcp --dport 22 -j ACCEPT



How can i do this, :shakehead:

Code: Select all

System environment (/proc/sys/dev/adam2/environment)
memsize	0x01000000
flashsize	0x00400000
modetty0	38400,n,8,1,hw
modetty1	38400,n,8,1,hw
bootserport	tty0
cpufrequency	150000000
sysfrequency	125000000
bootloaderVersion	0.22.02
ProductID	AR7DB
HWRevision	Unknown
SerialNumber	none
my_ipaddress	192.168.1.199
maca	00:0F:3D:85:E1:84
prompt	Adam2_AR7DB
firstfreeaddress	0x9401d328
req_fullrate_freq	125000000
mtd0	0x9008d000,0x903f0000
mtd1	0x90010090,0x9008d000
mtd2	0x90000000,0x90010000
mtd3	0x903f0000,0x90400000
autoload	1
usb_vid	0x0
usb_pid	0x0
usb_man	N/A
usb_prod	N/A
autoload_timeout	5
mtd4	0x90010000,0x903f0000
StaticBuffer	120
vcc_encaps0	0.0
vcc_encaps1	0.0
vcc_encaps2	0.0
vcc_encaps3	0.0
vcc_encaps4	0.0
vcc_encaps5	0.0
vcc_encaps6	0.0
vcc_encaps7	0.0
modulation	0x1
connection1	0x2c7d

led_conf	led.500t
darkstat_enable	1
darkstat_parms	-i ppp0 --hosts-max 256 --ports-max 80
ip4.sh;/sbin/iptables	  -I INPUT -i ppp0 -p tcp --dport 22 -j ACCEPT
ip4.sh/sbin/iptables	-I INPUT -i ppp0 -p tcp --dport 22 -j ACCEPT
mstombs
RouterTech Team
RouterTech Team
Posts: 3753
Joined: Wed Jan 10, 2007 11:54 pm

Re: ssh from wan!

Post by mstombs » Wed Sep 19, 2012 11:36 pm

Have you tried

Code: Select all

unsetenv 'ip4.sh;/sbin/iptables'
unsetenv 'ip4.sh/sbin/iptables'
from ssh/telnet command line?
peraro
Novice
Novice
Posts: 13
Joined: Sat Jun 09, 2012 11:26 am

Re: ssh from wan!

Post by peraro » Fri Sep 21, 2012 6:52 pm

Thank you so much mstombs, its work like a charm. I need your help in something else, i tried to make ssh from wan by using GUI like this:
snapshot.png
Press Apply.

Then this popup window came like this so i press OK.
snapshot2.png
snapshot2.png (3.98 KiB) Viewed 19458 times
After that i save my settings like this:
snapshot3.png
Press Save All.

But it's still not working, i can't access my router from WAN. No iptables rule in my iptables chains to allow this, where is the problem and how can i do tis even from CLI?

Code: Select all

Iptables chains
Chain PREROUTING (policy ACCEPT 400 packets, 34003 bytes)
 pkts bytes target     prot opt in     out     source               destination         
   48  2880 UPNP       all  --  ppp0   *       0.0.0.0/0            41.232.59.26       

Chain POSTROUTING (policy ACCEPT 435 packets, 130K bytes)
 pkts bytes target     prot opt in     out     source               destination         
  204 14008 MASQUERADE  all  --  *      ppp0    0.0.0.0/0            0.0.0.0/0          

Chain OUTPUT (policy ACCEPT 465 packets, 132K bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain UPNP (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain INPUT (policy ACCEPT 10211 packets, 451K bytes)
 pkts bytes target     prot opt in     out     source               destination         
   81 10470 ACCEPT     all  --  ppp0   any     anywhere             anywhere           state RELATED,ESTABLISHED 
 7980  337K CFG        tcp  --  any    any     192.168.1.2          anywhere           tcp dpt:www Records Packet's Source Interface 

    0     0 ACCEPT     icmp --  ppp0   any     anywhere             anywhere           icmp echo-request state NEW 
    0     0 ACCEPT     icmp --  any    any     anywhere             anywhere           icmp fragmentation-needed 
    0     0 DROP       icmp -f  any    any     anywhere             anywhere           
    0     0 DROP       all  --  ppp0   any     anywhere             anywhere           

Chain FORWARD (policy ACCEPT 36910 packets, 2283K bytes)
 pkts bytes target     prot opt in     out     source               destination         
92076   77M ipaccount  all  --  any    any     anywhere             anywhere           
55166   74M ACCEPT     all  --  ppp0   any     anywhere             anywhere           state RELATED,ESTABLISHED 
   61  3660 TCPMSS     tcp  --  any    ppp0    anywhere             anywhere           tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU 
    0     0 ACCEPT     icmp --  any    any     anywhere             anywhere           icmp fragmentation-needed 
    0     0 UPNP       all  --  ppp0   !ppp0   anywhere             anywhere           
    0     0 DROP       all  --  ppp0   any     anywhere             anywhere           

Chain OUTPUT (policy ACCEPT 13720 packets, 2435K bytes)
 pkts bytes target     prot opt in     out     source               destination         
    1   576 ACCEPT     icmp --  any    any     anywhere             anywhere           icmp fragmentation-needed 
    0     0 DROP       icmp --  any    ppp0    anywhere             anywhere           icmp destination-unreachable 
    0     0 DROP       icmp --  any    ppp0    anywhere             anywhere           state INVALID 

Chain UPNP (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ipaccount (1 references)
 pkts bytes target     prot opt in     out     source               destination         
92076   77M            all  --  any    any     anywhere             anywhere
User avatar
thechief
RouterTech Team
RouterTech Team
Posts: 12067
Joined: Wed Feb 01, 2006 10:22 pm
Location: England, the Centre of Africa
Contact:

Re: ssh from wan!

Post by thechief » Sat Sep 22, 2012 1:30 pm

If no IP addresses are specified within the IP Access List, the access control list acts as if it is disabled (until the first IP address is added). So, follow this process;
1. Check Enable Access Control to enable the access control feature. This enables the IP Access List field.
2. Enter the WAN IP address from which you will be connecting (e.g., 80.180.101.152) in the "New IP" field. Check the appropriate services for WAN (e.g., Web and TFTP), and check "Add".
3. Click "Apply" to activate temporarily the settings on the page. This WAN address is added to the IP Access List. This allows you to access your router at home from a WAN IP (80.180.101.152) via Web and TFTP. Note—the changes take effect when you click "Apply"; however, if the router configuration is not saved, these changes will be lost upon reboot.
4. To make the change permanent, save the changes.
The Chief: :afro: Be sure to read the Firmware FAQ and do a Forum Search before posting!
No support via PM. Ask all questions on the open forum.
mstombs
RouterTech Team
RouterTech Team
Posts: 3753
Joined: Wed Jan 10, 2007 11:54 pm

Re: ssh from wan!

Post by mstombs » Sat Sep 22, 2012 3:16 pm

Does it allow 0.0.0.0 as the WAN IP which would allow any? Not very secure and I have only used a single known static IP. Not the way the 'core-logic' handles remote wan access is subtly different when non-wireless, wireless and 1350 firmwares.
User avatar
thechief
RouterTech Team
RouterTech Team
Posts: 12067
Joined: Wed Feb 01, 2006 10:22 pm
Location: England, the Centre of Africa
Contact:

Re: ssh from wan!

Post by thechief » Sat Sep 22, 2012 5:14 pm

mstombs wrote:Does it allow 0.0.0.0 as the WAN IP which would allow any?
I am not sure - but I agree that it is not secure. Personally, I prefer to use OpenVPN for WAN access.
The Chief: :afro: Be sure to read the Firmware FAQ and do a Forum Search before posting!
No support via PM. Ask all questions on the open forum.
peraro
Novice
Novice
Posts: 13
Joined: Sat Jun 09, 2012 11:26 am

Re: ssh from wan!

Post by peraro » Sat Sep 22, 2012 7:06 pm

Does it allow 0.0.0.0 as the WAN IP which would allow any?
That was exactly what i need to do! I need to enable SSH to my router from ANY IP address, O.K Can we do this by using the CLI to write a command and save changes on the router configuration to be work even after reboot?
Post Reply