[tomato] Help with Opening Port 22 / Forwarding SSH to Internal IP

2 posts / 0 new
Last post
mbnw
mbnw's picture
[tomato] Help with Opening Port 22 / Forwarding SSH to Internal IP

I recently installed the latest Tomato Shibby firmware and it seems I am having trouble opening port 22 through the firewall, and was wondering if anyone could point me in the right direction with Tomato after 2 hrs of searching and not finding the right info.

  1. With both the stock firmware and WW-DRT I was able to add a port forward entry for port 22 to point to the IP of the machine I want handling external SSH requests (A gitolite server).
  2. However, with Tomato, I am unable to handle any external SSH requests at all, UNLESS I enable DMZ and uncheck "Leave Remote Access" in the DMZ settings. (The router blocks the connection, external SSH to my IP responds with a connection refused). 

I would prefer not to enable DMZ and just use a simple one line port forward entry, however it seems that Tomato has some other layer of access control happening (Not in the firewall, not in the remote admin access) That prevents or blocks port 22 from being passed on. 

Note that even if I setup a different external port (e.g. Forward port 2222 to port 22), It acts like the router is still refusing the SSH connection entirely at a protocol level. If I enable the internal SSH service and remote access, etc It doesn't seem to have an affect on this. Only the "Leave remote access" checkbox seems to work to allow SSH to be passed on.

Does anyone have any info on this? Is there a manual configuration to be made that is not available in the GUI? 

To clearly describe what I am after:

I want to forward external SSH requests through the router to a static IP on the internal LAN. I do not want to access the router's SSH admin remotely.

Thanks for any Help!

mbnw
mbnw's picture
One additional Odd Note -

One additional Odd Note -

  • If I Set DMZ to point to a bogus IP, and create a port forward entry for port 22, It still does not work. 
  • It seems that SSH passing through the router only works with the DMZ.

Please advise if there is a way to do this with port forward entries. Thanks!