I have been working on creating a tunnel out of a corp network using port 443 and connecting over the internet to my openssh server (with a gargoyle router in front of it) on port 443 (and then tunnelling back but thats irrelevant at the moment).
I changed my management port in the router from https on port 443 to port 444 and setup a port forward rule in the gui to point to the right internal address.
After signficant time trying i couldnt get a connection, but i could see it leave the corporate network, get rejected but not have any information in the log of the router.
I have checked through ssh on the router the /etc/config/firewall config file and have found that even though i changed 443 from the remote access port to 444, it still remained in the config.
Code: Select all
config remote_accept 'ra_443_443'
option local_port '443'
option remote_port '443'
option proto 'tcp'
option zone 'wan'
Code: Select all
config remote_accept 'ra_444_444'
option local_port '444'
option remote_port '444'
option proto 'tcp'
option zone 'wan'
i went through and commented out each line i didnt want in these rules
Code: Select all
#config remote_accept 'ra_443_443'
#option local_port '443'
#option remote_port '443'
#option proto 'tcp'
#option zone 'wan'
This instantly started working for me with my tunnelling.
What concerns me is not that its not working, but:
- Is commenting the rule out going to break anything else - it doesnt appear to have just yet
- why did it leave behind the old config at all after it was change din the gui?