Hi Guys,
I created a SSH tunnel from my remote Debian 8 server to my Gargoyle router at home, this works with the following command :
ssh -p 6080 root@server.me -R 127.0.0.1:6070:0.0.0.0:22
Port 6070 is mapped to the localhost interface of the Gargoyle router, I can even set up an ssh session from the cli of the Gargoyle router to my Debian server over the SSH tunnel.
Now I've tried to create an inbound firewall rule to the mapped 6070 port, I tried it via the GUI, I tried it manually by editing the firewall config rule.
config remote_accept 'ra_6070_6070'
option local_port '6070'
option remote_port '6070'
option proto 'tcp'
option zone 'wan'
However this does not seem to work.
Troubleshooting :
- Tried to assign it to the LAN ip of the gargoyle 192.168.1.1 which works from the backend but an inbound firewall rule does not work.
- Tried differents ports for what that's worth
- Checked the authentication logs on the Debian server I don’t see any connection / login attempts
inbound firewall rule to ssh tunneled port
Moderator: Moderators
Re: inbound firewall rule to ssh tunneled port
I'm interested in why or what you are trying to do or achieve?
Re: inbound firewall rule to ssh tunneled port
Hi ispyisail,ispyisail wrote:I'm interested in why or what you are trying to do or achieve?
Thank you for taking the time to reply.
I have a Debian server on one site that is behind a premium VPN service.
Due to this I'm unable to reach the server remotely, because of this I created a SSH tunnel from behind the VPN to my home router.
This way I can reach my server through the SSH tunnel and manage the server and some of the services.
If I could create an inbound firewall rule on my home router mapped to the SSH tunneled port I could reach some services via the port mapping, however this does not seem to work.
Just to clarify I can actually reach my server from the CLI of the router (so the tunnel and ssh forwarding are working), but in that case I have to set up a SSH session to my router first which I do not prefer. An inbound firewall rule that leads to one of the SSH tunnelled /listen ports would be the solution I prefer.