Gargoyle Forum

A forum to discuss the Gargoyle web interface for Openwrt
https://www.gargoyle-router.com/phpbb/

Port Forward / Manual Config change

https://www.gargoyle-router.com/phpbb/viewtopic.php?t=11107

Page 1 of 1

Port Forward / Manual Config change

Posted: Tue Jul 04, 2017 10:37 pm
by davereid
Hi All,
I have been working on creating a tunnel out of a corp network using port 443 and connecting over the internet to my openssh server (with a gargoyle router in front of it) on port 443 (and then tunnelling back but thats irrelevant at the moment).

I changed my management port in the router from https on port 443 to port 444 and setup a port forward rule in the gui to point to the right internal address.

After signficant time trying i couldnt get a connection, but i could see it leave the corporate network, get rejected but not have any information in the log of the router.

I have checked through ssh on the router the /etc/config/firewall config file and have found that even though i changed 443 from the remote access port to 444, it still remained in the config.

Code: Select all

config remote_accept 'ra_443_443'
option local_port '443'
option remote_port '443'
option proto 'tcp'
option zone 'wan'
but it also created directly below it the changed details.

Code: Select all

config remote_accept 'ra_444_444'
option local_port '444'
option remote_port '444'
option proto 'tcp'
option zone 'wan'
This is the same for the config remote_accept 'ra_80_80' I want this on a different port and its in the config twice - once as the old and once as the new config.

i went through and commented out each line i didnt want in these rules

Code: Select all

#config remote_accept 'ra_443_443'
#option local_port '443'
#option remote_port '443'
#option proto 'tcp'
#option zone 'wan'
and ran /etc/init.d/firewall restart

This instantly started working for me with my tunnelling.

What concerns me is not that its not working, but:
  1. Is commenting the rule out going to break anything else - it doesnt appear to have just yet
  2. why did it leave behind the old config at all after it was change din the gui?
thanks

Re: Port Forward / Manual Config change

Posted: Wed Jul 05, 2017 12:28 am
by ispyisail
I'm working on a similar problem
corp network
Can use deep packed inspection and block openvpn

But you/we might have better luck with "stunnel"

https://www.datenzone.de/blog/2012/01/i ... n-openwrt/

Re: Port Forward / Manual Config change

Posted: Wed Jul 05, 2017 12:32 am
by ispyisail
re-read your post

failsafe reset or reflash your router

The config can get corrupt especially openvpn

When its up and running its rock solid

Re: Port Forward / Manual Config change

Posted: Wed Jul 05, 2017 12:43 am
by Lantis
I'll also chime in that you should be using the gargoyle firewall restart scripts, not the init.d ones.

Re: Port Forward / Manual Config change

Posted: Wed Jul 05, 2017 1:14 am
by davereid
Thanks all for your responses:
Lantis wrote:I'll also chime in that you should be using the gargoyle firewall restart scripts, not the init.d ones.
ok i will do in future thank you
ispyisail wrote:re-read your post

failsafe reset or reflash your router

The config can get corrupt especially openvpn

When its up and running its rock solid
thanks - im not using openvpn though - im using openssh (minor difference - i know..) do you think the config is becoming / is currently corrupt.
ispyisail wrote:I'm working on a similar problem
corp network
Can use deep packed inspection and block openvpn

But you/we might have better luck with "stunnel"

https://www.datenzone.de/blog/2012/01/i ... n-openwrt/
well yes - thats also an issue that the traffic is getting identified as SSH and that is on the forbiden apps list :) but this is more about the actual setup rather than the obfuscation :D
All times are UTC-04:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited