Modify

Opened 6 years ago

Last modified 4 years ago

#10844 new defect

dropbear connecting problem from wan redirection port. Linksys WRT160NL

Reported by: anonymous Owned by: developers
Priority: normal Milestone: Barrier Breaker 14.07
Component: packages Version: 10.03.1
Keywords: dropbear ssh port forwardinf luci Cc:

Description

Hi all,
I have created in a recently installed (OpenWRT 10.03.1 on a Linksys WRT160NL) a second dropbear instance listening on a non standard port (2223) of the WAN interface via Luci web interface. Then I've allowed that traffic on externeal port 9999 to go through from an internal dropbear listening port 2223 in the firewall. When I try to connect from outside I receive no response.
So it goes in Luci (Network -> Firewall) like:
Name:sshext
Protocol: TCP
Source: wan:0.0.0.0/0:9999
via: wan:0.0.0.0/0:2223
Destination: 192.168.1.1 (the router LAN ip address)

If I try to connect from inside LAN to the dropbear instance running in the port 22 it works.
It worked fine also in 10.03.1-RC4
I tried to reflash tfrom scratch twice with no success

Could you pease help me?

Thanks ins advance

Attachments (0)

Change History (5)

comment:1 Changed 6 years ago by philip.petev@…

I have the same problem with TP-Link TL-WR1043ND 1.x with backfire 10.03.1 final. I get the same messages, when I try to connect from outside and the only way to make it work is to restart the dropbear service. Until next dropbear fault...

comment:2 follow-up: Changed 6 years ago by anonymous

got the same problem
dropbear ist bound to ip 1.1.1.1
after 24h disconnect the router gets a new IP 2.2.2.2
but dropbear is still listening on 1.1.1.1
so a connect cant be done because of rejection the wrong address (2.2.2.2) it wasn't bound on

comment:3 in reply to: ↑ 2 ; follow-up: Changed 6 years ago by anonymous

Replying to anonymous:

got the same problem
dropbear ist bound to ip 1.1.1.1
after 24h disconnect the router gets a new IP 2.2.2.2
but dropbear is still listening on 1.1.1.1
so a connect cant be done because of rejection the wrong address (2.2.2.2) it wasn't bound on

It sounds like my problem too.
My setup:
HW: TP-Link TL-WR1043ND 1.0 and 1.8
OS: Openwrt Backfire 10.03.1 final

Reproducibility: Allways

Steps to reproduce:
1) Flash a fresh openwrt on the router.
2) Set root password.
3) Separate wan and LAN dropbear by configure a new instance for LAN.
4) Restart router.

Actual results: After a IP change on the WAN Interface dropbear still listen on the start IP.
Expected results: Dropbear listen on the changed WAN IP.
Workaround:
1st) Create a hotplug.d script to restart dropbear.
2nd) Don't create any new instance for dropbear.

This work for me:

cat /etc/hotplug.d/iface/35-dropbear

#!/bin/sh

if [ "$ACTION" = "ifup" ]; then
        /etc/init.d/dropbear restart
fi

Ist GPL code from me, so anyone can use it for free. ;-)
Tnx to the openwrt team for great work.

comment:4 in reply to: ↑ 3 Changed 6 years ago by anonymous

Replying to anonymous:
Meybe is this better:

cat /etc/hotplug.d/iface/35-dropbear

 #!/bin/sh

if [ "$ACTION" = "ifup" ] && [ "$INTERFACE" = "wan" ]; then
         sleep 5
         /etc/init.d/dropbear restart
 fi

It restart dropbear only if "wan" came up and wait 5 seconds before do this.

Tnx to the openwrt team for great work.

+1

comment:5 Changed 4 years ago by jow

  • Milestone changed from Attitude Adjustment 12.09 to Barrier Breaker 14.07

Milestone Attitude Adjustment 12.09 deleted

Add Comment

Modify Ticket

Action
as new .
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.