[Solved]Opening ports on firewall and redirecting them

Hello,
I want to ask you for help with firewall configuration. I want to acces my Turris from the internet via SSH, but i don’t want to open port 22 or port 80. So i configured rules in firewall they worked and after restart they stoped working.

Here are rules from /etc/config/firewall

config redirect
option target 'DNAT’
option src 'wan’
option proto 'tcp’
option src_port '45867’
option dest_port '22’
option name ‘SSH’

config rule
option target 'ACCEPT’
option src 'wan’
option proto 'tcp’
option src_port '45867’
option name ‘SSH-ACCEPT’

config redirect
option target 'DNAT’
option src 'wan’
option proto 'tcp’
option src_port '45866’
option dest_port '80’
option name ‘WEB’

config rule
option target 'ACCEPT’
option src 'wan’
option proto 'tcp’
option src_port '45866’
option name ‘WEB-ACCEPT’

Thank you for help.

I think you are missing option dest 'network-name' . You have to define source-network:port / destination-network:port (or for “all” you can use “*” )
Also for SSH from internet you have to take care of Honeypot (if activated).
Here are my DNAT rules with your remote port :wink:

config redirect
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'
        option proto 'tcp'
        option src_dport '22'
        option dest_port '58732'   ## flushed and collected by honeypot and send to Turris
        option name 'SSHoneyPot'

config redirect
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'
        option proto 'tcp'
        option src_dport '45867'  ## remote port for accessing ssh service running ...
        option dest_port '22'       ## on port 22
        option name 'SSHPortFwd'

OK man I really want to thank you. Looks like problem wasn’t in option dest but in src_dport in my config i had src_port, now ports are open and everything works.

Thank you for help I am going to setup honeypot on standart ports.

I’m glad to help. Mark the thread [solved] once you have it working. Of course if you have still some issue, let us know.