-
August 9th, 2006, 05:41 PM
#1
Member
Possible to trigger port 22?
I have been up really late last night and need some clearification on this.
I am trying to SSH into my machine at home but want it too look like it is coming from port 443 so people won't try to exploit my ssh port.
So here is the question,
Can I port trigger port 22 connecting using port 443. I am trying to do this in putty. If it is possible, how would I set this up since I can't seem to make heads or tales out of it
I am using the Hyperwrt firmware on my WRT54GS router.
I tried triggering port 22 and forwarding 443 under port trigger
and I forwarded port 22 under port forwarding but it doesn't seem to work.
Thanks
Enforcer
-
August 9th, 2006, 05:52 PM
#2
I tried triggering port 22 and forwarding 443 under port trigger
NE- You are doing it the wrong way.. You need to setup port 443 to forward to port 22.
Meaning that external to your network you connect to your router ip at port 443.
The router will then forward that traffic to your internal system ip(192.168.x.x) at port 22.
It is still pretty easy for an experienced person, or a good scanning tool to detect that port 443 is open. If you are outputting sometype of banner you can easily tell that somebody has just changed the SSL port..
it should stop auto scanners though.
I'm not sure about that specific firmware, but you usually have to enable anonymous WAN requests on linksys routers to get port forwarding to work.
-
August 9th, 2006, 06:05 PM
#3
Member
I currently can connect on port 22 to my box. So forwarding isn't a problem it's trying to "knock" on port 22 with port 443.
So please correct me if I am wrong.
First setup forwarding to allow port 22 to my machine on the inside of my router
set the port triggering to trigger port 443 and forward 22
So if I try to connect to my IP with port 443m the router should see that there is a request for port 22 and will allow the traffic
Internet request to my network on port 443 -> Firewall/Router -> Sees port 443 and forwards to port 22
is that correct?
Thanks again.
Enforcer
-
August 9th, 2006, 06:33 PM
#4
I think you are confused about how your router works.. First off, if a machine is connected to the LAN side of the router all of the ports are open. You do not have to do any port rules or anything for traffic that is on the lan side of the router.
So you should not setup triggering for port 22 at all. All triggering port 22 does is allow somebody to knock at port 22 and the router will open up and allow it through if it sees a corresponding outbound connection on port 22.
Example- I'm using SMTP on port 25 on 192.168.1.2, a local network machine. 192.168.1.2 sends an smtp packet to www.mail.com. www.mail.com responds to my ISP IP address. My router knows that 192.168.1.2 sent port 25 traffic to www.mail.com so port 25 is triggered open and the router forwards all of the port 25 traffic to 192.168.1.2. Port triggering will not work a connection that you are attempting to open from the outside.
What you want to do is this-
On your router setup port forwarding, which is different than port triggering, to forward all data at port 443 to port 22 of 192.168.1.2(or whatever your LAN machine IP is).
Then when you open up your SSH session you will want to specify your public IP at port 443.
You need to make sure that the linksys has allow anonymous wan traffic enabled. You are complicating the issue by looking at port triggering which is not used to allow inbound connections.
-
August 9th, 2006, 07:45 PM
#5
NE- I just re-read your second post and when you say you can connect on port 22 I was initially thinking you meant inside of your firewall. If you meant that you can connect to port 22 externally to your firewall that is because you have port 22 forwarded.
Mentioned here-
First setup forwarding to allow port 22 to my machine on the inside of my router
The easiest thing for you to do is remove the port triggering rule you have mentioned above, and then change the external port on the forwarding rule you currently have defined to 423. The internal port on the same rule should read 22.
You should then be able to connect to your machine, from outside of your router using port 423. Port 22 will no longer work from outside of your router.
From your original post you said you wanted to make it look like the traffic is coming from 443. If you setup the forwarding like above your connection between your client and the firewall will be over port 443. The router will talk to your home machine over post 22.
ssh clients give you a port option.
Let me know if this isn't what you meant.
-
August 10th, 2006, 12:29 AM
#6
Why dont you just start the SSH server on port 443? If its OpenSSH, its one of the first options in the config file. That would accomplish what you are trying to do.
-
August 10th, 2006, 02:49 AM
#7
Junior Member
This to me is the best to go. Change the port number on your config file to whatever port you want.
Salmos 23:4 Aunque ande en el valle de sombra profunda, no temo nada malo, porque tu estas conmigo; tu vara y cayado son las cosas que me consuelan.
-
August 10th, 2006, 04:43 PM
#8
Member
Thanks for the input everyone.
Thanks Again,
Network Enforcer
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|