mpmackenna Posted December 2, 2017 Share Posted December 2, 2017 I powered up my Packet Squirrel and connected to the LAN port. I verified that I could log in and changed the root password. I then connected the WAN port to my network and verified that the Packet Squirrel obtained an IP address from DHCP and I am able to ping that address. However, port 22 is not responding when I tried to ssh to the WAN port from another machine. I ran nmap and it says port 22 is closed. I am guessing this is an iptables issue of some sort since everything works fine when conneccting to the LAN port. Any ideas on how I can further troubleshoot the issue. I looked at iptables chains listed on the Packet Squirrel and I am having a hard time making sense of them. I am not even sure if that is the issue. I did upgrade the firmware to version 1.2 and that didn't seem to help. I've considered running the factory reset tool but that seems like overkill since I can connect to the device over the LAN port. Link to comment Share on other sites More sharing options...
Sebkinne Posted December 2, 2017 Share Posted December 2, 2017 Hi there, You'd have too change the /etc/config/firewall file to allow incoming connections on the WAN side. We usually don't want that, so we have it disabled by default. Link to comment Share on other sites More sharing options...
Dave-ee Jones Posted December 4, 2017 Share Posted December 4, 2017 Could he just create another payload then start the SSH server after the PS has it's IP? E.g. NETMODE NAT sleep 3 /etc/init.d/sshd start & That obviously wouldn't be run in Arming mode, but it would still work when using a payload instead, right? Link to comment Share on other sites More sharing options...
Sebkinne Posted December 4, 2017 Share Posted December 4, 2017 23 minutes ago, Dave-ee Jones said: Could he just create another payload then start the SSH server after the PS has it's IP? E.g. NETMODE NAT sleep 3 /etc/init.d/sshd start & That obviously wouldn't be run in Arming mode, but it would still work when using a payload instead, right? NETMODE NAT doesn't allow SSHing in via WAN side :) Link to comment Share on other sites More sharing options...
Dave-ee Jones Posted December 4, 2017 Share Posted December 4, 2017 1 hour ago, Sebkinne said: NETMODE NAT doesn't allow SSHing in via WAN side :) Okie. It's just that it seems like a logical thing to do seeing as other PCs on the network might need to connect to the PS's web server, SSH server or something like that. Unless it's only affecting SSH? I can't see how, but could be possible. My payload that I'm working on (equivalent of WabbitWeb but for the PS, but upgraded ) makes use of other computers being able to see the PS's web server. Link to comment Share on other sites More sharing options...
Sebkinne Posted December 4, 2017 Share Posted December 4, 2017 2 minutes ago, Dave-ee Jones said: Okie. It's just that it seems like a logical thing to do seeing as other PCs on the network might need to connect to the PS's web server, SSH server or something like that. Unless it's only affecting SSH? I can't see how, but could be possible. My payload that I'm working on (equivalent of WabbitWeb but for the PS, but upgraded ) makes use of other computers being able to see the PS's web server. It's not just affecting SSH. All incoming (non established) traffic to the WAN port will be dropped. This is obviously not the case for the LAN port. Edit: If you want to manage your PS from a computer on the WAN, either change the firewall rules, or use a reverse ssh session. Link to comment Share on other sites More sharing options...
Dave-ee Jones Posted December 4, 2017 Share Posted December 4, 2017 6 minutes ago, Sebkinne said: It's not just affecting SSH. All incoming (non established) traffic to the WAN port will be dropped. This is obviously not the case for the LAN port. Edit: If you want to manage your PS from a computer on the WAN, either change the firewall rules, or use a reverse ssh session. So PCs on the local network can still see it, it's just external connections that cannot. Makes sense though, wouldn't want random peeps on the internet messing around with my payloads and doing something like rm -r \ ... Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.