OpenWrt has a very good firewall. It has several layers which you can configure. To connect to SSH in your router from the outside world, execute the following steps.
1. Configure your dropbear
Dropbear, the SSH server of OpenWrt, is probably already installed on your router when you have installed OpenWrt. By default, it allows connections from your LAN to the router on port 22. In this example we will change the port to 1422. The reason for this is to make it harder to find the SSH server and people might start hammering it, which we don’t want.
To change the port to 1422, open /etc/config/dropbear and change the port value to 1422. Also add this line:
option 'GatewayPorts' 'on'
This option will make sure that dropbear allows external connections to the dropbear deamon.
2. Configure your firewall
Open /etc/config/firewall and add the following lines:
config 'rule' option 'src' 'wan' option 'dest_port' '1422' option 'target' 'ACCEPT' option 'proto' 'tcp'
This rule tells the firewall that it can allow incoming traffic of the WAN interface on port 1422.
You’re done! Traffic at port 1422 will arrive at your router and therefore you can now connect to SSH on the OpenWrt router from the internet.
If you like this post, please drop a line! To find more about OpenWrt on my blog, click on the tag OpenWrt in this article.
The above post applies to OpenWrt Backfire 10.03.1