小米路由器_r2d:允许远程访问_ssh_端口
小米路由器R2D允许远程访问ssh端口
默认小米路由器R2D是不允许WAN口访问SSH端口的,自己反正拿来玩放着当网络SMB盘的,如果使用中继模式,好多东西又受限,最好的就是能远程访问SSH端口了。
直接使用iptables命令添加的话,重启就清掉配置了,我们如果需要静态的,需要把自定义防火墙规则写入这个文件。
#/etc/firewall.user
*添加如下规则
root@XiaoQiang:/etc# cat firewall.user #enable access ssh from wan iptables -I INPUT -p tcp --dport 22 -m comment --comment "router-ssh" -j ACCEPT iptables -I INPUT -p tcp --dport 4200 -m comment --comment "webshell" -j ACCEPT
然后运行重启防火墙,载入自定义规则生效。
root@XiaoQiang:/etc/init.d# ./firewall restart refers to not existing zone 'guest' refers to not existing zone 'guest' refers to not existing zone 'guest' * Flushing IPv4 filter table * Flushing IPv4 nat table * Flushing IPv4 mangle table * Flushing IPv4 raw table * Flushing IPv6 filter table * Flushing conntrack table ... * Populating IPv4 filter table * Zone 'lan' * Zone 'wan' * Zone 'ready' * Rule 'Allow-DHCP-Renew' * Rule 'Allow-Ping' * Rule 'shuijing wan accept tcp port 4593' * Rule 'shuijing wan accept udp port 4693' * Rule 'DHCP for ready' * Rule 'DHCP for ready' * Rule 'tbus for ready' * Rule 'tbus for ready' * Redirect 'nxdomain' * Forward 'lan' -> 'wan' * Populating IPv4 nat table * Zone 'lan' * Zone 'wan' * Zone 'ready' * Redirect 'nxdomain' * Populating IPv4 mangle table * Zone 'lan' * Zone 'wan' * Zone 'ready' * Populating IPv4 raw table * Zone 'lan' * Zone 'wan' * Zone 'ready' * Set tcp_ecn to off * Set tcp_syncookies to on ! Unable to write value /proc/sys/net/ipv4/tcp_syncookies: No such file or directory * Set tcp_window_scaling to on * Running script '/lib/firewall.sysapi.loader webinitrdr' * Running script '/lib/firewall.sysapi.loader dnsmiwifi' * Running script '/lib/firewall.sysapi.loader portalfilter' * Running script '/lib/firewall.sysapi.loader macfilter' * Running script '/lib/firewall.sysapi.loader miqos' * Running script '/etc/firewall.user' * Running script '/lib/firewall.sysapi.loader dmz_bypass_ctf' * Running script '/lib/firewall/rr.load reload' ! Skipping /lib/firewall/rr.load due to path error: No such file or directory * Running script '/usr/share/miniupnpd/firewall.include' * Running script '/lib/firewall/ctf_manager.loader' [ctf_mgr] rule list: http [ctf_mgr] service list: rule_mgr http_stat http_content_type http_client_detect [ctf_mgr] proto:tcp [ctf_mgr] port:80 [ctf_mgr] rule:http, rule_switch=1 [ctf_mgr] add rule:http proto:tcp, port:80 to SKIPCTF.
再从外部测试端口开放状态,结果显示正常。
C:\Users\admin>psping 192.168.8.113:4200 PsPing v2.10 - PsPing - ping, latency, bandwidth measurement utility Copyright (C) 2012-2016 Mark Russinovich Sysinternals - www.sysinternals.com TCP connect to 192.168.8.113:4200: 5 iterations (warmup 1) ping test: Connecting to 192.168.8.113:4200 (warmup): from 192.168.8.33:63204: 0.50ms Connecting to 192.168.8.113:4200: from 192.168.8.33:63208: 0.38ms Connecting to 192.168.8.113:4200: from 192.168.8.33:63212: 0.42ms Connecting to 192.168.8.113:4200: from 192.168.8.33:63215: 0.45ms Connecting to 192.168.8.113:4200: from 192.168.8.33:63219: 0.38ms TCP connect statistics for 192.168.8.113:4200: Sent = 4, Received = 4, Lost = 0 (0% loss), Minimum = 0.38ms, Maximum = 0.45ms, Average = 0.41ms C:\Users\admin>psping 192.168.8.113:22 PsPing v2.10 - PsPing - ping, latency, bandwidth measurement utility Copyright (C) 2012-2016 Mark Russinovich Sysinternals - www.sysinternals.com TCP connect to 192.168.8.113:22: 5 iterations (warmup 1) ping test: Connecting to 192.168.8.113:22 (warmup): from 192.168.8.33:64438: 0.40ms Connecting to 192.168.8.113:22: from 192.168.8.33:64442: 0.38ms Connecting to 192.168.8.113:22: from 192.168.8.33:64446: 0.36ms Connecting to 192.168.8.113:22: from 192.168.8.33:64448: 0.39ms Connecting to 192.168.8.113:22: from 192.168.8.33:64452: 0.42ms TCP connect statistics for 192.168.8.113:22: Sent = 4, Received = 4, Lost = 0 (0% loss), Minimum = 0.36ms, Maximum = 0.42ms, Average = 0.39ms
–Macro(讨论) 2018年7月12日 (四) 14:03 (CST)
同理,如果需要网页管理界面,再添加一条80的端口规则即可。
iptables -I INPUT -p tcp --dport 80 -m comment --comment "router-webadmin" -j ACCEPT
记得重启防火墙生效。
#/etc/init.d/firewall restart
小米路由器_r2d/允许远程访问_ssh_端口.txt · 最后更改: 2019/09/30 21:46 由 127.0.0.1