Buenas @Theliel Aqui ese par de pasos o tres: 1- "router, Maintenance -> Remote MGMT -> SSH -> Cambia el acceso WAN a All, y en filter en Firewall elimina las reglas, de estar, para el acceso por SSH, eso te permitiría acceder por ssh desde fuera de la red" en Remote MGMT / ssh Server Access = lan&wan Secured Client IP Address:Lan All Secured Client IP Address:Wan All (estaba en range y cambio a ALL) aplico cambios en Firewall Rules otra torta en el morro, todo lo que yo desactivé el otro día (pantallazo "5º firewall / rules") vuelve a estar activo; desactivo de nuevo lo relativo al 22/ssh tengo pantallazo. ¿Será que realmente conviene desactivar TR069? 2º Firmware Version: ES_B21 en el browser: 92.168.1.100 It works! This is the default web page for this server. iptables -nvL juan@juan-compaq:~$ ssh -l 1234 -p 22 192.168.1.1 1234@192.168.1.1's password: >sh Password:# # iptables -nvL Chain INPUT (policy ACCEPT 28 packets, 6151 bytes) pkts bytes target prot opt in out source destination 6402 588K VOIP_INPUT tcp -- * * 0.0.0.0/0 0.0.0.0/0 657 220K VOIP_INPUT udp -- * * 0.0.0.0/0 0.0.0.0/0 40 1280 ACCEPT 2 -- * * 0.0.0.0/0 0.0.0.0/0 7111 815K CWMP_CR all -- * * 0.0.0.0/0 0.0.0.0/0 7118 817K DOS_INPUT all -- * * 0.0.0.0/0 0.0.0.0/0 7114 816K DHCP_RELAY all -- * * 0.0.0.0/0 0.0.0.0/0 7114 816K ACL all -- * * 0.0.0.0/0 0.0.0.0/0 4041 534K FrwlInChk all -- * * 0.0.0.0/0 0.0.0.0/0 Chain FORWARD (policy ACCEPT 4114 packets, 644K bytes) pkts bytes target prot opt in out source destination 0 0 TCPMSS tcp -- * eth0.2 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU 0 0 TCPMSS tcp -- * eth0.3 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU 217 13020 TCPMSS tcp -- * ppp100 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU 0 0 RETURN udp -- !br+ * 0.0.0.0/0 0.0.0.0/0 destination IP range 224.0.0.0-239.255.255.255 2 754 DROP udp -- !br+ !br+ 0.0.0.0/0 0.0.0.0/0 udp dpt:68 8562 2315K DOS_FORWARD all -- * * 0.0.0.0/0 0.0.0.0/0 4114 644K Parental_Ctrl all -- br+ * 0.0.0.0/0 0.0.0.0/0 8562 2315K UPNP_PRE all -- * * 0.0.0.0/0 0.0.0.0/0 8562 2315K ADDRMAP_FORWARD all -- * * 0.0.0.0/0 0.0.0.0/0 8562 2315K ipfilter_chain all -- * * 0.0.0.0/0 0.0.0.0/0 1492 289K url_filter_chain tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 80 7949 2253K app_filter_chain tcp -- * * 0.0.0.0/0 0.0.0.0/0 576 55719 app_filter_chain udp -- * * 0.0.0.0/0 0.0.0.0/0 8562 2315K PORT_FORWARDING all -- * * 0.0.0.0/0 0.0.0.0/0 8474 2310K DEFAULT_SERVER all -- * * 0.0.0.0/0 0.0.0.0/0 4114 644K FrwlForwardInChk all -- br0 * 0.0.0.0/0 0.0.0.0/0 4360 1666K FrwlForwardInChk all -- ppp100 * 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT 5155 packets, 9667K bytes) pkts bytes target prot opt in out source destination 5131 9662K FrwlOutChk all -- * * 0.0.0.0/0 0.0.0.0/0 Chain ACL (1 references) pkts bytes target prot opt in out source destination 3065 280K acl_chain tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 80,443,23,21,22,161,53 1 118 acl_chain udp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 80,443,23,21,22,161,53 0 0 acl_chain icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 Chain ADDRMAP_FORWARD (1 references) pkts bytes target prot opt in out source destination Chain CWMP_CR (1 references) pkts bytes target prot opt in out source destination Chain DEFAULT_SERVER (1 references) pkts bytes target prot opt in out source destination Chain DHCP_RELAY (1 references) pkts bytes target prot opt in out source destination Chain DOS_FORWARD (1 references) pkts bytes target prot opt in out source destination Chain DOS_INPUT (1 references) pkts bytes target prot opt in out source destination Chain FrwlForwardInChk (2 references) pkts bytes target prot opt in out source destination 4360 1666K ACCEPT all -- ppp100 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 DROP tcp -- br0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:23 0 0 DROP udp -- br0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:23 0 0 DROP tcp -- br0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:161 0 0 DROP udp -- br0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:161 4114 644K FrwlOutChk all -- br0 * 0.0.0.0/0 0.0.0.0/0 0 0 FrwlOutChk tcp -- ppp100 * 80.58.63.128/25 0.0.0.0/0 tcp dpt:7547 0 0 FrwlOutChk icmp -- ppp100 * 0.0.0.0/0 0.0.0.0/0 icmp type 8 0 0 FrwlOutChk tcp -- ppp100 * 80.58.63.128/25 0.0.0.0/0 tcp dpt:22 0 0 FrwlOutChk tcp -- ppp100 * 172.20.25.0/24 0.0.0.0/0 tcp dpt:22 0 0 FrwlOutChk tcp -- ppp100 * 172.20.45.0/24 0.0.0.0/0 tcp dpt:22 0 0 FrwlOutChk tcp -- ppp100 * 193.152.37.192/28 0.0.0.0/0 tcp dpt:22 0 0 FrwlOutChk tcp -- ppp100 * 80.58.63.128/25 0.0.0.0/0 tcp dpt:443 0 0 FrwlOutChk tcp -- ppp100 * 172.20.25.0/24 0.0.0.0/0 tcp dpt:443 0 0 FrwlOutChk tcp -- ppp100 * 172.20.45.0/24 0.0.0.0/0 tcp dpt:443 0 0 FrwlOutChk tcp -- ppp100 * 193.152.37.192/28 0.0.0.0/0 tcp dpt:443 0 0 LOG tcp -- ppp100 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02 limit: avg 6/hour burst 5 LOG flags 0 level 1 prefix `Intrusion -> ' 0 0 DROP all -- ppp100 * 0.0.0.0/0 0.0.0.0/0 4114 644K FrwlOutChk all -- * * 0.0.0.0/0 0.0.0.0/0 Chain FrwlInChk (1 references) pkts bytes target prot opt in out source destination 30 6327 ACCEPT all -- ppp100 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 2944 278K ACCEPT all -- br0 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 51 4591 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 98 11976 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 520 0 0 DROP tcp -- br0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:23 0 0 DROP udp -- br0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:23 0 0 DROP tcp -- br0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:161 0 0 DROP udp -- br0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:161 768 221K ACCEPT all -- br0 * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT tcp -- ppp100 * 80.58.63.128/25 0.0.0.0/0 tcp dpt:7547 2 68 ACCEPT icmp -- ppp100 * 0.0.0.0/0 0.0.0.0/0 icmp type 8 0 0 ACCEPT tcp -- ppp100 * 80.58.63.128/25 0.0.0.0/0 tcp dpt:22 0 0 ACCEPT tcp -- ppp100 * 172.20.25.0/24 0.0.0.0/0 tcp dpt:22 0 0 ACCEPT tcp -- ppp100 * 172.20.45.0/24 0.0.0.0/0 tcp dpt:22 0 0 ACCEPT tcp -- ppp100 * 193.152.37.192/28 0.0.0.0/0 tcp dpt:22 0 0 ACCEPT tcp -- ppp100 * 80.58.63.128/25 0.0.0.0/0 tcp dpt:443 0 0 ACCEPT tcp -- ppp100 * 172.20.25.0/24 0.0.0.0/0 tcp dpt:443 0 0 ACCEPT tcp -- ppp100 * 172.20.45.0/24 0.0.0.0/0 tcp dpt:443 0 0 ACCEPT tcp -- ppp100 * 193.152.37.192/28 0.0.0.0/0 tcp dpt:443 45 2428 LOG tcp -- ppp100 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02 limit: avg 6/hour burst 5 LOG flags 0 level 1 prefix `Intrusion -> ' 147 10850 DROP all -- ppp100 * 0.0.0.0/0 0.0.0.0/0 Chain FrwlOutChk (13 references) pkts bytes target prot opt in out source destination Chain PORT_FORWARDING (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT udp -- ppp100 * 0.0.0.0/0 192.168.1.100 udp dpt:80 85 4808 ACCEPT tcp -- ppp100 * 0.0.0.0/0 192.168.1.100 tcp dpt:80 Chain PORT_SCAN (0 references) pkts bytes target prot opt in out source destination Chain Parental_Ctrl (1 references) pkts bytes target prot opt in out source destination Chain UPNP_PRE (1 references) pkts bytes target prot opt in out source destination Chain VOIP_INPUT (2 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT udp -- eth0.3 * 0.0.0.0/0 10.29.0.93 udp dpt:5060 0 0 ACCEPT udp -- eth0.3 * 0.0.0.0/0 10.29.0.93 udp dpt:5060 Chain acl_chain (3 references) pkts bytes target prot opt in out source destination 3030 275K ACCEPT tcp -- br0 * 0.0.0.0/0 0.0.0.0/0 multiport dports 80 source IP range 0.0.0.0-223.255.255.255 0 0 ACCEPT udp -- br0 * 0.0.0.0/0 0.0.0.0/0 multiport dports 80 source IP range 0.0.0.0-223.255.255.255 0 0 ACCEPT tcp -- br0 * 0.0.0.0/0 0.0.0.0/0 multiport dports 21 source IP range 0.0.0.0-223.255.255.255 0 0 ACCEPT udp -- br0 * 0.0.0.0/0 0.0.0.0/0 multiport dports 21 source IP range 0.0.0.0-223.255.255.255 0 0 ACCEPT tcp -- br0 * 0.0.0.0/0 0.0.0.0/0 multiport dports 53 source IP range 0.0.0.0-223.255.255.255 0 0 ACCEPT udp -- br0 * 0.0.0.0/0 0.0.0.0/0 multiport dports 53 source IP range 0.0.0.0-223.255.255.255 0 0 ACCEPT icmp -- ppp100 * 0.0.0.0/0 0.0.0.0/0 icmp type 8 source IP range 0.0.0.0-223.255.255.255 0 0 ACCEPT icmp -- eth0.3 * 0.0.0.0/0 0.0.0.0/0 icmp type 8 source IP range 0.0.0.0-223.255.255.255 0 0 ACCEPT icmp -- eth0.2 * 0.0.0.0/0 0.0.0.0/0 icmp type 8 source IP range 0.0.0.0-223.255.255.255 0 0 ACCEPT icmp -- br0 * 0.0.0.0/0 0.0.0.0/0 icmp type 8 source IP range 0.0.0.0-223.255.255.255 0 0 ACCEPT tcp -- ppp100 * 0.0.0.0/0 0.0.0.0/0 multiport dports 22 source IP range 0.0.0.0-223.255.255.255 0 0 ACCEPT udp -- ppp100 * 0.0.0.0/0 0.0.0.0/0 multiport dports 22 source IP range 0.0.0.0-223.255.255.255 0 0 ACCEPT tcp -- eth0.3 * 0.0.0.0/0 0.0.0.0/0 multiport dports 22 source IP range 0.0.0.0-223.255.255.255 0 0 ACCEPT udp -- eth0.3 * 0.0.0.0/0 0.0.0.0/0 multiport dports 22 source IP range 0.0.0.0-223.255.255.255 0 0 ACCEPT tcp -- eth0.2 * 0.0.0.0/0 0.0.0.0/0 multiport dports 22 source IP range 0.0.0.0-223.255.255.255 0 0 ACCEPT udp -- eth0.2 * 0.0.0.0/0 0.0.0.0/0 multiport dports 22 source IP range 0.0.0.0-223.255.255.255 34 5057 ACCEPT tcp -- br0 * 0.0.0.0/0 0.0.0.0/0 multiport dports 22 source IP range 0.0.0.0-223.255.255.255 0 0 ACCEPT udp -- br0 * 0.0.0.0/0 0.0.0.0/0 multiport dports 22 source IP range 0.0.0.0-223.255.255.255 0 0 ACCEPT tcp -- ppp100 * 0.0.0.0/0 0.0.0.0/0 multiport dports 443 source IP range 80.58.63.129-80.58.63.190 0 0 ACCEPT udp -- ppp100 * 0.0.0.0/0 0.0.0.0/0 multiport dports 443 source IP range 80.58.63.129-80.58.63.190 0 0 ACCEPT tcp -- ppp100 * 0.0.0.0/0 0.0.0.0/0 multiport dports 443 source IP range 172.20.25.1-172.20.25.254 0 0 ACCEPT udp -- ppp100 * 0.0.0.0/0 0.0.0.0/0 multiport dports 443 source IP range 172.20.25.1-172.20.25.254 0 0 ACCEPT tcp -- ppp100 * 0.0.0.0/0 0.0.0.0/0 multiport dports 443 source IP range 172.20.45.1-172.20.45.254 0 0 ACCEPT udp -- ppp100 * 0.0.0.0/0 0.0.0.0/0 multiport dports 443 source IP range 172.20.45.1-172.20.45.254 0 0 ACCEPT tcp -- ppp100 * 0.0.0.0/0 0.0.0.0/0 multiport dports 443 source IP range 193.152.37.193-193.152.37.206 0 0 ACCEPT udp -- ppp100 * 0.0.0.0/0 0.0.0.0/0 multiport dports 443 source IP range 193.152.37.193-193.152.37.206 0 0 ACCEPT tcp -- eth0.3 * 0.0.0.0/0 0.0.0.0/0 multiport dports 443 source IP range 80.58.63.129-80.58.63.190 0 0 ACCEPT udp -- eth0.3 * 0.0.0.0/0 0.0.0.0/0 multiport dports 443 source IP range 80.58.63.129-80.58.63.190 0 0 ACCEPT tcp -- eth0.3 * 0.0.0.0/0 0.0.0.0/0 multiport dports 443 source IP range 172.20.25.1-172.20.25.254 0 0 ACCEPT udp -- eth0.3 * 0.0.0.0/0 0.0.0.0/0 multiport dports 443 source IP range 172.20.25.1-172.20.25.254 0 0 ACCEPT tcp -- eth0.3 * 0.0.0.0/0 0.0.0.0/0 multiport dports 443 source IP range 172.20.45.1-172.20.45.254 0 0 ACCEPT udp -- eth0.3 * 0.0.0.0/0 0.0.0.0/0 multiport dports 443 source IP range 172.20.45.1-172.20.45.254 0 0 ACCEPT tcp -- eth0.3 * 0.0.0.0/0 0.0.0.0/0 multiport dports 443 source IP range 193.152.37.193-193.152.37.206 0 0 ACCEPT udp -- eth0.3 * 0.0.0.0/0 0.0.0.0/0 multiport dports 443 source IP range 193.152.37.193-193.152.37.206 0 0 ACCEPT tcp -- eth0.2 * 0.0.0.0/0 0.0.0.0/0 multiport dports 443 source IP range 80.58.63.129-80.58.63.190 0 0 ACCEPT udp -- eth0.2 * 0.0.0.0/0 0.0.0.0/0 multiport dports 443 source IP range 80.58.63.129-80.58.63.190 0 0 ACCEPT tcp -- eth0.2 * 0.0.0.0/0 0.0.0.0/0 multiport dports 443 source IP range 172.20.25.1-172.20.25.254 0 0 ACCEPT udp -- eth0.2 * 0.0.0.0/0 0.0.0.0/0 multiport dports 443 source IP range 172.20.25.1-172.20.25.254 0 0 ACCEPT tcp -- eth0.2 * 0.0.0.0/0 0.0.0.0/0 multiport dports 443 source IP range 172.20.45.1-172.20.45.254 0 0 ACCEPT udp -- eth0.2 * 0.0.0.0/0 0.0.0.0/0 multiport dports 443 source IP range 172.20.45.1-172.20.45.254 0 0 ACCEPT tcp -- eth0.2 * 0.0.0.0/0 0.0.0.0/0 multiport dports 443 source IP range 193.152.37.193-193.152.37.206 0 0 ACCEPT udp -- eth0.2 * 0.0.0.0/0 0.0.0.0/0 multiport dports 443 source IP range 193.152.37.193-193.152.37.206 0 0 ACCEPT tcp -- br0 * 0.0.0.0/0 0.0.0.0/0 multiport dports 443 source IP range 0.0.0.0-223.255.255.255 0 0 ACCEPT udp -- br0 * 0.0.0.0/0 0.0.0.0/0 multiport dports 443 source IP range 0.0.0.0-223.255.255.255 1 40 LOG all -- !lo * 0.0.0.0/0 0.0.0.0/0 limit: avg 1/min burst 1 LOG flags 0 level 7 prefix `RemoteManagement: Action=DROP Unsecured Client Access Deny ' 1 40 DROP all -- !lo * 0.0.0.0/0 0.0.0.0/0 Chain app_filter_chain (2 references) pkts bytes target prot opt in out source destination Chain ipfilter_chain (1 references) pkts bytes target prot opt in out source destination Chain url_filter_chain (1 references) pkts bytes target prot opt in out source destination
... Mostrar más