From 06e4269eaadc9a22e2c9956bc35795d9410c9f82 Mon Sep 17 00:00:00 2001 From: Cyberes Date: Tue, 13 Jun 2023 15:39:52 -0600 Subject: [PATCH] exclude router's SSH port --- bridge-install.sh | 7 +++++++ bridge/bridge-lan.sh | 6 ++++-- config/config.sh.example | 4 ++++ 3 files changed, 15 insertions(+), 2 deletions(-) diff --git a/bridge-install.sh b/bridge-install.sh index e5c3dbd..40fe4c2 100755 --- a/bridge-install.sh +++ b/bridge-install.sh @@ -163,4 +163,11 @@ echo "Set net.ipv4.ip_forward=1 in /etc/sysctl.conf" mkdir -p /var/lib/dnsmasq/ echo "Created /var/lib/dnsmasq/" +# Set up the SSH server. The port number may change and we won't always +# know what it used to be, so just remove all lines starting with "Port " +sed -i '/^Port /d' /etc/ssh/sshd_config +echo "Port $ROUTER_SSH_PORT" >> /etc/ssh/sshd_config +systemctl restart ssh +echo "Set SSH server port to $ROUTER_SSH_PORT" + echo -e "\n\n\n==============\nDone!\nNow reboot!" diff --git a/bridge/bridge-lan.sh b/bridge/bridge-lan.sh index 03c2b4a..f4dc952 100755 --- a/bridge/bridge-lan.sh +++ b/bridge/bridge-lan.sh @@ -88,10 +88,12 @@ iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -t nat -I POSTROUTING -o $WLAN_IFACE -j MASQUERADE echo "Created iptables to route traffic between nets" -# Port forward everything to the single client +# Exclude the SSH port from forwarding so we can still administer the router +iptables -t nat -A PREROUTING -i $WLAN_IFACE -p tcp --dport $ROUTER_SSH_PORT -j RETURN +# Forward all other ports to the single wired device iptables -t nat -A PREROUTING -i $WLAN_IFACE -j DNAT --to-destination $BRIDGED_CLIENT_IP iptables -t nat -A POSTROUTING -o $ETH_IFACE -j MASQUERADE -echo "Port forwarded everything to the single bridged client" +echo "Redirected the router's ports to the single bridged client" echo -en "\nRestarting dnsmasq..." service systemd-resolved stop diff --git a/config/config.sh.example b/config/config.sh.example index 05d30bc..1582dfc 100644 --- a/config/config.sh.example +++ b/config/config.sh.example @@ -7,6 +7,10 @@ WIFI_SSID="Example-Network" WIFI_USERNAME="username" WIFI_PWD="password" +# Make this port accessible on the router and have its SSH server on it. +# The installer will modify the SSH server's config. +ROUTER_SSH_PORT=64535 + # "transparent": the bridge device clones the client's MAC address and NATs traffic to a private LAN. Only supports one bridged client. # TODO: support bridging multiple clients connected to an ethernet hub # BRIDGE_MODE="transparent"