How to block non-SSH traffic?

Hi guys!

I have an issue that I hope you’ll be able to help me with. I had a setup that worked wonderfully until I upgraded Tomato from 1.23 to 1.28 (router wrt54gl). I used to ssh into my router and than use remotelyanywhere (RA) to access my computer.

With Tomato 1.23 the connections from the tunnel originated from the router’s internal IP (192.168.1.1), so I just blocked all connections with Comodo firewall coming NOT from this IP to the RA listening port.

However with Tomato 1.28 the tunnel connections originate from my WAN IP (which changes frequently), and I don’t know how to differentiate between the SSH and normal connections in Comodo. I hope someone will be able to help me with this :slight_smile: Many thanks!!!

edit: typo

Hi boardlord, welcome to the forums.

Typically, SSH uses UDP on Port 22. I’m not sure if this is same for Tomato. However, you should be aware that it is not uncommon for this port to be probed looking for SSH vulnerabilities. But, I assume Tomato (being new?) would be hardened.

Another restriction that you could impose is by creating a Network Zone that encompasses the IP ranges used by your ISP and limiting that connection further to this Zone only.

I hope that helps.

Hello kail,

thanks for your quick input and your welcome!

I changed Tomato’s SSH listeing port to 2222, in case someone wanted to do exactly what you described.

So, there is no way to block non-SSH connections to the RA listening port? Pity… I’ll get the my ISP’s IP ranges and try your suggestions. Many thanks!

Not to my knowledge I’m afraid (although someone else might know). The problem is that an RA connection is, in reality, just a normal connection. Although I haven’t used RA in many years, I don’t think it uses any special type of protocol as such.

Yes, you’re right - RA uses the same engine as logmein.com. Encrypted of course, but still http…

ISP’s IP ranges: You should probably limit these to what you actually use, as opposed to what your ISP offers. They often differ depending on connection type and services within an ISP.

Hmmm, something just came to my mind. What if I set up openssh on my workstation and tunnel into that one instead of the router? that way I could block all connections not originating from localhost/workstation IP…

That sounds a lot better. :-TU

Thanks for your help!! :-TU
Will do it later :slight_smile: