How to set up LAN-only SSH on the D-Link TM-G5240?
February 12, 2011 3:02 PM   Subscribe

I have a D-Link TM-G5240 wireless router, and I want to set it up to allow SSH traffic strictly over the LAN; i.e., no access from outside. (I don't envision ever needing to SSH into our home network from anywhere else, so I'd like to keep anyone else from being able to do so.) What's the best way to go about it? Keep in mind, I'm a networking novice.
posted by gabrielbenjamin to Computers & Internet (7 answers total) 2 users marked this as a favorite
 
Most routers don't mind you using services inside the LAN, as it's assumed that hosts inside are trustworthy. Have you actually true this yet or are you pre-empting a problem that might not actually exist?
posted by dougrayrankin at 3:07 PM on February 12, 2011


-true +tried

iPhone.
posted by dougrayrankin at 3:07 PM on February 12, 2011


Are you trying to stop SSH traffic into the router itself, or to a particular machine on your home network?
posted by one more dead town's last parade at 3:32 PM on February 12, 2011


have you changed any settings on your router? specifically, have you set up a port forward or put a machine in the "DMZ"? if not, then you're probably fine already. you'd have had to physically go to the router's configuration screen to do either of those things. if you have, turn them off, and you'll be OK.

there are two things you can do if you want to be extra special sure that it's not allowed:
1) turn off UPnP if you have it. UPnP allows apps to get incoming connections from the Internet - it's usually used for games and stuff like that. if you have it, turning it off will keep those apps from doing it. (it may screw up your online gaming, if you do any.)
2) go into the router's configuration screen and explicitly turn off port 22. 22 is SSH, and if you tell your router's firewall to deny connections to it explicitly, no one will be able to connect to it. it's kinda overkill - the way these routers typically work prevents incoming connections from the Internet from getting anywhere - but more layers of denial isn't a bad thing.
posted by mrg at 4:10 PM on February 12, 2011


Try going to this page:

http://www.yougetsignal.com/tools/open-ports/

and entering in port 22 (ssh).

If it's closed, you're probably home free. It's off by default, unless you've turned it on or disabled the firewall somehow.
posted by jenkinsEar at 8:29 PM on February 12, 2011


Your router's firewall doesn't affect lan to lan communications. It only comes into play when you're going wan to lan (incoming - most likely blocking this by default) or lan to wan (outgoing - most likely not blocking this by default). All you need to do is configure your computers correctly to accept ssh connections (install ssh daemon, configure computers local firewall if need be) etc. How to do this will be specific to your OS.
posted by damn dirty ape at 11:50 PM on February 12, 2011


Response by poster: Thank you all--I've figured out that it's a different problem. Port 22 is indeed already closed to outside traffic. I can use SSH to reach another computer. The trouble is the particular computer I'm trying to reach, a WinXP machine running sshd with Cygwin. The firewall on it (ZoneAlarm) is refusing connections, even though I've configured it to allow sshd to act as a server (it wont allow a remote user to configure it through VNC, either, which is annoying). I'm at my wit's end with it, and will be looking for a more accommodating free firewall. Anyways, thanks again.
posted by gabrielbenjamin at 1:44 PM on February 13, 2011


« Older Patrick Stewart's best ST:TNG performances?   |   penny for my thoughts? Newer »
This thread is closed to new comments.


Tags

Share