DD-WRT :: View topic - Enable Web Interface Over SSH?

Enable Web Interface Over SSH?

DD-WRT Forum Index -> Broadcom SoC based Hardware

Goto page Previous 1, 2

View previous topic :: View next topic

Author

Message

ho1Aetoo
DD-WRT Guru

Joined: 19 Feb 2019
Posts: 3006
Location: Germany

Posted: Wed Mar 13, 2024 12:58 Post subject:

maybe 10 other users want to post some stuff after not being asked?

nvram commit is not needed in most cases....
you can try it yourself

nvram set http_enable=0
reboot

the varibale has the set value after reboot
perhaps the setting is lost in the event of a power failure
but it has never happened to me and in most cases the "commit" is unnecessary
_________________
Quickstart guides:
use Pi-Hole as simple DNS-Server with DD-WRT
VLAN configuration via GUI - 1 CPU port
VLAN configuration via GUI - 2 CPU ports (R7800, EA8500 etc)

Routers
Marvell OCTEON TX2 - QHora-322 - OpenWrt 23.05.3 - Gateway
Qualcomm IPQ8065 - R7800 - DD-WRT - WAP

Sponsor

egc
DD-WRT Guru

Joined: 18 Mar 2014
Posts: 12921
Location: Netherlands

Posted: Wed Mar 13, 2024 13:58 Post subject:

ho1Aetoo wrote:

That is exactly as it is.
The reboot command also does an nvram commit.
In case of power loss the setting can be lost.
_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087

mwchang
DD-WRT Guru

Joined: 26 Mar 2013
Posts: 1858
Location: Hung Hom, Hong Kong

Posted: Thu Mar 14, 2024 10:40 Post subject:

egc wrote:

The reboot command also does an nvram commit.
In case of power loss the setting can be lost.

That explained something I did not understand....
_________________
Router: Asus RT-N18U (rev. A1)

Drink, Blink, Stretch! Live long and prosper! May the Force and farces be with you!

Facebook: https://www.facebook.com/changmanwai
Website: https://sites.google.com/site/changmw
SETI@Home profile: http://setiathome.berkeley.edu/view_profile.php?userid=211832
GitHub: https://github.com/changmw/changmw

jauch888888
DD-WRT User

Joined: 23 Apr 2020
Posts: 101

Posted: Thu Mar 14, 2024 17:29 Post subject:

Alozaros wrote:

after nvram set whatever is used... to preserve/save the settings nvram commit is needed... Smile

if you turn 0ff SSh from services page than no SSh at all..
to secure SSh, telnet, https , http local microserver..you can add iptables rules..

those are only an examples(U have to tailor it to your config..interfaces, clients and ect..

iptables -I INPUT -i br0 -p tcp --dport 443 -m state --state NEW -j REJECT
or general
iptables -I INPUT -i br0 -p tcp --dport 443 -j REJECT

iptables -I INPUT -i br0 -p tcp --dport 443 -m mac --mac-source xx:xx:xx:xx:xx:xx -j ACCEPT

xx.xx.xx.xx.xx.xx is the mac address on that device that you want to allow.. Cool

you can use it along with IP's too..(you'd need to give a static IP to those clients)

iptables -I INPUT -i br0 -p tcp --dport 443 -s 192.168.1.100 -j ACCEPT

I also try to isolate my ssh and device when I use it, I use id-ed25519 key, no password to open ssh session but I would like to only have my pc allows to use ssh tunnel. I tried that one:

Code:

iptables -I INPUT -i br0 -p tcp --dport 443 -m mac --mac-source xx:xx:xx:xx:xx:xx -j ACCEPT

but I loose wifi when I run it in firewall.

Goto page Previous 1, 2

Display posts from previous:

Page 2 of 2

DD-WRT Forum Index -> Broadcom SoC based Hardware

All times are GMT

Navigation

Jump to:

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum

Log in

Enable Web Interface Over SSH?

Quick Links

Log in