SSH reverse tunnel to OpenWRT / dropbear

I have a little WRT54GL router that runs OpenWRT. It is very convenient to be able to SSH into the router, and even more convenient to make tunnels.

In opensshd, there is an option

GatewayPorts yes

that needs to be turned on. It allows the SSH server to listen to ports and forward them back to the client. Also it allows other machines to connect to that port on the SSH server, not just the SSH server.

Well, for dropbear (the SSH implementation of OpenWRT), things are a little different. First, you need to start the dropbear deamon with the flag -a. Preferably:

#/etc/config/dropbear
        option 'GatewayPorts' 'on'

Second, when you invoke ssh, you need to specifically tell dropbear to listen to the network interface (not to localhost). Example:

$ ssh -l root -R 1.2.3.4:7777:10.2.2.12:80 1.2.3.4

This assumes you are on a client, on the 10.2-network. Your OpenWRT is on the internet (IP=1.2.3.4). Connections made to 1.2.3.4, port 7777 will be tunneled through SSH back to the client. The client will in turn make a new connection to 10.2.2.12, port 80 and forward all traffic there. So, in this case, an internal webserver is exposed on the internet.

With other sshd servers, it may be enought to make the call

$ ssh -l root -R 7777:10.2.2.12:80 1.2.3.4

and sshd will listen to all interfaces.

  1. Thanks for the tip, I was unable to get dropbear to bind on non-localhost until now!

    Btw, the remote address could be set as 0.0.0.0 – so you can set up the remote port forwarding using a dynamic ip address too!

  2. I want to thank you so much for this post. I’ve spent hours trying to figure out why my Reverse SSH tunnel to my DDWRT router wasn’t working right, and your post explained everything.

    Thank you!

  3. Yes, thanks very much for your advice, the dropbear error of “Server sent unrequested forward” wasn’t very helpful, but with your syntax it works well 🙂

  4. Million thanx, I was missing the GatewayPorts config option – I tried a million times to setup a client-to-client over server through two directions at the same time: client-to-server and server-to-client. I didn’t know I actually needed just the server-to-client and this this server-side option 🙂

  5. on dd-wrt I couldnt get the reverse tunnel port available to other LAN hosts as described above but I did get it working with the -g option:
    ssh -g -l root -R 7777:10.2.2.12:80 1.2.3.4

Leave a Comment


NOTE - You can use these HTML tags and attributes:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Time limit is exhausted. Please reload CAPTCHA.

This site uses Akismet to reduce spam. Learn how your comment data is processed.