Advanced topics Using the firewall command
Digi TransPort WR Routers User Guide
503
Allow SSH access on a WAN
To allow SSH access on a WAN interface:
1. Open the command-line interface, either from a command prompt or the web interface
System > Device Console option.
2. Use the wan command allow-ssh-access option to toggle SSH access on a WAN. For example,
to allow SSH access on WAN 1:
digi.router> wan 1 allow-ssh-access on
3. Save the configuration.
digi.router> save config
Allow SSH access for only a specific source IP address
To allow SSH access for only a specific IP address:
1. Open the command-line interface, either from a command prompt or the web interface
System > Device Console option.
2. Use the ip-filter command to allow incoming connections from hosts on the 10.20 network to
SSH (port 22). For example, assuming port 22 is the SSH port, enter commands similar to the
following:
digi.router> ip-filter 1 description Allow WAN SSH only from 10.20 network
digi.router> ip-filter 1 action accept
digi.router> ip-filter 1 src any-wan
digi.router> ip-filter 1 src-ip-address 10.20.0.0/16
digi.router> ip-filter 1 dst-ip-port 22
digi.router> ip-filter 1 state on
3. Use the wan command allow-ssh-access option to prohibit SSH access on a WAN. For example,
to turn off SSH access on WAN 1:
WARNING! Before turning off ssh access for a WAN, make sure your device can
accept traffic other than ssh traffic. Otherwise, when you turn off ssh access, you
may remove your ability to access the device.
digi.router> wan 1 allow-ssh-access off
4. Save the configuration.
digi.router> save config
To Next Page
Loading...
