Ok so I setup ddwrt on a meta router. I can get to the ssh local over the tik through putty so i am good to that point. However i can not get to ssh when coming in remotely. I tired port forwarding and even chaging the ssh port in case 22 was still be caught through the miktoiks interface but no good.
My metarouter sits on 192.168.80.2 so all I did was set up a port forward rule 2222 to go to 192.168.80.2
If you use the private IP of the Metarouter while on the LAN (no hairpin NAT):
/ip firewall nat add chain=dstnat in-interface=WAN protocol=tcp dst-port=2222 action=dst-nat to-address=192.168.80.2 to-ports=22
(replace WAN with the name of your WAN interface, e.g. pppoe-out-1, ether1, etc)
If you want hairpin access:
..and have a static IP:
Use the above rule but remove in-interface=WAN and add dst-address=x.x.x.x (your wan IP).
…and have a dynamic IP:
USe the above rule but remove in-interface=WAN and add dst-address-type=local and dst-address=!192.168.80.1
With either of these changes, for hairpin to work, you will also need to add an additional srcnat rule:
/ip firewall nat add chain=srcnat src-address=192.168.80.0/24 dst-address=192.168.80.0/24 action=masquerade
Allow access:
Finally, make sure that the filter table is not blocking the access to your metarouter. The forward chain is the one to check. If your forward chain is a “default deny” type of configuration, then there needs to be a rule which permits tcp dst-port=22 dst-address=192.168.80.2 (Note that dst port is 22 because the forward filter chain is checked AFTER dst-nat has executed)
If your forward chain is a “default accept” policy, then make sure there is no rule which blocks access to your server.