How to obtain accees to your corporate LAN via reverse ssh tunnel to your home router


   - Asus WL500gP as home router
   - Firmware from
   - Real IP address from your ISP

---> On your home router:
   1. Connect to home router using telnet


   2. Create required dir in the flashfs space using

      mkdir -p /usr/local/etc/dropbear

   3. Generate the DSS key by typing

      dropbearkey -t dss -f /usr/local/etc/dropbear/dropbear_dss_host_key

   4. Generate the RSA key by typing

      dropbearkey -t rsa -f /usr/local/etc/dropbear/dropbear_rsa_host_key

   5. Adding lines to the startup script "post-boot":

      # you do not need to enter 3 lines below if you've post-boot and
      # post-firewall already

      mkdir -p /usr/local/sbin/
      echo "#!/bin/sh" >> /usr/local/sbin/post-boot && chmod +x /usr/local/sbin/post-boot
      echo "#!/bin/sh" >> /usr/local/sbin/post-firewall && chmod +x /usr/local/sbin/post-firewall

      echo "dropbear -a" >> /usr/local/sbin/post-boot
      echo "iptables -I INPUT -m tcp -p tcp --dport 2222 -j ACCEPT" >> /usr/local/sbin/post-firewall

    6. Store your authorized keys in the:


    7. Save to flashfs and enable it

      flashfs save && flashfs commit && flashfs enable

    8. Reboot router

---> On your workstation in corporate LAN:
    9. Create shell script that will be triggered by the cron

      echo '#!/bin/sh' >> /home/username/
      echo 'COMMAND="ssh -N -f -R Home_Router_WAN_IP_Address:2222:localhost:22"' >> /home/username/
      echo 'pgrep -f -x "$COMMAND" > /dev/null 2>&1 || $COMMAND' >> /home/username/

      crontab -e
      and add:
      */5 * * * * /bin/sh /home/username/

   10. Take coffe break for 5 min

---> From any host from anywhere:
   11. ssh -X -p 2222
   12. Enjoy!

Copyright © 2010 Andrew A. Martis