So why don't you post up your iptables -nL and we can take a look at your rules. If you have the DROP rule in their for those ports, I don't see how it would be possible for anything to access your routers web gui from the remote side. But as you can see with web gui remote access disabled there is a specific DROP rule in your input chain, when you enable remote gui access, those rules go away. Now I don't have my router actually connected to anything on the wan side, so its difficult to verify anything from here. So now if enabled remote web notice the rules iptables -nL Does not matter what if listening on 0.0.0.0 (all IPs) Just look at your specific rules with iptables. But from the send rule there where he is doing $wanif ACCEPT could be the problem.īut to your problem - if you have not manually made any manipulates of the rules with iptables like he did in the example. ![]() Have not really looked that deep at them yet. So its quite possible he jacked up something in those rules - or maybe they are jacked up as written. Iptables -I FORWARD -i br1 -o $wanif -m state -state NEW -j ACCEPT Iptables -I INPUT -i br1 -m state -state NEW -j logaccept # Make sure br1 has access to the internet: My guess with the OP problem was he stated he was running a multiple BSSIDS, which calls for making direct rules with iptables. I don't use my dd-wrt as my external router, so would have to fire it up - but easy enough to test when I get home will just plug a box into the external side of the router and setup IPs. So your worried about web gui access from remote - but you think its ok to allow telnet? Also 192.168.0.1 to 254 is not a REMOTE IP - thats a private address - so nobody is going to be able to access telnet that way - why not just disable it? Without having to forward port 80 to nowhere. I would like the option to disabled Remote Access for Web GUI Management to mean that it's not listening on wan:80, only on local:80 (i.e. And I can't seem to be able to disable listening on wan:80 in Administration > Management even though I have disabled Remote Access for Web GUI Management like the attached image shows. wan ip port 80 for example 92.151.5.90:80) to nowhere in the NAT server from NAT / QoS > Port Forward. ![]() The only way I'm able to disable access to wan:80 is to forward wan:80 (i.e. The web gui will by default listen on wan:80 with a password that everyone knows! And even if I can change the password I want to disable listening on wan:80 completely. ![]() ![]() Is this normal or have i probably misconfigured something? i thought i shouldn't be able to do this? Hi, i just noticed that I can access/login my router's web admin interface by visiting my external IP address from outside my network.
0 Comments
Leave a Reply. |