FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

12691 questions

15070 answers

24150 comments

47148 members

0 votes
55 views 0 comments
by

I found in firewall protocol utomatic created rules for blocking external IP addresses on port 22. Why has the device ssh open to the lan??? I took a port scanner and found the ports 22, 80 and 443 exposed to the wan. Because I had any firewall rule to allow these protocols from wan, there has to be a misconfiguration from factory. Hey guys, that´s a no go!

Because I found no options in web gui (as I know in standard Openwrt), I edited /etc/config/uhttpd and /etc/config/dropbear to restrict the listening interfaces

/etc/config/uhttpd:
option listen_http '<local_lan_ip_here>:80'
option listen_https '<local_lan_ip_here>:443'

/etc/config/dropbear:
just add the line
option interface 'lan'

If you working over vpn, your router remains accessible, if you using the internal lan address. Also RMS is not affected by this modifications.

1 Answer

0 votes
by

Hello,

Did you get a new and not a used device?

What is the device and firmware your device has installed?

Have you tried to perform factory reset?

Remote device access from WAN should be blocked by default. The rules for remote access from HTTP(S), SSH, Telnet, CLI, can be enabled/disabled in WebUI System -> Administration -> Access control section. 

These can also be controlled and modified in Network -> Firewall -Traffic rules.

Best regards,