FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
128 views 0 comments
by anonymous

I found in firewall protocol utomatic created rules for blocking external IP addresses on port 22. Why has the device ssh open to the lan??? I took a port scanner and found the ports 22, 80 and 443 exposed to the wan. Because I had any firewall rule to allow these protocols from wan, there has to be a misconfiguration from factory. Hey guys, that´s a no go!

Because I found no options in web gui (as I know in standard Openwrt), I edited /etc/config/uhttpd and /etc/config/dropbear to restrict the listening interfaces

/etc/config/uhttpd:
option listen_http '<local_lan_ip_here>:80'
option listen_https '<local_lan_ip_here>:443'

/etc/config/dropbear:
just add the line
option interface 'lan'

If you working over vpn, your router remains accessible, if you using the internal lan address. Also RMS is not affected by this modifications.

1 Answer

0 votes
by anonymous

Hello,

Did you get a new and not a used device?

What is the device and firmware your device has installed?

Have you tried to perform factory reset?

Remote device access from WAN should be blocked by default. The rules for remote access from HTTP(S), SSH, Telnet, CLI, can be enabled/disabled in WebUI System -> Administration -> Access control section. 

These can also be controlled and modified in Network -> Firewall -Traffic rules.

Best regards,