Login page on WAN port?!

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Login page on WAN port?!

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Login page on WAN port?!
Login page on WAN port?!
2023-04-23 14:43:15
Model: ER605 (TL-R605)  
Hardware Version: V2
Firmware Version: Latest

Hi TP-Link!

 

Today i just set up CNAME on my DNS service and discover my ER605 login page are accessible from WAN!
Are you kidding me TP-Link?
I walk around Omada v5.9.31 on Linux and can't find any option related to port/services on WAN side ...

 

Let me know where i can disable HTTP/HTTPS ports from WAN ;)

+20y experience in Linux/UNIX, +12y VMware, +10y as network admin, +8y as AIX admin (professional) I really know what is going on at background, please don't try to cheat me TP-Link :)
  0      
  0      
#1
Options
8 Reply
Re:Login page on WAN port?!
2023-04-24 08:33:29
Just striving to develop myself while helping others.
  0  
  0  
#2
Options
Re:Login page on WAN port?!
2023-04-24 09:07:47

  @Virgo 

 

Checked, and i'm wondering why access from WAN isn't disabled by default (as any no-Omada router is)?
This is security issue with my Omada IP showed on login page ... 

Anyway this is not answer for my question.

+20y experience in Linux/UNIX, +12y VMware, +10y as network admin, +8y as AIX admin (professional) I really know what is going on at background, please don't try to cheat me TP-Link :)
  0  
  0  
#3
Options
Re:Login page on WAN port?!
2023-04-24 11:21:18

OK, so it seems to gateway (should be name as router) allow reach ports from LAN on WAN side (WAN from ousite are correctly blocked), but how from TP-Link can answer me why i can reach services on WAN from LAN? What was to purposes?

+20y experience in Linux/UNIX, +12y VMware, +10y as network admin, +8y as AIX admin (professional) I really know what is going on at background, please don't try to cheat me TP-Link :)
  0  
  0  
#4
Options
Re:Login page on WAN port?!
2023-04-24 13:31:53
So you can test publicly accessible services from a local IP. I find it super useful.
<< Paying it forward, one juicy problem at a time... >>
  0  
  0  
#5
Options
Re:Login page on WAN port?!
2023-04-24 13:41:59

  @d0ugmac1 

 

When you have possibility to RDP external Windows and check all things (nmap in linux), then you want to keep local services quiet on WAN address, even if you ask for it from LAN.

 

Question is still open ;)

+20y experience in Linux/UNIX, +12y VMware, +10y as network admin, +8y as AIX admin (professional) I really know what is going on at background, please don't try to cheat me TP-Link :)
  0  
  0  
#6
Options
Re:Login page on WAN port?!
2023-04-24 14:26:46
I doubt the traffic ever actually hits the WAN side of the router, it's just some dnsmasq magic going on and the connections are really Lan-Lan (do a traceroute and prove me wrong). So if you can already hit those services from the LAN side, what's the issue? If you don't want local users from hitting those services because they should only be available externally, then the standard approach is that you put ACLs in place.
<< Paying it forward, one juicy problem at a time... >>
  1  
  1  
#7
Options
Re:Login page on WAN port?!
2023-05-06 11:26:08

Hi @d0ugmac1 

 

There is many thing which are turned on by default, which shouldn't be is business class device/software. That's the thing to discuss.

Anyway, WAN address shouldn't be resolve by gateway in default configuration and there is no option to turn it off (excluded ACLs).

+20y experience in Linux/UNIX, +12y VMware, +10y as network admin, +8y as AIX admin (professional) I really know what is going on at background, please don't try to cheat me TP-Link :)
  1  
  1  
#8
Options
Re:Login page on WAN port?!
2023-05-08 16:57:53

  @DREEMus 

Totally agree with you that too many options are enabled by default.

  0  
  0  
#9
Options

Information

Helpful: 0

Views: 440

Replies: 8

Related Articles