Exposed WAN - http://IPAddress/webpages/login.html

Clive_A

2023-08-17 03:17:03

Posts: 4088

Helpful: 1575

Solutions: 855

Stories: 0

Registered: 2023-06-09

Re:Exposed WAN - http://IPAddress/webpages/login.html

2023-08-17 03:17:03

Hi @ibphantom

Thanks for posting in our business forum.

A public IP address with an open port, can be accessible from the Internet. This is how the Internet works. 80 and 443 are enabled by default if you disable it, how do you log in to the router admin web?

You can access it from the Internet, then did you enable Remote Management in the settings? This is not enabled by default. By default, this is blank.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update! ☛Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting Manual ★ ☚ (Disclaimer: Short links are used above solely for guidance to TP-Link subdomains and are safe and tracker-free. Exercise caution with short links from non-official members on forums. We are not liable for external content or damage from non-official members' link use.)

0

#2

MisterW

LV3

2023-08-17 06:13:32

Posts: 114

Helpful: 40

Solutions: 13

Stories: 0

Registered: 2023-07-07

Re:Exposed WAN - http://IPAddress/webpages/login.html

2023-08-17 06:13:32

@ibphantom

Why is the default webpage /webpages/login.html accessible from the WAN IP?

Are you using the WAN IP from a machine on the LAN ?

If so then the NAT loopback function of the router will be detecting that and redirecting the address back. It will appear as though the router is accessible from the internet, but it isnt as the request never gets beyond the router.

Unless you've got Remote Management enabled as @Clive_A says, then the router is not actually accessible from the internet

1

#3

ibphantom

LV1

2023-08-17 06:54:45 - last edited 2023-08-17 06:57:53

Posts: 13

Helpful: 2

Solutions: 1

Stories: 0

Registered: 2023-08-16

Re:Exposed WAN - http://IPAddress/webpages/login.html

2023-08-17 06:54:45 - last edited 2023-08-17 06:57:53

@Clive_A and @MisterW

Hey Clive and MisterW! I understand that port 80 and 443 are enabled by default, that's why I made this post. It shouldn't be by default for an edge router.

If it is enabled, it should be set on a different port as the Omada controller is (:18043)

I'm using an Omada Controller, so I don't have that view, all of the settings are taken away because this ER8411 is linked to an Omada controller.

Within the Omada controller, there isn't a way to disable remote management as far as I cant tell.

I get this page through the local IP and through the WAN IP. I'd like to disable this page from being seen through the WAN IP address.

0

#4

Clive_A

2023-08-17 07:07:53

Posts: 4088

Helpful: 1575

Solutions: 855

Stories: 0

Registered: 2023-06-09

Re:Exposed WAN - http://IPAddress/webpages/login.html

2023-08-17 07:07:53

Hi @ibphantom

Thanks for posting in our business forum.

Do you use a hardware controller?

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update! ☛Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting Manual ★ ☚ (Disclaimer: Short links are used above solely for guidance to TP-Link subdomains and are safe and tracker-free. Exercise caution with short links from non-official members on forums. We are not liable for external content or damage from non-official members' link use.)

0

#5

ibphantom

LV1

2023-08-17 07:24:56

Posts: 13

Helpful: 2

Solutions: 1

Stories: 0

Registered: 2023-08-16

Re:Exposed WAN - http://IPAddress/webpages/login.html

2023-08-17 07:24:56

Hey @Clive_A
No, I'm hosting the Omada controller through a docker container.

0

#6

Clive_A

2023-08-17 07:43:25

Posts: 4088

Helpful: 1575

Solutions: 855

Stories: 0

Registered: 2023-06-09

Re:Exposed WAN - http://IPAddress/webpages/login.html

2023-08-17 07:43:25

Hi @ibphantom

Thanks for posting in our business forum.

Did you test this access from your cellular phone without connecting to the LAN?

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update! ☛Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting Manual ★ ☚ (Disclaimer: Short links are used above solely for guidance to TP-Link subdomains and are safe and tracker-free. Exercise caution with short links from non-official members on forums. We are not liable for external content or damage from non-official members' link use.)

0

#7

ibphantom

LV1

2023-08-17 07:54:58

Posts: 13

Helpful: 2

Solutions: 1

Stories: 0

Registered: 2023-08-16

Re:Exposed WAN - http://IPAddress/webpages/login.html

2023-08-17 07:54:58

Hey @Clive_A
Yes, I've tried from my Verizon LTE, my friends AT&T LTE, and friends Comcast ISP from a town away and all 3 are able to connect to the ER8411 /webpages/login.html from outside of my network - That's why I opened the discussion. There should be a fix for this to be off by default.

0

#8

Clive_A

2023-08-18 06:26:31

Posts: 4088

Helpful: 1575

Solutions: 855

Stories: 0

Registered: 2023-06-09

Re:Exposed WAN - http://IPAddress/webpages/login.html

2023-08-18 06:26:31

Hi @ibphantom

Thanks for your valuable feedback and post here. This request has been forwarded to the developer team for further diagnostics and evaluation.

For now, I'd like to collect some information and give a workaround after consulting the senior engineers.

What's the controller version? Firmware of your ER8411, is it V1.1.0?

There is no port forwarding configuration on ER8411 map 192.168.0.1(Default GW IP) and forward 80 and 443, is there?

Temporarily, you can set up ACL to block access to the destination = Management Page.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update! ☛Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting Manual ★ ☚ (Disclaimer: Short links are used above solely for guidance to TP-Link subdomains and are safe and tracker-free. Exercise caution with short links from non-official members on forums. We are not liable for external content or damage from non-official members' link use.)

0

#9

ibphantom

LV1

2023-08-18 08:03:34

Posts: 13

Helpful: 2

Solutions: 1

Stories: 0

Registered: 2023-08-16

Re:Exposed WAN - http://IPAddress/webpages/login.html

2023-08-18 08:03:34

Hey @Clive_A !

Outstanding, I appreciate the efforts! Thank you.

The Omada Controller is version 5.9.31 ; ER8411 is v1.1.0.

The default Gateway has been changed to 172.16.0.254 and I do NOT have any NAT/Port Forwarding rules set for the default gateway at 172.16.0.254, nor do I to the Omada controller at 172.16.0.62, correct.

Although, I know this isn't a question you asked and am sure it doesn't affect this problem, With the modem(Nokia BGW320-505 v4.23.4) set to Passthrough to the ER8411, essentially the ER8411 is in DMZ because of the nature of Passthrough.

There are no port forwarding rules on the modem whatsoever.

I did setup a firewall rule on the modem to drop 80 and 443 to 172.16.0.254 from WAN, I'll also add an ACL rule on the ER8411 to drop 80 and 443 to the destination 172.16.0.254

Thank you, again!

1

#10

Exposed WAN - http://IPAddress/webpages/login.html

Exposed WAN - http://IPAddress/webpages/login.html

Information

Voters 0

Tags