Exposed WAN - http://IPAddress/webpages/login.html

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Exposed WAN - http://IPAddress/webpages/login.html

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Exposed WAN - http://IPAddress/webpages/login.html
Exposed WAN - http://IPAddress/webpages/login.html
2023-08-16 20:30:10 - last edited 2023-08-17 03:14:00

Why is the default webpage /webpages/login.html accessible from the WAN IP?

Please add a way to disable access through the WAN IP, or am I missing a simple firewall rule? This should be off by default though, I shouldn't have to add a firewall rule, it should be common security knowledge to not have the WAN IP expose the router login page.

  0      
  0      
#1
Options
9 Reply
Re:Exposed WAN - http://IPAddress/webpages/login.html
2023-08-17 03:17:03

Hi @ibphantom 

Thanks for posting in our business forum.

A public IP address with an open port, can be accessible from the Internet. This is how the Internet works. 80 and 443 are enabled by default if you disable it, how do you log in to the router admin web?

 

You can access it from the Internet, then did you enable Remote Management in the settings? This is not enabled by default. By default, this is blank.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#2
Options
Re:Exposed WAN - http://IPAddress/webpages/login.html
2023-08-17 06:13:32

  @ibphantom 

Why is the default webpage /webpages/login.html accessible from the WAN IP?

 

Are you using the WAN IP from a machine on the LAN ?

If so then the NAT loopback function of the router will be detecting that and redirecting the address back. It will appear as though the router is accessible from the internet, but it isnt as the request never gets beyond the router.

Unless you've got Remote Management enabled as @Clive_A says, then the router is not actually accessible from the internet

  1  
  1  
#3
Options
Re:Exposed WAN - http://IPAddress/webpages/login.html
2023-08-17 06:54:45 - last edited 2023-08-17 06:57:53

@Clive_A and @MisterW 

Hey Clive and MisterW! I understand that port 80 and 443 are enabled by default, that's why I made this post. It shouldn't be by default for an edge router.

If it is enabled, it should be set on a different port as the Omada controller is (:18043)

I'm using an Omada Controller, so I don't have that view, all of the settings are taken away because this ER8411 is linked to an Omada controller.

Within the Omada controller, there isn't a way to disable remote management as far as I cant tell.

I get this page through the local IP and through the WAN IP. I'd like to disable this page from being seen through the WAN IP address.

  0  
  0  
#4
Options
Re:Exposed WAN - http://IPAddress/webpages/login.html
2023-08-17 07:07:53

Hi @ibphantom 

Thanks for posting in our business forum.

Do you use a hardware controller?

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#5
Options
Re:Exposed WAN - http://IPAddress/webpages/login.html
2023-08-17 07:24:56

Hey  @Clive_A 
No, I'm hosting the Omada controller through a docker container.

  0  
  0  
#6
Options
Re:Exposed WAN - http://IPAddress/webpages/login.html
2023-08-17 07:43:25

Hi @ibphantom 

Thanks for posting in our business forum.

Did you test this access from your cellular phone without connecting to the LAN?

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#7
Options
Re:Exposed WAN - http://IPAddress/webpages/login.html
2023-08-17 07:54:58

Hey  @Clive_A 
Yes, I've tried from my Verizon LTE, my friends AT&T LTE, and friends Comcast ISP from a town away and all 3 are able to connect to the ER8411 /webpages/login.html from outside of my network - That's why I opened the discussion. There should be a fix for this to be off by default.

  0  
  0  
#8
Options
Re:Exposed WAN - http://IPAddress/webpages/login.html
2023-08-18 06:26:31

Hi @ibphantom

Thanks for your valuable feedback and post here. This request has been forwarded to the developer team for further diagnostics and evaluation.

 

For now, I'd like to collect some information and give a workaround after consulting the senior engineers.

What's the controller version? Firmware of your ER8411, is it V1.1.0?

There is no port forwarding configuration on ER8411 map 192.168.0.1(Default GW IP) and forward 80 and 443, is there?

 

Temporarily, you can set up ACL to block access to the destination = Management Page.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#9
Options
Re:Exposed WAN - http://IPAddress/webpages/login.html
2023-08-18 08:03:34

Hey  @Clive_A !

 

Outstanding, I appreciate the efforts! Thank you.

The Omada Controller is version 5.9.31 ; ER8411 is v1.1.0.

 

The default Gateway has been changed to 172.16.0.254 and I do NOT have any NAT/Port Forwarding rules set for the default gateway at 172.16.0.254, nor do I to the Omada controller at 172.16.0.62, correct.

 

Although, I know this isn't a question you asked and am sure it doesn't affect this problem, With the modem(Nokia BGW320-505 v4.23.4) set to Passthrough to the ER8411, essentially the ER8411 is in DMZ because of the nature of Passthrough.

There are no port forwarding rules on the modem whatsoever.

 

I did setup a firewall rule on the modem to drop 80 and 443 to 172.16.0.254 from WAN, I'll also add an ACL rule on the ER8411 to drop 80 and 443 to the destination 172.16.0.254

Thank you, again! 

  1  
  1  
#10
Options