Forums

Bruce
Bruce
Offline
Resolved
0 votes
I might have this wrong but I thought from Nick & Dave's descriptions of Hotlan that it isolated clients from the server; clients from clients; blocked Hotlan to Lan but allowed Lan to Hotlan.
But my Hotlan subnet >192.168.100.0/24 allows access to the webconfig admin page at 192.168.100.1.
Should it? Is this correct behaviour?
If it is I wonder if someone could help me with the iptables rule to block it
I know I could disable it with the rule in webconfig gui for port 81 but that applies to all subnets which isn't ideal.
even better would be a webconfig rule just for a specified static ip in my LAN segment
Thursday, November 05 2020, 11:19 PM
Share this post:
Responses (3)
  • Accepted Answer

    Friday, November 06 2020, 09:22 AM - #Permalink
    Resolved
    0 votes
    The firewall is normally open to all traffic from LAN interfaces (not HotLAN), so there is no need to open the Webconfig port in the Incoming firewall. The Incoming Firewall works on External and HotLAN interfaces. If you want to open a service to the internet, it hardly makes sense to then block it from the HotLAN.
    The reply is currently minimized Show
  • Accepted Answer

    Bruce
    Bruce
    Offline
    Friday, November 06 2020, 09:10 PM - #Permalink
    Resolved
    0 votes
    Hi Nick, I think you're confirming that Hotlan should not have access to the webconfig page on its own segment?

    I apologize because my question is confusing . I'm asking a couple of different questions. One based on the how this should work? the other because it's working this way and I don't want webconfig access on the hotlan segment and only on the LAN segment what rule would I apply to stop it from working this way?. Regardless of the Incoming Firewall rule, enabled or disabled, Hotlan allows access to the webconfig from inside my gateway. webconfig firewall rule in the gui is set to disabled in the gui.
    The reply is currently minimized Show
  • Accepted Answer

    Friday, November 06 2020, 09:56 PM - #Permalink
    Resolved
    0 votes
    What is the result from:
    iptables -nvL INPUT
    Results between "code" tags, please.
    You should not have webconfig access from the HotLAN unless you have opened the incoming port.
    The reply is currently minimized Show
Your Reply