Posted: Sun Sep 10, 2017 6:25 Post subject: Re: Ooops Sorry
e123enitan wrote:
sploit wrote:
Oopps Sorry... My brain was somewhere else...
ADMINISTRATION TAB
then COMMAND tab.
Them paste the code into the box and press SAVE FIREWALL.
Then reboot the router
Thanks it works like cham, sincerely appreciate your time/knowledge.
May I bothered you with another issue, similar to the same access restriction.
I have say five devices on my LAN, connected through both wireless and Ethernet, I have all these MAC addresses set in DHCP reservation, is it possible to allow for only these five MAC's only in my LAN/WAN, where any devices with MAC not in the DHCP table will rejected.
My reason for doing this is mainly to prevent people in my house using the Ethernet RJ 45 wall socket to bypass restriction set in the wireless to gain access to my LAN server.
Thanks for your support.
I am, in serious trouble, I can log into my router from the computer which I have the MAC allowed.
Any idea of logging into the router without resetting the router.
Posted: Sun Sep 10, 2017 21:16 Post subject: Re: Ooops Sorry
e123enitan wrote:
e123enitan wrote:
sploit wrote:
Oopps Sorry... My brain was somewhere else...
ADMINISTRATION TAB
then COMMAND tab.
Them paste the code into the box and press SAVE FIREWALL.
Then reboot the router
Thanks it works like cham, sincerely appreciate your time/knowledge.
May I bothered you with another issue, similar to the same access restriction.
I have say five devices on my LAN, connected through both wireless and Ethernet, I have all these MAC addresses set in DHCP reservation, is it possible to allow for only these five MAC's only in my LAN/WAN, where any devices with MAC not in the DHCP table will rejected.
My reason for doing this is mainly to prevent people in my house using the Ethernet RJ 45 wall socket to bypass restriction set in the wireless to gain access to my LAN server.
Thanks for your support.
I am, in serious trouble, I can log into my router from the computer which I have the MAC allowed.
Any idea of logging into the router without resetting the router.
Guys please any idea how to log into my router, after making the change to prevent other MAC which seem to work , but what it does is to also lock me out of the computer which the MAC is set to allow.
My router model is Linksys Router 1900AC and Rom Build is by Kong
Hope someone with come up with solutions to get into the router
Thanks for your supports
Pls don't leave me hanging, someone help i need to get into my router pls, pls !, there must be a way somehow any idea or solution to exploit
Oopps Sorry... My brain was somewhere else...
ADMINISTRATION TAB
then COMMAND tab.
Them paste the code into the box and press SAVE FIREWALL.
Then reboot the router
Thanks it works like cham, sincerely appreciate your time/knowledge.
May I bothered you with another issue, similar to the same access restriction.
I have say five devices on my LAN, connected through both wireless and Ethernet, I have all these MAC addresses set in DHCP reservation, is it possible to allow for only these five MAC's only in my LAN/WAN, where any devices with MAC not in the DHCP table will rejected.
My reason for doing this is mainly to prevent people in my house using the Ethernet RJ 45 wall socket to bypass restriction set in the wireless to gain access to my LAN server.
Thanks for your support.
I am, in serious trouble, I can log into my router from the computer which I have the MAC allowed.
Any idea of logging into the router without resetting the router.
Guys please any idea how to log into my router, after making the change to prevent other MAC which seem to work , but what it does is to also lock me out of the computer which the MAC is set to allow.
My router model is Linksys Router 1900AC and Rom Build is by Kong
Hope someone with come up with solutions to get into the router
Thanks for your supports
Pls don't leave me hanging, someone help i need to get into my router pls, pls !, there must be a way somehow any idea or solution to exploit
A thought just came to mind to try Putty to SSH or telnet using CLI to access the iptable and delete or purge the command.
Since I don't how what to write getting into the CLI ie root/pass
can someone help to write the command to get to iptable and purge the code.
You can also set up DD-WRT's DHCP Server (DNSmasq Additional Option "dhcp-host") to always hand out the same IP address to the device with that MAC addresss, then you can use IP address in the ACCEPT rule.
A more secured option is to use SSH tunneling. With this setup, the only ACCEPT rule is for 127.0.0.1! _________________ Router: Asus RT-N18U (rev. A1)
Drink, Blink, Stretch! Live long and prosper! May the Force and farces be with you!
A thought just came to mind to try Putty to SSH or telnet using CLI to access the iptable and delete or purge the command.
Since I don't how what to write getting into the CLI ie root/pass
can someone help to write the command to get to iptable and purge the code.
Or itsn't as simple as I thought?
The following command lists iptables entries with line numbers:
Code:
iptables -nvL --line-number | more
Then you can delete rule by line number of the chain, as for example, line 3 in INPUT chain:
Code:
iptables -D INPUT 3
After deleting the rule, restart firwall by "service firewall stop" and "service firewall start" so that the change could be saved. Make sure that you didn't add the rule via the firewall script. In that case, just delete the rule in the Firewall script.
iptables -I INPUT -i br0 -p tcp --dport 48443 -m mac --mac-source xx:xx:xx:xx:xx:xx -j ACCEPT
xx.xx.xx.. is the mac address of this device you want to permit access
My ssh is also with changed port via GUI 49022 and has disabled password access.
Log in via SSh only with secure KEY that is even password protected..
you can manually delete the rule via CLI (ssh) and no need to restart firewall
Joined: 26 Mar 2013 Posts: 1856 Location: Hung Hom, Hong Kong
Posted: Wed Apr 26, 2023 10:40 Post subject:
Alozaros wrote:
nvram set https_lanport=48443 <---- Or whatever port you want (away from the first 1024)
nvram commit
reboot
iptables -I INPUT -i br0 -p tcp --dport 48443 -j REJECT
Instead of using hard-coded value "48443", you might wanna use output of shell command (shell variable):
Joined: 16 Nov 2015 Posts: 6436 Location: UK, London, just across the river..
Posted: Thu Apr 27, 2023 17:17 Post subject:
mwchang wrote:
Alozaros wrote:
nvram set https_lanport=48443 <---- Or whatever port you want (away from the first 1024)
nvram commit
reboot
iptables -I INPUT -i br0 -p tcp --dport 48443 -j REJECT
Instead of using hard-coded value "48443", you might wanna use output of shell command (shell variable):
_________________ "The woods are lovely, dark and deep,
But I have promises to keep,
And miles to go before I sleep,
And miles to go before I sleep." - Robert Frost
"I am one of the noticeable ones - notice me" - Dale Frances McKenzie Bozzio
