[TangoBravo]

Any help would be greatly appreciated.

I have been trying to figure this out on my own and have been unable to do so.


I've read the forum and the FAQs and understood as best as I could but apparently, not enough.

Here is what I have:
Linksys WRT 1200ACv2
running DD-WRT v3.0-r34315 std (12/30/17)
Running Samba for a USB drive ext3 format.

I am trying disable WAN access to my router settings.
I have everything turned off that I can think of/read
Disabled:
Web GUI Management
SSH
Telnet

I have tried:
Disable info site
Enable info site password protection
Allow any remote IP to disable and add 192.168.1.1 to 254 (my default router IP is 192.168.1.1)

All of these that I've tried result in me being unable to login. I input my PW/UN and it gets rejected. I have to reset and upload my backup nvram settings.

I was using build r28788 and upgraded to build r34314 hoping I would be able to disable WAN access but no luck. A friend on a different IP still gets my router infosite and asked for login credentials.

What am I doing wrong? There has to be a way to disable WAN access isn't there?

Thanks,

TB
[/img]

[mainkaunhoon]

As far as I understand, under Administration > Management, the "Web Access" is for settings concerned with access type while the next one "Remote Access" is supposed to be accessible from WAN and everything should be disabled on that - it is by default I think.

While for the IP under there, start with 192.168.1.2 to 254.

Remote Access is disabled for me and I am unable to get any result if I access my public IP from another browser with a proxy/VPN/TOR for example.

You should also use GRC's Shieldsup service to look up for your common ports and should pass the test.

P.S. Attaching my Admin/Management settings and Security/Firewall settings for you to replicate.

[TangoBravo]

Thank you for your quick reply and screenshots.

I would love to put my settings like yours, but if I do, I am unable to login.

For example if I just change the remote access ip option, even to 192.168.1.2 to 254, I am unable to login. (it rejects the UN/PW and asks for it again, and again..)

I just hope that my resets and upload of the nvram doesn't cause an issue.

Update: I've continued to work on this. I now have Info Site disabled and allowed IP range to 192.168.1.1 to 254.
(it seems that I was missing rebooting after making those changes).

SSH Telnet and web gui is disabled...but I can still log in from my IP (using my UN and PW, which I've made both 20 characters..).

Why can I STILL login via my IP?
I would like to disable WAN access and hide ports 53 and 80 (according to gibson, these show open).
Wow, my hats off to all who know about this stuff. I find greek easier...

[mainkaunhoon]

Is your ping setting also set to disabled? Also, you will be able to login using your own IP if you try that. Try from a browser with proxy or TOR browser and access, it won't work.

[TangoBravo]

[Alozaros]

could you let us know if your friend is on different IP/(subnet) or he uses your router LAN, do you mean you want to limit local GUI access or you want to limit GUI over WAN...
assume that you use very old builds and they may have some bugs regarding GUI access so upgrade to a new build...
also it very bad practice to load old saving on a different builds, it can cause you a lot of troubles...
usually reset and redo your setting manually after flash..

try to add this line, save it in commands. save firewall
iptables -I INPUT -s `nvram get lan_ipaddr`/`nvram get lan_netmask` -d `nvram get wan_ipaddr` -j DROP

[TangoBravo]

[Sam1789]

OP,

It sounds like your issues may involve the changes you have made in the settings & the old builds that you are using. There have been considerable developments regarding these wrt routers. You will be better served by using a newer/ newest stable build for your wrt1200ACv2. I believe that r35531 and r35927 are considered ones to try at this time.

So to start do a factory reset. Then load one of those two builds. Do not retain any of your previous settings. Do not restore any configuration backups which you might have. Do not make any changes except to obtain access thru your ISP (if change is needed) plus assure that remote management, remote telnet, remote ssh are turned off.

The have your friend run the test & let us know how it goes.

hth
Sam

[TangoBravo]

I guess that's the equivalent of a new reinstall on windows....

Thanks for the build suggestion. I'll go with those and see what happens.

But first, I'm going to save the essential info to get operational with my ISP.

So, Factory Reset should put be back with Linksys software correct? Then use the correct build type (factory vs upgrade...

Worst case scenario, I could just upload one of the nvram and I should be working again right? (this would be last resort...

[Sam1789]

OP,

Write down the settings to access your ISP.

This approach is to get you A) to a newer build, but B) also to completely throw away anything you might have messed up when you were previously changing things.

Better to start with a fresh setup than to continue to keep on trying to fix what seems to be very broken.

But this is more than a "windows reinstall" which often will retain annoying items. It's more like loading a drive image, though not quite as fresh a system result.

[TangoBravo]

Roger that... It's more work but in the end, it'll be better..

Thanks for the advice and the recommended builds!

[Sam1789]

OP,

You're quite welcome. Let us know how it goes.

Sam

[TangoBravo]

Understood, so use the "reset" option and use the upgrade version vs the factory version when upgrading the build.

[TangoBravo]