Posted: Tue Jul 05, 2022 22:56 Post subject: Remote Access - Any IP
I've left this field in it's default position of enabled as seen in png below. I would disable all wan side access as a rule but there wasn't any specific help on this setting to know what the consequences of setting it to disabled would be.
My router is used as an AP / Gateway.
Are there use case reasons to keep it enabled if the above are disabled?
RemoteAccess.png
Description:
Filesize:
30.4 KB
Viewed:
1072 Time(s)
_________________ ARCHER-C7v5 | v3.0-r55460 std | AP Gateway
WNDR4000|v24-52189_NEWD-2_K3.x_mega|Inactive Spare
Joined: 31 Jul 2021 Posts: 2146 Location: All over YOUR webs
Posted: Wed Jul 06, 2022 7:44 Post subject: Re: Remote Access - Any IP
jbkt23 wrote:
Are there use case reasons to keep it enabled if the above are disabled?
Indeed not, this should be disabled (not disabled by toggle but grayed out so to speak) IMO because its dependent on one of the above to be enabled.
This should be relatively easy to fix and thus improve UX a little and Ive been looking at this wondering what the hell is going on, for instance;
I dont see much point of allowing telnet remote management, its not a secure method for the purpose, so unless there is an extremely valid reason to keep this (like for low end limited flash size devices), I believe this should be dropped if that's not the case.
I also have a bone to pick with the allowed IP range, for one its just IPv4 and IPv6 isnt even in the picture, nor is a remote IP where e.g. could very well not be a static IP and could be using for a DDNS solution, in that case there is no way to setup this here.
And as is I dont even know what would happen where a VPN tunnel or SSH tunnel be in use (I use SSH tunnels a great deal for general traffic), so its definitely not ideal, maybe it was years ago when this was added, this being 2022 its rather half cocked looking to me generally.
Joined: 18 Mar 2014 Posts: 12885 Location: Netherlands
Posted: Wed Jul 06, 2022 14:30 Post subject:
Not sure if you should remove Telnet.
Of course it is highly unsafe and I would never use it, but maybe there are scenario's where you want to remotely update and want for a short period enable remote telnet ?
What I can imagine is if you have all three items disabled, you hide "Allow any Remote IP".
Webpage is in: kromo/ddwrt/management.asp
html code in: /opt/etc/config/base.webconfig (and also the mini and micro version ?)
First check for caveats, i.e. that configuration not just applying to WAN access in the firewall. I don't recall it applying to LAN access, but I agree that it should be greyed out or hidden until one of the three methods are enabled. Telnet is greyed out if it is disabled for LAN access already. _________________ "The woods are lovely, dark and deep,
But I have promises to keep,
And miles to go before I sleep,
And miles to go before I sleep." - Robert Frost
"I am one of the noticeable ones - notice me" - Dale Frances McKenzie Bozzio
)