[CRITICAL BUG] Merlin SSH and WEB on WAN always enabled !!!

[ronzino]

I have just discovered after months of use that my RT-AC68U with asus merlin 380.58 firmware
always allows SSH and Web admin interface connections through WAN EVEN IF I have disabled those WAN accesses !!!!!!!!

Please note....I am not using any VPN.

I have seen that others had had this problem

http://www.snbforums.com/threads/ss...an-even-though-this-option-is-disabled.17222/

how to solve this crazy bug ?

 

[john9527]

always allows SSH and Web admin interface connections through WAN EVEN IF I have disabled those WAN accesses !!!!!!!!

(1) You need to test this from truly outside of your LAN (the router is smart enough to know that if you are using your external address or DDNS name from within your LAN, that you are really local)
(2) Make sure that the router firewall is enabled. If you disable the firewall, the entire network/router becomes open to the internet regardless of any other settings.

 

[ronzino]

(1) You need to test this from truly outside of your LAN (the router is smart enough to know that if you are using your external address or DDNS name from within your LAN, that you are really local)
(2) Make sure that the router firewall is enabled. If you disable the firewall, the entire network/router becomes open to the internet regardless of any other settings.

I am totaly outside, 100 Km far, thrugh 4G connection.

about the secondo point....... firewall infact is disabled, i am going to enable it right now....in any case.... is it not crazy that with firewall disabled, the router does esposes those ports ?

 

[john9527]

about the secondo point....... firewall infact is disabled, i am going to enable it right now....in any case.... is it not crazy that with firewall disabled, the router does esposes those ports ?

Not really....what happens if you disable the Windows firewall for example...the same thing. If you disable the firewall it's probably for debug purposes and you don't want it to be interfering at all.

Now, IMHO, the router could be a little more explicit in warning you about what will happen if you disable the firewall. I just added a banner alert and pop-up warning to my fork if you do this.

 

[RMerlin]

1) Disabling the firewall means you are voluntarily exposing your whole router to the WAN. Nothing crazy about it, the crazy part is running a router with its firewall disabled, quite frankly.

2) Interface binding has been changed by Asus months ago, so services now bind to specific interfaces rather than all interfaces by default. You need to upgrade, this was changed in 380.59, with that build you need to explicitly enable WAN access for various services such as SSH to listen to the WAN interface.

how to solve this crazy bug ?

By upgrading to 380.59.