What's new

I can ssh to my router from guest wifi network

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

v1rt

Occasional Visitor
By default, ssh shouldn't be accessible from guess network. I don't want to create another iptables rule since this should be a default deny rule.

Why is it open?
 
By default, ssh shouldn't be accessible from guess network. I don't want to create another iptables rule since this should be a default deny rule.

Why is it open?

Because there is no restriction on Guest clients toward the router itself.
 
Got it. I shouldn't have assumed that guest network is like dmz. I'll add rules then.
 
Because there is no restriction on Guest clients toward the router itself.

Are you saying this has gotten broken again by Asus?

From your change log:
...
374.43 (6-June-2014)
...
- FIXED: Restricted guests still had access to the router (Asus bug introduced in GPL 4887)
...
 
fyi, I am also able to connect to the webpage console. My router is at 192.168.1 subnet while my laptop on guest network was on subnet 192.168.2
 
Are you saying this has gotten broken again by Asus?

From your change log:

It's been so long, I don't remember the details of that particular fix. I'd make sure that the OP did disable Intranet access on his Guest network configuration first.
 
Guest Network page, try:
Access Intranet = OFF

My Wi-Fi guests cannot access the router. The TCP ports are all blocked by default. However, the ICMP ping is not blocked.
 
It's been so long, I don't remember the details of that particular fix. I'd make sure that the OP did disable Intranet access on his Guest network configuration first.
I will check once I get home. I remember not turning it on especially I recently installed Merlin.
 
Guest Network page, try:
Access Intranet = OFF

My Wi-Fi guests cannot access the router. The TCP ports are all blocked by default. However, the ICMP ping is not blocked.

I remember a setting from last night, something like, Access network from WAN, I remember it was set to No.

I don't remember seeing Intranet. If it was there, I didn't change it. If it was on by default, then that's the reason why I'm able to ssh to the router. I'll check it once I get home.
 
Sorry guys, I didn't forget you. I was so busy working on my diy camera slider :)
Here it is. It's set to off. So looks like bug resurrected.

K8aAeOD.png
 
Sorry guys, I didn't forget you. I was so busy working on my diy camera slider :)
Here it is. It's set to off. So looks like bug resurrected.

I tested it here, and it's working fine for me. Both the webui and SSH access were correctly blocked.
 
What's missing in my configuration then? Is it because I have a firewall-start script?
 
What's missing in my configuration then? Is it because I have a firewall-start script?

You could have a rule in your firewall that's allowing clients to bypass the block. Could be that you enabled WAN access to SSH. No idea what else could be different on your configuration.
 
fyi, my firmware is 378.51

It's usually a good idea to ensure you are running the latest version before reporting issues.
 
Also, which router model are you using? Which band are you connecting to?
 
I have ASUS RT-AC68U.
When I was testing it, I was in 2.4. I'm going to test 5ghz now.
 

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top