Web admin access to home router

Kyle Waters unum at unum5.org
Fri Apr 17 11:27:42 MDT 2009


Jones, Scott (GE Money, consultant) wrote:
> I am trying to get my mailman server set up, and have run into network
> issues. I have a linksys wrt54g router, and have enabled web access. 
>
> Here's my question: If I can access the router remotely, then I should
> fairly easily get access to my server box established, is this correct? 
>   

Your "router" probably does something call Network Address 
Translation(NAT).  What this does is allow many computers behind the 
router to use one IP address.   So there are a couple of things you can 
do to make your router accessible behind a NAT box.

When I had a server at home I had a router that allowed me to set up 
some of my machine with an IP address from the ISP and set up other 
machines to use the NAT.  This is very common in low end commercial 
routers and enterprise routers.(I don't know if it's an option in 
consumer grade routers)

Port forwarding is the most common way to handle this in a consumer 
grade router.  If the only thing you need to work is email then you can 
set up your router to forward any data that comes in on the mail port to 
go to your server.  The mail(smtp) port is port 25.  If you want to have 
access to the mailman web interface than you will also have to forward 
that port to your server(port 80). 

> The other question: Is it even adviseable to allow web access or is that
> asking for trouble? How hackable is a router, in the face of a
> determined hacker? 
>
>   
One of the basic principles of security is minimalization.   If you 
don't need it, don't enable it.  So regardless of how hackable someone 
may think that is currently(the strength of your password being a major 
factor), if you don't need to access your routers setting from outside 
your internal network than you should not enable the ability to do so.   
Also if the web interface is running on port 80 it will conflict with 
your ability to forward port 80 to your server.  With typical consumer 
grade "routers" you can only have one computer/device on each port.  
Each service has a standard port.  If you want people to be able to 
easily use that service(which is not always the case) you will want to 
run it on it's standard port.  So only one web server, on mail server, etc.

Kyle



More information about the PLUG mailing list