Web admin access to home router
unum at unum5.org
Fri Apr 17 11:27:42 MDT 2009
Jones, Scott (GE Money, consultant) wrote:
> I am trying to get my mailman server set up, and have run into network
> issues. I have a linksys wrt54g router, and have enabled web access.
> Here's my question: If I can access the router remotely, then I should
> fairly easily get access to my server box established, is this correct?
Your "router" probably does something call Network Address
Translation(NAT). What this does is allow many computers behind the
router to use one IP address. So there are a couple of things you can
do to make your router accessible behind a NAT box.
When I had a server at home I had a router that allowed me to set up
some of my machine with an IP address from the ISP and set up other
machines to use the NAT. This is very common in low end commercial
routers and enterprise routers.(I don't know if it's an option in
consumer grade routers)
Port forwarding is the most common way to handle this in a consumer
grade router. If the only thing you need to work is email then you can
set up your router to forward any data that comes in on the mail port to
go to your server. The mail(smtp) port is port 25. If you want to have
access to the mailman web interface than you will also have to forward
that port to your server(port 80).
> The other question: Is it even adviseable to allow web access or is that
> asking for trouble? How hackable is a router, in the face of a
> determined hacker?
One of the basic principles of security is minimalization. If you
don't need it, don't enable it. So regardless of how hackable someone
may think that is currently(the strength of your password being a major
factor), if you don't need to access your routers setting from outside
your internal network than you should not enable the ability to do so.
Also if the web interface is running on port 80 it will conflict with
your ability to forward port 80 to your server. With typical consumer
grade "routers" you can only have one computer/device on each port.
Each service has a standard port. If you want people to be able to
easily use that service(which is not always the case) you will want to
run it on it's standard port. So only one web server, on mail server, etc.
More information about the PLUG