Web admin access to home router

Jones, Scott (GE Money, consultant) Scott.1Jones at ge.com
Fri Apr 17 12:23:19 MDT 2009


I know this is late in the game. I am reading and responding to this
from Outlook at work; how do I best quote prior content to keep it clear
who is saying what?  

-----Original Message-----
From: plug-bounces at plug.org [mailto:plug-bounces at plug.org] On Behalf Of
Kyle Waters
Sent: Friday, April 17, 2009 11:28 AM
To: Provo Linux Users Group Mailing List - 100% Unmoderated, High
Traffic
Subject: Re: Web admin access to home router

Jones, Scott (GE Money, consultant) wrote:
> I am trying to get my mailman server set up, and have run into network

> issues. I have a linksys wrt54g router, and have enabled web access.
>
> Here's my question: If I can access the router remotely, then I should

> fairly easily get access to my server box established, is this
correct?
>   

Your "router" probably does something call Network Address
Translation(NAT).  What this does is allow many computers behind the 
router to use one IP address.   So there are a couple of things you can 
do to make your router accessible behind a NAT box.


My "router", an SMC gateway device, provided by Comcast is labeled by
them a commercial gateway, and I have it set up as a gateway, passing
the IP signal straight through to my Linksys router, where I have port
forwarding set up pointing to my box. 


When I had a server at home I had a router that allowed me to set up
some of my machine with an IP address from the ISP and set up other
machines to use the NAT.  This is very common in low end commercial
routers and enterprise routers.(I don't know if it's an option in
consumer grade routers)

Port forwarding is the most common way to handle this in a consumer
grade router.  If the only thing you need to work is email then you can
set up your router to forward any data that comes in on the mail port to
go to your server.  The mail(smtp) port is port 25.  If you want to have
access to the mailman web interface than you will also have to forward
that port to your server(port 80). 


I have ports 22, 25, 80, 110 and 443 all forwarded to my server box,
which is set up with static IP.. 

> The other question: Is it even adviseable to allow web access or is 
> that asking for trouble? How hackable is a router, in the face of a 
> determined hacker?
   
One of the basic principles of security is minimalization.   If you 
don't need it, don't enable it.  So regardless of how hackable someone
may think that is currently(the strength of your password being a major
factor), if you don't need to access your routers setting from outside 
your internal network than you should not enable the ability to do so.

Also if the web interface is running on port 80 it will conflict with
your ability to forward port 80 to your server.  With typical consumer
grade "routers" you can only have one computer/device on each port.  
Each service has a standard port.  If you want people to be able to
easily use that service(which is not always the case) you will want to
run it on it's standard port.  So only one web server, on mail server,
etc.


One of my needs is to be able to control access, for my boys.. 13, 11
and 9. I THINK they are being good and not wandering off into the danger
zone, but I'd like to be able to remotely block their access if I wish.
For this reason, I think I want to have web access open. But your
comment raises another question. My son wants to set up his own web
page. I'd like him to be able to, on his PC. Can he do this and have it
be accessible, so he can show his friends, and at the same time, can I
keep things secure? 

Kyle

/*
PLUG: http://plug.org, #utah on irc.freenode.net
Unsubscribe: http://plug.org/mailman/options/plug
Don't fear the penguin.
*/



More information about the PLUG mailing list