Anti-Lockout Rule (Destination NAT) -> open ports external?

Started by RamSense, Today at 02:06:54 PM

Previous topic - Next topic
Print
Go Down Pages 1 2
User actions
Today at 05:54:00 PM #15
Must be some other rule, then.

QuoteExclude the impossible and what is left, however improbable, must be the truth.

-- Arthur Conan Doyle
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
Today at 06:05:45 PM #16
Quote from: meyergru on Today at 05:44:05 PMBecause it does not work for interfaces that are created on-the-fly or change their IPs if the BIND is not done to the anonymous socket 0.0.0.0, which denotes "all" interfaces, including such that do not exist (yet).

Just try to use a VPN interface: It will seem to work, but on the next reboot, the service fails because it cannot bind to a non-existing interface.

So, the usual way is to bind services to "all" interfaces and block access using firewall rules.
But if I understand you correctly then there is no issue in binding it on the Default LAN Interface since you are probably never ever going to change anything there anyway ?!

And if you need access from a VPN or another network you can use firewall rules for those :)
Weird guy who likes everything Linux and *BSD on PC/Laptop/Tablet/Mobile and funny little ARM based boards :)
Today at 06:12:42 PM #17
Quote from: nero355 on Today at 06:05:45 PMBut if I understand you correctly then there is no issue in binding it on the Default LAN Interface since you are probably never ever going to change anything there anyway ?!

Unplug and replug LAN or reboot the switch it's connected to - UI access gone.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
Today at 06:18:31 PM #18
Quote from: Patrick M. Hausen on Today at 06:12:42 PMUnplug and replug LAN or reboot the switch it's connected to - UI access gone.
Hmm... never tested that...

The same goes for OpenSSH Server ?!

Luckily the device has a regular Power On/Off button as a last resort so a clean "reboot" can be performed...
Weird guy who likes everything Linux and *BSD on PC/Laptop/Tablet/Mobile and funny little ARM based boards :)
Today at 06:24:17 PM #19
Okay, once more. This has nothing to do with the upgrade whatsoever.

Go to Interfaces: Assignments and see the "Identifiers" for all your interfaces.  I'm guessing there's no "lan" because you deleted and redid it at some point, could be years ago.


Cheers,
Franco
Today at 06:41:18 PM #20
I did another reboot, no difference.
See the screencapture of the interfaces - lan is there.

I have now (as a last resort) added a HTTP server for the wanip:GUI port in Nginx with no locations to get an 403 Forbidden if you enter the wan ip externally.

Deciso DEC850v2
Print
Go Up Pages 1 2
User actions