OpenWrt Forum Archive

Topic: when i call mydomain.dyndns.org, i hit the openwrt router web GUI.

The content of this topic has been archived on 21 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
starock
19 Jul 2007, 15:34

I all!
First i aplologize for my very bad english :-\ ,i'm a little froggy...
But after days in unsuccessful researches about my problem, i have to ask Professionnals :-D
Well, i have a linksys asdl2mue modem connected to a wrt54gl (openwrt powered ;-) ) and i succribed to dyndns services. I configured openwrt, and it seem to redirect well BUT when i call mydomain.dyndns.org in a browser, i get the login window of openwrt.
So i run an nmap command from my station to my public IP and it give my that!
"confidential blabla"
Not shown: 1693 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
53/tcp   open  domain
80/tcp   open  http
5000/tcp open  UPnP

What a surprise!
I decided to go to the X-wrt web gui in "Status">>"Netstat" and it shows me that:

Router Listening Ports

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 0.0.0.0:5000            0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:53              0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN   

Well the router is listening on http(80), ssh(22), upnp(5000) and domain port(53)!!!
It seems that dyndns redirect to my private address not to my public address.

Is there anyone who can help me?

For now i disabled dyndns but i need it! :-(

Post #2
chadin
19 Jul 2007, 17:36

Hi friend. I was reading your message and your problem
is my solution. Im trying to access my router outside from my
lan, but i just cant. I forwarded the port 22 and i got ssh access
otherwise the web access doesnt work. Can you help
me on how to do that? I already forwarded the ports
80 22 on the modem to the router.
Thanks

Post #3
starock
19 Jul 2007, 18:19

Wel it's weird :-D , the problem is that i just configure the router and there it is. Ask me for specific settings and i shall give mines.
But i can't explain how i succeded...
I'm looking for explanations about vlans, i suppose it's part of my problem.

Post #4
noelbou
19 Jul 2007, 18:27

To allow access to your openWRT system from the "outside" you have
to add an accept entry to your firewall ...

Add: Accept
Add Proto : TCP
Add Dest Port 80

But it is obviously a very bad idea to leave your system HTTP interface open on the internet ...
even if it is password protected. Much better is to use SSH / port 22 with a RSA key
(http://wiki.openwrt.org/DropbearPublicK … 28HowTo%29)
and open the HTTP interface only when needed by doing this:

Add this line to the file /etc/config/firewall

accept:proto=tcp dport=80

and restart the firewall

/etc/init.d/S35firewall restart

and closing it after (remove the added line and run firewall restart again)

Here is a script to make it easier:

+----------------------+
#!/bin/sh

open(){
echo 'accept:proto=tcp dport=80' >> /etc/config/firewall
/etc/init.d/S35firewall
}

close(){
cat /etc/config/firewall | grep -v "dport=80" > /etc/config/firewall.tmp
rm /etc/config/firewall
mv /etc/config/firewall.tmp /etc/config/firewall
/etc/init.d/S35firewall
}

case "$1" in
  open)
        open
        ;;
  close)
        close
        ;;
  *)
        echo $"Usage: $0 {open|close}"
        exit 1
esac

exit $?
+---------------------------+
Name it /bin/<something>.sh
chmod +x <something>.sh 

and use it with open or close as argument.
Ex: /bin/webface.sh open
/bin/webface.sh close

So chadin, check Network / Firewall and make sure port 80 is not listed  ..
If so delete the entry ...

It could also have been "hard coded" in the /etc/firewall.user file

Hope this helps ...

BTW Je parle Français, alors n'hesitez pas ;-)

Noel
Montreal

(Last edited by noelbou on 19 Jul 2007, 18:36)

Post #5
chadin
19 Jul 2007, 19:20

noelbou thanks for atention. Look i already tried to do this.
but no using /etc/config/firewall I changed the rules in /etc/firewall.user
in the forward wan option. My friend have total acess to SSH but doesnt
to the webif. I triend the configuration you told me... but continued
in the same way. You know how to configure DDNS?? I already have
a ddns server here my page is http://timetek.dipmap.com. How can I
configure this page to redirect to my linksys like our friend did??
Any ideia??
Thanksssssss

Post #6
chadin
19 Jul 2007, 19:30

Look noelbu I do have a D-link adsl modem. And from it goes a cable to my router WRT54GL in the wan port. I have the ddns server that works like the program no-ip save the ip in my url. When I do try to acess http://timeteck.dipmap.com via ssh it works. But when  type it in the brower I cant acess the webif, and I allready tried all that modifications that I told you.

(Last edited by chadin on 19 Jul 2007, 19:32)

Post #7
starock
19 Jul 2007, 19:41

Well some news from myself.
i was stonished by the result of nmap so i runned other tests in order to verify the efficiency of wrt's firewall.
I found this online util ( https://www.grc.com/x/ne.dll?bh0bkyd2 ) and the result is... THERE'S NO HOLE AT ALL!!!
I suppose that nmap do noy go outside of my network so it find the open port on local area, it explains the fact that when i call mydomain.dyndns.org my browser displays the wrt54g's web gui.
Next Move: ask a friend to hit mydomain.dyndns.org from outside of my local network but i'm quite sure about the result...
There will have nothing...
Sorry guys, but i can't help you about accessing wrt54g from the outside. But i think it's dangerous, i agree noelbou. Use SSH!
You can run graphics apps with -X option if i remember well.

The discussion might have continued from here.