Here is my setup : the main router “ 192.168.8.1 “ connected to the wan port in my openwrt router “192.168.5.1” .
My issue is anyone who is connected to the openwrt router ( to the Lan port ) can reach the main router settings by putting it’s ip address “192.168.8.1”
And I don’t want that to happen .. can anyone help ?
Foremost it would be the uplink router's job to deny access, normally via password authentification.
You could add firewall rules on your uplink router to explicitly deny incoming request (22, 80, 443) from your downlink router (assuming it masquerades the clients behind it) - likewise you could configure your 192.168.5.1 router to deny access to those ports on 192.168.8.1.
You can create a firewall rule on the OpenWrt (downstream) router that drops connections from source LAN to destination 192.168.8.1 (or the entire network 192.168.8.0/24.
