Is my configuration allowing internet devices to connect my router?

I think it might be because of this image alone.

Is it?

Note: Supa is subnet 2. VPN subnet. Subnet 1 has no vpn.

It is not clear what is your concern and we cannot tell from one image only.
Please rephrase the question, add some example of expected behaviour and also post the configuration files.

Please run the following commands (copy-paste the whole block) and paste the output here, using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have

ubus call system board; \
uci export network; uci export dhcp; uci export firewall
1 Like

I just don't want some random person online to be able to connect to my router basically, the fact that the firewall rules say allow and point to wan makes me think that currently people can connect to my router.

I don't want to port forward everything to the internet basically.

Update, relevant code:

Posting the whole thing from my phone (Termius) is very tedious at the moment. I can't use my computer right now due to some things I am working on.

config forwarding
        option src 'lan'
        option dest 'wan'
config forwarding 'supa_wan'
        option src 'supa'
        option dest 'wan'

Not from outside your network... the forwarding to the wan means that devices on your lan can reach the internet.

1 Like

so devices from the internet would only have access to my router if I was forwarding wan to lan?

This is the default firewall configuration. It won't let some random person online to connect to your router or your lan.

To the lan. Having access to the router is a different firewall setting.

The default action on wan input is REJECT, which is what you want. By default there are a few harmless exceptions on wan such as answering pings. You can add individual rules for router services such as ssh but by default ssh into the router from the wan is rejected.

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.