Not offer access from the internet

Bebbi · March 30, 2020, 2:10pm

Hello,
the first step of the basic configuration is Secure your router's access.

I don't want that there is an access from the internet.

not offer access from the Internet at all, or restrict it to certain IP addresses or IP address ranges

by letting the SSH server dropbear and the web-Server uhttpd not listen on the external/WAN port

by blocking incoming connections to those ports (TCP 22, 80 and 443 by default) in your firewall

But I don't understand, what's to do with LuCI. I don't understand, what I have to change with SSH.

Regards

Bebbi

tmomas · March 30, 2020, 3:02pm

Have you opened ports 22, 80 and 443?

Bebbi · March 30, 2020, 3:06pm

I didn't change the firewall and I can't look, becauce of I can't access the router.

trendy · March 30, 2020, 6:12pm

Then you are fine, because by default these are not open on the firewall from the internet.

Bebbi · March 30, 2020, 6:35pm

Is the basic information wrong, that I have to change something?

trendy · March 30, 2020, 9:20pm

This guide needs to be rewritten because it can be misleading. OpenWrt has already implemented most of these suggestions. Others, like key authentication in SSH, are up to the user to implement them.

Bebbi · March 30, 2020, 10:20pm

Okay. What's realy nessassary to do for security?

trendy · March 31, 2020, 9:33am

If it works for you, then don't open any unnecessary ports or forwards. The default settings are secure enough.

Bebbi · March 31, 2020, 9:37am

You says, that https://openwrt.org/docs/guide-user/security/secure.access isn't up to date and not https://openwrt.org/de/doc/howto/basic.config?

trendy · March 31, 2020, 9:54am

That page ist in Deutsch, und mein Deutsch ist rostig.

Bebbi · March 31, 2020, 10:30am

Okay, only the page about secure access isn't up to date ... My english isn't good, too. Sorry.