Why is remote LuCI access possible with no port forwarded?

The network segment is as follows:
Router A(R:A) LAN 192.168.2.x
Router B(R:B) LAN 192.168.1.x, Firmware: 21.02.3

R:B is the device in question. The computer I'm connecting from is on R:A LAN, and R:B WAN IP is
I enter in browser and it connects, showing LuCI login form. How is this possible?
I do not see a DMZ option anywhere in R:B LuCI, nor any port forward for port 80.

If I ssh in to R:B and run grep -rn 80 /etc/config
I get:

/etc/config/firewall:67:        option src_ip 'fe80::/10'
/etc/config/uhttpd:3:   list listen_http ''
/etc/config/uhttpd:4:   list listen_http '[::]:80'
/etc/config/wireless:3: option type 'mac80211'
/etc/config/wireless:7: option htmode 'VHT80'
/etc/config/wireless:21:        option type 'mac80211''

In the firewall config, what is the INPUT policy for the wan zone?

1 Like

Firewall - Zone Settings -> Zones:

Zone ⇒ Forwardings	   Input	Output	Forward	Masquerading
lan => wan		      accept	accept	accept	checked
wan => reject		  accept	accept	reject	checked

With Input as “accept”, router B is allowing all incoming traffic to the wan interface where LuCI is listening.


Perfect, Thanks!

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.