Why is remote LuCI access possible with no port forwarded?

grovber · June 2, 2023, 5:39pm

The network segment is as follows:
Router A(R:A) LAN 192.168.2.x
Router B(R:B) LAN 192.168.1.x, Firmware: 21.02.3

R:B is the device in question. The computer I'm connecting from is on R:A LAN, and R:B WAN IP is 192.168.2.80.
I enter 192.168.2.80 in browser and it connects, showing LuCI login form. How is this possible?
I do not see a DMZ option anywhere in R:B LuCI, nor any port forward for port 80.

If I ssh in to R:B and run grep -rn 80 /etc/config
I get:

/etc/config/firewall:67:        option src_ip 'fe80::/10'
/etc/config/uhttpd:3:   list listen_http '0.0.0.0:80'
/etc/config/uhttpd:4:   list listen_http '[::]:80'
/etc/config/wireless:3: option type 'mac80211'
/etc/config/wireless:7: option htmode 'VHT80'
/etc/config/wireless:21:        option type 'mac80211''

dave14305 · June 2, 2023, 5:43pm

In the firewall config, what is the INPUT policy for the wan zone?

grovber · June 2, 2023, 5:52pm

Firewall - Zone Settings -> Zones:

Zone ⇒ Forwardings	   Input	Output	Forward	Masquerading
lan => wan		      accept	accept	accept	checked
wan => reject		  accept	accept	reject	checked

dave14305 · June 2, 2023, 5:54pm

With Input as “accept”, router B is allowing all incoming traffic to the wan interface where LuCI is listening.

grovber · June 2, 2023, 6:09pm

Perfect, Thanks!

system · June 12, 2023, 6:09pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.