My firewall settings is like above. I don't remember what I have changed. It probably is mostly the default settings. If in the outside network, I type my router's IP, It show an web page that says that the request was refused. This still means that the 80 port is open to the Internet, which I don't is necessary and potentially insecure.
Is this the correct setting? Can I block all unwanted traffic from the outside?
How can a web page tell you its not allowed, when it's not allowed?
Does it?
Yes, and it already is.
Unless you played with the custom rules.
If you don't care to remember changes you make, there are ways of finding out, one of them is comparing /etc/config/firewall to /rom/etc/config/firewall.
I'd second the @frollic response above.
You didn’t mention any details about the error message but if it reads „Rejected request from RFC1918 IP to public server address“ you simply accessed your wan ip from within lan. It does not mean that port 80 is open towards the internet.
Some ISPs also filter certain ports themselves in their network, presumably to prevent subscribers to host services on non-business connections or to compensate for sloppy enduser security.
The default firewall settings have the router respond to an opening tcp syn from the wan side that the port is closed. If you prefer to have it to send no response, change the REJECT value in those 2 drop boxes to DROP.
As already requested, post your firewall file. Also a screenshot of the webpage you said you saw.
I was testing an online web browser testing site (lambdatest . com), and I think I saw some page that said connection was refused when I had typed my public IP. The response I had expected was the browser's in-built page for "Website not found". The browser was probably Safari on macOS, which I am not familiar with, so maybe I mistook a browser-generated special page as a web-server generated error page. I would like to verify what actually had happened, but I have already use the short amount of daily free time (not a paying user), so I cannot test it now.
Anyway, I guess I mistakenly expected Firewall would "hide" the existence of my router ("instead of "refused", not getting any response at all, as if my router is not running on that IP), when what it by default does is "refusing" connection.
Sorry for your hassles.
Connect to internet via your cell phone (internet sharing), try to access your site/IP, or run
some client based port scanner, like nmap from the client ...
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.
