Westell 7500: Disabling Access to Admin UI from Wireless:

Forums » US Telco Support » Verizon » Verizon Online DSL » Westell 7500: Disabling Access to Admin UI from Wireless:


Uniqs: 1439	Share Topic:	RSS topic:	toggle: flat / full normal / watch	Posting:	Post a:	Post a:

Links: ·Verizon FAQ ·Recent Reviews(East) ·Recent Reviews(Mid-west) ·Freezes? ·How to complain

[trouble] Verizon e-mail »
« [trouble] Error with Verizon CGI Scripts

jggiii2

join:2008-11-13
Mont Vernon, NH

Westell 7500: Disabling Access to Admin UI from Wireless:

While the Westell 7500 I received for one of my customers supports disabling remote access to the admin UI from the 'outside', there are no obvious provisions for blocking access to the UI from the ethernet ports or, more importantly, the wireless access point. To me, this is a serious deficiency.

If it were a straight iptables problem, I could have done it easily, but I cannot find any docs on the interface definitions or how the predefined tables are set up. It appears that Verizon has added a bunch of default rules on top of what is in the Westell source code package.

Is there an approved solution for this, or is there a document describing the 'base' iptables setup?

permalink · 2008-11-13 11:04:49 · Print ·

Bytebender Bytebender Premium join:2008-02-12 Canada 1 edit	Re: Westell 7500: Disabling Access to Admin UI from Wireless: Changing the username/password for the 7500's GUI is the only way that I can think of to restrict local or wireless access. The documentation you want, if it exists, is not publicly available. -- reboot, reset, reconfigure, then recycle.
	permalink · 2008-11-13 13:47:28 ·

jggiii2 join:2008-11-13 Mont Vernon, NH	Re: Westell 7500: Disabling Access to Admin UI from Wireless: That's already done, as well as 'hiding' the SSID (for all the good that does - at least it keeps most of the kids out), setting WEP and changing the LAN IP of the device itself. But the basic panel available just by browsing to the router shows more information that I'm comfortable sharing...
	permalink · 2008-11-13 14:27:23 ·

Jodokast96 R.I.P Bassman442 Premium join:2005-11-23 Erial, NJ	Re: Westell 7500: Disabling Access to Admin UI from Wireless: Why not WPA?
	permalink · 2008-11-13 19:21:58 ·

jggiii2

join:2008-11-13
Mont Vernon, NH

Re: Westell 7500: Disabling Access to Admin UI from Wireless:

It's just temporary until I solve this issue, then the network can be opened for guest use. I'm just using it to keep the curious out until I can keep them away from the router.

After digging through the source code, I believe I've found that the wireless interface is identifed as wl0. So, I will try adding this to the medium firewall settings tomorrow:

${APPEND} inlan_level_input_filter -i wl+ -d 192.168.1.1 --dport 80 -j logOutboundBlocked

in the LAN to Modem section and see if I turn the router into a brick or not

....

permalink · 2008-11-13 20:05:45 · Print ·

Bytebender
Bytebender
Premium
join:2008-02-12
Canada

Re: Westell 7500: Disabling Access to Admin UI from Wireless:

said by jggiii2

:

After digging through the source code, I believe I've found that the wireless interface is identifed as wl0. So, I will try adding this to the medium firewall settings tomorrow:

${APPEND} inlan_level_input_filter -i wl+ -d 192.168.1.1 --dport 80 -j logOutboundBlocked

If you changed the LAN IP of the device, this code should contain the new address, no?
--
reboot, reset, reconfigure, then recycle.

permalink · 2008-11-28 02:08:33 · Print ·

jggiii2 join:2008-11-13 Mont Vernon, NH	Re: Westell 7500: Disabling Access to Admin UI from Wireless: Yep, did that. No good. My guess is that the Verizon folks grant access before the user-modifiable script is executed. Decided to tell him to send it back and I'll use a Linksys box with DD-WRT. No sense in screwing with it.
	permalink · 2008-12-01 08:01:50 ·

jggiii2 join:2008-11-13 Mont Vernon, NH	After trying several different versions of the previous idea, I found that I could not disable access from wireless using the firewall rules. Verizon must be inserting a rule before the user-modifiable rules that permit the access, or something else is going on that I don't yet understand. rats. Now I am going to have to get the firmware and see what they did.
	permalink · 2008-11-22 12:10:50 ·

JohnA Premium join:2003-09-16 Pittsburgh, PA	Re: Westell 7500: Disabling Access to Admin UI from Wireless: Why don't you just bridge it, shut off the wireless, and put a router behind it that does what you want, like the rest of the world.
	permalink · 2008-11-22 12:47:10 ·

aefstoggaflm
Open Source Fan
Premium
join:2002-03-04
Bethlehem, PA

·Verizon Online DSL

Just an odd question I have to ask.

#1 Are you sure remote access is enabled?

Just because you entered in the public IP of the router and got access, does not mean remote access is turned on.

Note: You need to check the port (or ports) from the outside. This can mean at any one of the following sites..

Only if the port is open, remote access is turned on

grc.com shields up

»www.dyndns.com/support/tools/openport.html - Will called, open and accepting connections.

»www.whatsmyip.org/ports/

»www.canyouseeme.org - Will be called "success" if open.
--
Please use the "yellow (IM) envelope" to contact me and please leave the URL intact.

permalink · 2008-12-04 16:41:29 · Print ·

your comment..

Forums » US Telco Support » Verizon » Verizon Online DSL	[trouble] Verizon e-mail » « [trouble] Error with Verizon CGI Scripts


Tuesday, 01-Dec 09:38:33	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. republican-creole page compression OFF