Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[SOLVED] Problems with router
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
roboto
Apprentice
Apprentice


Joined: 15 Feb 2017
Posts: 156
Location: My IP address.

PostPosted: Mon Jul 17, 2017 7:53 pm    Post subject: [SOLVED] Problems with router Reply with quote

There are a couple of problems with this Linksys model BEFSR41 that I got for free at a yard sale.

[Solved by disabling DMZ in router configuration] 1) The laptop I'm currently using is under the router's network. With this laptop, I can ping my router, which is 192.168.1.1, but if I ping the router from any computer outside of the router's network, it's invisible.

2) I can't ssh into it. I configured the router through it's web interface in my web browser. I enabled remote administration and changed the port from 8080 to 22. I still can't ssh into it.

EDIT: output of ssh 192.168.1.1

ssh_exchange_identification: Connection closed by remote host

EDIT2: I found out that the router I have is a computer lab, in a DMZ.
_________________
Answers please.

The true hater of man expects nothing from him and is indiscriminate to his works.
-Ayn Rand
Quote:
Dude. Minus 30 credibility points.

Yep


Last edited by roboto on Tue Jul 18, 2017 12:19 am; edited 2 times in total
Back to top
View user's profile Send private message
genterminl
Guru
Guru


Joined: 12 Feb 2005
Posts: 482
Location: Connecticut, USA

PostPosted: Mon Jul 17, 2017 9:13 pm    Post subject: Reply with quote

What address are you using from outside the router's LAN? It won't be 192.168.1.1. It will be whatever the router is either assigned as its fixed WAN address or assigned by DHCP from the WAN, depending on how you configured it. Also, I don't think you want to change the 8080 to 22 - I would expect that to put the external web interface for administration on 22. Finally, just because you enable remote administration, I have no idea if that is in any way related to whether or not it will accept an ssh connection from the WAN - but still not on 192.168.1.1, you need to use the router's WAN address.
Back to top
View user's profile Send private message
roboto
Apprentice
Apprentice


Joined: 15 Feb 2017
Posts: 156
Location: My IP address.

PostPosted: Mon Jul 17, 2017 9:23 pm    Post subject: Reply with quote

So do you mean the router's IP address is 15.20.1.10, or 192.168.0.6--this is from the client list in my gateway web interface.

I tried sshing into the router through the laptop under its network.
_________________
Answers please.

The true hater of man expects nothing from him and is indiscriminate to his works.
-Ayn Rand
Quote:
Dude. Minus 30 credibility points.

Yep
Back to top
View user's profile Send private message
Jaglover
Watchman
Watchman


Joined: 29 May 2005
Posts: 6960
Location: Saint Amant, Acadiana

PostPosted: Mon Jul 17, 2017 9:37 pm    Post subject: Reply with quote

What makes you think your router has SSH server running? Has it custom firmware with SSH enabled?
_________________
Please learn how to denote units correctly!
Back to top
View user's profile Send private message
Tony0945
Advocate
Advocate


Joined: 25 Jul 2006
Posts: 2883
Location: Illinois, USA

PostPosted: Mon Jul 17, 2017 10:09 pm    Post subject: Reply with quote

Jaglover wrote:
What makes you think your router has SSH server running? Has it custom firmware with SSH enabled?

Exactly. If you want to administer the browser remotely, I would think you need to use the web interface just like local administration.

BTW, this would seem to be a GIANT security hole, allowing a hacker to reconfigure your network and change your password blocking YOU from your router.
Back to top
View user's profile Send private message
genterminl
Guru
Guru


Joined: 12 Feb 2005
Posts: 482
Location: Connecticut, USA

PostPosted: Mon Jul 17, 2017 10:13 pm    Post subject: Reply with quote

How did you configure the new router to get a WAN address? Look at the router's status page. If your gateway's LAN address is 192.168.0.1, the 192.168.0.6 sounds like it might be the new router's WAN address, but you need to confirm it with the router's status page. Confirm that you have the right address by using a browser to access it, before you try ssh, and without changing the port.

Have you tried ssh from within the router's LAN? That would tell you whether or not the router is running an ssh server at all, as Jaglover said. Routers are generally set up by default to be as invisible as possible from their WAN side.
Back to top
View user's profile Send private message
roboto
Apprentice
Apprentice


Joined: 15 Feb 2017
Posts: 156
Location: My IP address.

PostPosted: Mon Jul 17, 2017 11:01 pm    Post subject: Reply with quote

I know I'm able to SSH into my router because it has an option for remote administration in its configuration. How do I make the server run?

If this opens a security hole, then I'll simply get rid of the router if I discover anything fishy. I usually read logs for my entire network on my gateway. [Enabling DMZ on the router again, so hackers won't interfere with the bigger netowrk.]

I discovered the router's WAN address by:

Performing a factory reset on the router, changing the IP to 192.168.1.1

My laptop says the router's IP is 15.20.1.10

My gateway's client list shows the router as 192.168.0.6

I changed the port back to HTTP (8080), but I'm worried that will open the router's port to the world. I want to be able to access the router only locally.
_________________
Answers please.

The true hater of man expects nothing from him and is indiscriminate to his works.
-Ayn Rand
Quote:
Dude. Minus 30 credibility points.

Yep
Back to top
View user's profile Send private message
genterminl
Guru
Guru


Joined: 12 Feb 2005
Posts: 482
Location: Connecticut, USA

PostPosted: Mon Jul 17, 2017 11:20 pm    Post subject: Reply with quote

In a Linksys, and I assume it has the stock firmware, remote administration is through the web interface, not CLI, so it may or may not (probably not) have an ssh server. Why did you think it would be ssh?

The potential security hole it if the router can be administered from outside your local network. However, if I understand correctly, you have a gateway provided by your ISP. That should provide reasonable protection, if everything else is done carefully. You have a choice. You can have your gateway open a hole to access the router from outside, in which case, your router is indeed open to the world. Putting it in the DMZ doesn't change that. That's sort of the point of a DMZ in a router or gateway, to put a single machine but not the whole LAN accessible to the world.

Back to your original problem, I still think something it wrong with the addresses you provide. When configuring a router, you have to specify whether you are talking about its WAN or LAN addresses. It's WAN is how it talks to your gateway, and if you set that for DHCP, it will be in the range of IPs assigned by the gateway. 192.168.0.6 makes sense, especially if your gateway LAN address is 192.168.0.1 (or maybe 192.168.0.254.) That address would be used to reach the router from inside the gateway's LAN, but not inside the router's LAN. 192.168.1.1 makes sense for the router's LAN address. What address does the router assign to your laptop? I would guess 192.168.1.2 or something higher in the last part.

15.20.1.10 doesn't make any sense for either WAN or LAN address for your router, unless you explicitly set it somewhere. What does the laptop say it's gateway is? It should be 192.168.1.1, which is the address you would use for the router from your laptop.

So, if you do not use a DMZ, and you do enable remote administration of the router, it will be by web access, and it will be accessible from anywhere within the LAN created by your gateway, but not outside.

You never said what you are actually trying to accomplish. If it's just learning how all this stuff works, great. If you have a specific goal, it would help to say so, so we can provide advice more likely to help you get there.
Back to top
View user's profile Send private message
Jaglover
Watchman
Watchman


Joined: 29 May 2005
Posts: 6960
Location: Saint Amant, Acadiana

PostPosted: Mon Jul 17, 2017 11:23 pm    Post subject: Reply with quote

Quote:
I know I'm able to SSH into my router because it has an option for remote administration in its configuration. How do I make the server run?

I do not see it this way. The option probably means disabling/enabling the management interface access from internet.
_________________
Please learn how to denote units correctly!
Back to top
View user's profile Send private message
roboto
Apprentice
Apprentice


Joined: 15 Feb 2017
Posts: 156
Location: My IP address.

PostPosted: Mon Jul 17, 2017 11:32 pm    Post subject: Reply with quote

Another reason why I still think I can ssh into it. The thing is I keep hearing that Cisco includes Linux into its firmware for routers. Now, after your comments, I'm not sure anymore if they included ssh.

I get it now, I was just learning how all this stuff works, and creating a computer lab, so I can perform tests without interfering with the network my colleagues use.
_________________
Answers please.

The true hater of man expects nothing from him and is indiscriminate to his works.
-Ayn Rand
Quote:
Dude. Minus 30 credibility points.

Yep
Back to top
View user's profile Send private message
genterminl
Guru
Guru


Joined: 12 Feb 2005
Posts: 482
Location: Connecticut, USA

PostPosted: Tue Jul 18, 2017 3:26 pm    Post subject: Reply with quote

roboto, I think you may need to go back to Routers 101. Yes, the firmware in that router probably does run Linux, but a rather limited version, with only those utilities and programs necessary to perform its functions. It's is probably an early 3.x kernel, although there is probably no way to actually confirm that, since it won't show up in the logs. But you have to look to be sure. It might have ssh, but probably not. Remote management simply means that the web interface is allowed to be accessed from the WAN port instead of restricted to access from the LAN side.

If you are doing this to learn about routers, then just try all sorts of different options and combinations. Have you actually tried to ssh to the router from your laptop? There is no security issue unless you have enabled port forwarding or a DMZ in your gateway.

You could also flash one of the open source firmwares, assuming they support that model router. dd-wrt, tomato, open-wrt are some to look for. You can certainly learn a lot from them, but do follow directions, because you can also brick the router if you are not careful.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum