Jump to content
  • 0

restrict access to admin GUI to Home segment only

NewOwnerOfKeeneticRouter

Asked by NewOwnerOfKeeneticRouter,

 Share

Question

NewOwnerOfKeeneticRouter Newbie

NewOwnerOfKeeneticRouter

Posted
Posted

A nice security feature would be to restrict access to the admin GUI e.g. to the Home segment when the device is set to access point / extender mode. At the moment, when a client is e.g. logged on to the guest network, they can scan IP addresses and thus get access to the GUI landing page and try passwords. Worse, they know or find out the password.

Other pro equippment usually offers the possibility of a management network or similar. This would decrease the risk e.g. for wireless attacks as the admin would be able to access the device via LAN only. Quite clearly, a webpage randomly asking for ssid/ login credentials would be an attack then.

  • Thanks 2
Link to comment
Share on other sites

6 answers to this question

Recommended Posts

  • 0
KYTECHNGAMING Honored Flooder

KYTECHNGAMING

Posted
Posted
2 hours ago, NewOwnerOfKeeneticRouter said:

A nice security feature would be to restrict access to the admin GUI e.g. to the Home segment when the device is set to access point / extender mode. At the moment, when a client is e.g. logged on to the guest network, they can scan IP addresses and thus get access to the GUI landing page and try passwords. Worse, they know or find out the password.

Other pro equippment usually offers the possibility of a management network or similar. This would decrease the risk e.g. for wireless attacks as the admin would be able to access the device via LAN only. Quite clearly, a webpage randomly asking for ssid/ login credentials would be an attack then.

You can create a firewall rule for segments.

Example from @PriSonerS61

None of the clients connected to the guest network can reach the gui.

https://prnt.sc/26gyv2y

 

  • Thanks 1
Link to comment
Share on other sites
  • 0
KYTECHNGAMING Honored Flooder

KYTECHNGAMING

Posted
Posted
56 minutes ago, NewOwnerOfKeeneticRouter said:

This would work in router mode. Unfortunately, in AP / extender mode one can‘t set any firewall rules nor can one switch the security-level to „protected“

Basically, this settings can be operated on main router/modem?  Can you ignore Mac or subnet to reach gateway ex 192.168.1.1 ?

Link to comment
Share on other sites
  • 0
NewOwnerOfKeeneticRouter Newbie

NewOwnerOfKeeneticRouter

Posted
  • Author
Posted

The feature firewall rules is not available in AP / extender mode. Therefore, access can‘t be restricted. There is no other way to block mac or ip addresses. Apart from that, to make use of a firewall rule seems to be just a workaround for me. In router mode, one can switch a segment to security-level „protected“. That does prevent access to management services of the device. This very same feature in AP / extender mode would be a much better solution. Unfortunately, it is not available in the OS in AP / extender mode right now. This was confirmed by Keenetic support.

My request was already reviewed by Keenetic support. To implement this as a new feature, they suggested  to post it in the forum in order to get additional votes from other users for my request. If there is interest from other users it would help.

 

  • Upvote 1
Link to comment
Share on other sites
  • 0
KYTECHNGAMING Honored Flooder

KYTECHNGAMING

Posted
Posted
10 hours ago, NewOwnerOfKeeneticRouter said:

The feature firewall rules is not available in AP / extender mode. Therefore, access can‘t be restricted. There is no other way to block mac or ip addresses. Apart from that, to make use of a firewall rule seems to be just a workaround for me. In router mode, one can switch a segment to security-level „protected“. That does prevent access to management services of the device. This very same feature in AP / extender mode would be a much better solution. Unfortunately, it is not available in the OS in AP / extender mode right now. This was confirmed by Keenetic support.

My request was already reviewed by Keenetic support. To implement this as a new feature, they suggested  to post it in the forum in order to get additional votes from other users for my request. If there is interest from other users it would help.

 

https://prnt.sc/26hbhh8 & https://prnt.sc/26hbhlv

I guess you want this for repeater/ap mode and with a simple switch? / In this request, devices are evaluated without being included in the mesh system, right?

 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to question listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...