Question How to disable access to the router login page from Internet?

Toggle sidebar Toggle sidebar
kurt16A

kurt16A

Commendable
May 24, 2020
16
0
1,510
I just got a new router Zyxel EX5601-T0. Everything goes well, except that I discovered accidentally that the admin interface can be accessed by anyone on the internet. This has never happened to me before (I used several routers before). Actually because of an indirect help from a subdomain (pointing to my public IP) that I discovered the problem. My problem is I tried to find where I can block the access to my router in the settings, but I can not find where to do it?? - I thought under the firewall, but there is no option for that except Access Control with an option to add a new ACL Rule!!

Any help or an idea is very appreciated
 
kanewolf

kanewolf

Titan
Moderator
May 29, 2013
37,718
3,429
156,790
kurt16A said:
I just got a new router Zyxel EX5601-T0. Everything goes well, except that I discovered accidentally that the admin interface can be accessed by anyone on the internet. This has never happened to me before (I used several routers before). Actually because of an indirect help from a subdomain (pointing to my public IP) that I discovered the problem. My problem is I tried to find where I can block the access to my router in the settings, but I can not find where to do it?? - I thought under the firewall, but there is no option for that except Access Control with an option to add a new ACL Rule!!

Any help or an idea is very appreciated
Click to expand...
The manual I found -- https://www.manualslib.com/manual/2859634/Zyxel-Communications-Ax-Series.html#product-EX5601-T0
Shows that there may be a screen like on page 388 of the manual. That is accessed by Maintenance > Remote Management > MGMT Services
 
kurt16A

kurt16A

Commendable
May 24, 2020
16
0
1,510
kanewolf said:
The manual I found -- https://www.manualslib.com/manual/2859634/Zyxel-Communications-Ax-Series.html#product-EX5601-T0
Shows that there may be a screen like on page 388 of the manual. That is accessed by Maintenance > Remote Management > MGMT Services
Click to expand...
There is no such "
Maintenance > Remote Management > MGMT Services
Click to expand...
" in my router settings. I have under maintenance: System, User Account, Time Backup/Restore, Reboot and Diagnostic. The manual you linked is different, and I assure you that I have Zyxel EX5601-T0.

 
USAFRet

USAFRet

Titan
Moderator
Mar 16, 2013
173,076
18,732
184,590
kurt16A said:
There is no such "

" in my router settings. I have under maintenance: System, User Account, Time Backup/Restore, Reboot and Diagnostic. The manual you linked is different, and I assure you that I have Zyxel EX5601-T0.

Click to expand...
You can download your user manual here:
service-provider.zyxel.com

EX5601/EX5600-T Series

EX5601/EX5600-T Series
service-provider.zyxel.com service-provider.zyxel.com

They ask for FAR too much info to get that actual download.
 
kurt16A

kurt16A

Commendable
May 24, 2020
16
0
1,510
USAFRet said:
You can download your user manual here:
service-provider.zyxel.com

EX5601/EX5600-T Series

EX5601/EX5600-T Series
service-provider.zyxel.com service-provider.zyxel.com

They ask for FAR too much info to get that actual download.
Click to expand...
I went through the settings several times yesterday and today. I am sure that there is no place like "Remote Management". And I knew about "Remote Management" before I asked the question, but it doesn't exist. it's unbelievable.
71qKBh.png
 
Last edited:
kanewolf

kanewolf

Titan
Moderator
May 29, 2013
37,718
3,429
156,790
kurt16A said:
I just got a new router Zyxel EX5601-T0. Everything goes well, except that I discovered accidentally that the admin interface can be accessed by anyone on the internet. This has never happened to me before (I used several routers before). Actually because of an indirect help from a subdomain (pointing to my public IP) that I discovered the problem. My problem is I tried to find where I can block the access to my router in the settings, but I can not find where to do it?? - I thought under the firewall, but there is no option for that except Access Control with an option to add a new ACL Rule!!

Any help or an idea is very appreciated
Click to expand...
Did you test this access via a cell phone without WIFI or some other device that is guaranteed to not be on your LAN? Your router could have "hairpin NAT" which a LAN device can use the WAN IP address without an error. That could give your a false positive.
 
kurt16A

kurt16A

Commendable
May 24, 2020
16
0
1,510
kanewolf said:
Did you test this access via a cell phone without WIFI or some other device that is guaranteed to not be on your LAN? Your router could have "hairpin NAT" which a LAN device can use the WAN IP address without an error. That could give your a false positive.
Click to expand...
I tried access my public IP and my Nextcloud (using a subdomain pointing to my public IP) with my phone (using 4G) and surprising I can not access!!!
Now I don't understand what's happening?!!!
Why from my pc I can access my router login using my public IP or my subdomain?????
I am very LOST!!!!
 
USAFRet

USAFRet

Titan
Moderator
Mar 16, 2013
173,076
18,732
184,590
kurt16A said:
I tried access my public IP and my Nextcloud (using a subdomain pointing to my public IP) with my phone (using 4G) and surprising I can not access!!!
Now I don't understand what's happening?!!!
Why from my pc I can access my router login using my public IP or my subdomain?????
I am very LOST!!!!
Click to expand...
You need to do a real test, from some system outside your LAN.

This means actually going outside, to somewhere else.
 
kanewolf

kanewolf

Titan
Moderator
May 29, 2013
37,718
3,429
156,790
kurt16A said:
I tried access my public IP and my Nextcloud (using a subdomain pointing to my public IP) with my phone (using 4G) and surprising I can not access!!!
Now I don't understand what's happening?!!!
Why from my pc I can access my router login using my public IP or my subdomain?????
I am very LOST!!!!
Click to expand...
Your router was providing "hairpin NAT". JUST as I suspected. By using your phone on 4G you were outside your LAN. That is the only valid way to test external access. Google "hairpin NAT" for more info.

I don't believe your router admin IS exposed to the WAN. You had a false positive because of the hairpin NAT.
 
  • Like
Reactions: kurt16A
kurt16A

kurt16A

Commendable
May 24, 2020
16
0
1,510
kanewolf said:
Your router was providing "hairpin NAT". JUST as I suspected. By using your phone on 4G you were outside your LAN. That is the only valid way to test external access. Google "hairpin NAT" for more info.

I don't believe your router admin IS exposed to the WAN. You had a false positive because of the hairpin NAT.
Click to expand...
 
kurt16A

kurt16A

Commendable
May 24, 2020
16
0
1,510
Thanks a lot. I really appreciate your answers and help. You point me to something important when you sad to try outside my LAN. I panicked when I saw the router login page when I use my public IP or my subdomain. Thanks again.
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom