Solved

How to prevent users connecting an access point to get into the other modem router's configuration page?

Hi,


I have a modem router from ISP and an access point (personal). The setting in the modem router from ISP shouldn't be change.

I enabled the AP isolation in the AP and different range of ip address for the AP but still users still can get into the configuration page of modem router even when they are connecting to the AP's wifi.

Can I set a different subnet mask to isolate them? Please advice.

The gateway ip for modem router is 192.168.1.1, subnet mask is 255.255.255.0 while for the gateway ip for the AP is 192.168.10.1, subnet mask is 255.255.255.0.

Thanks in advance
9 answers Last reply Best Answer
More about prevent users connecting access point modem router configuration page
  1. They shouldn't be able to get to the router config page without the username/password.
    Change that.

    Or am I missing something?
  2. The computers need to talk to the router, because it's got their uplink in it.

    Only thing I can think of (without touching the ISP's router) would require serious config on the WAP - basically set up a firewall that drops all traffic bound for 192.168.1.1:80. You'd need to be running custom firmware for that, though.

    Also, setting the gateway on the AP to 192.168.10.1 won't do anything other than stop the WAP from being able to get updates.
  3. Erm actually the username and password for logging into the configuration page is the default from the ISP and most of the us can easily get this.

    Without using mac filtering, is there any other ways i can block others to get into the configuration page of the modem router? How do you do to set up a firewall that drops all traffic bound?

    Custom firmware? Like dd-wrt?

    Well the modem router do have guest network setup but will this prevents others to get into the configuration page?

    Thanks
  4. No, guest won't do it.

    Why can't you change the password?

    Yeah, DD-WRT. You'll need to add an IPTables rule that drops any packets headed for 192.168.1.1 TCP port 80 (and probably 443 and 8080).
  5. Well, I am the only one in the house that knows a little about this configuration and if my family members ask for assistance from the ISP, the ISP can remotely connect to the modem to do whatever is required. If I change the password how are they going to get into the configuration page?

    So if I add an IPTables rule that drops that packets will I be able to get into the configuration page again? I never use a DD-WRT before.

    Thanks for the quick reply
  6. If you do some creative coding so that it drops all but those from your PC, it should be fine.

    Fairly sure the ISP can get in even if you change the password. I think there's two accounts for it; one that you have, and one that they have. Not sure though.
  7. Looks like only custom firmware can do the trick, am I right?
  8. Best answer
    Yeah. That's serious firewall stuff, there.

    However, if all you're worried about is the ISP's remote access, I'm fairly sure that's not a problem. They don't go in through the web interface, IIRC. There's some obscure standard that governs it; can't remember the name.
  9. Thanks for the answers, Someone Somewhere.
Ask a new question

Read More

LAN Networking Routers Wireless Security Modem