How to prevent users connecting an access point to get into the other modem router's configuration page?

cvwong · Feb 16, 2014

Hi,

I have a modem router from ISP and an access point (personal). The setting in the modem router from ISP shouldn't be change.

I enabled the AP isolation in the AP and different range of ip address for the AP but still users still can get into the configuration page of modem router even when they are connecting to the AP's wifi.

Can I set a different subnet mask to isolate them? Please advice.

The gateway ip for modem router is 192.168.1.1, subnet mask is 255.255.255.0 while for the gateway ip for the AP is 192.168.10.1, subnet mask is 255.255.255.0.

Thanks in advance

USAFRet · Feb 16, 2014

They shouldn't be able to get to the router config page without the username/password.
Change that.

Or am I missing something?

Someone Somewhere · Feb 16, 2014

The computers need to talk to the router, because it's got their uplink in it.

Only thing I can think of (without touching the ISP's router) would require serious config on the WAP - basically set up a firewall that drops all traffic bound for 192.168.1.1:80. You'd need to be running custom firmware for that, though.

Also, setting the gateway on the AP to 192.168.10.1 won't do anything other than stop the WAP from being able to get updates.

cvwong · Feb 16, 2014

Erm actually the username and password for logging into the configuration page is the default from the ISP and most of the us can easily get this.

Without using mac filtering, is there any other ways i can block others to get into the configuration page of the modem router? How do you do to set up a firewall that drops all traffic bound?

Custom firmware? Like dd-wrt?

Well the modem router do have guest network setup but will this prevents others to get into the configuration page?

Thanks

Someone Somewhere · Feb 16, 2014

No, guest won't do it.

Why can't you change the password?

Yeah, DD-WRT. You'll need to add an IPTables rule that drops any packets headed for 192.168.1.1 TCP port 80 (and probably 443 and 8080).

cvwong · Feb 16, 2014

Well, I am the only one in the house that knows a little about this configuration and if my family members ask for assistance from the ISP, the ISP can remotely connect to the modem to do whatever is required. If I change the password how are they going to get into the configuration page?

So if I add an IPTables rule that drops that packets will I be able to get into the configuration page again? I never use a DD-WRT before.

Thanks for the quick reply

Someone Somewhere · Feb 16, 2014

If you do some creative coding so that it drops all but those from your PC, it should be fine.

Fairly sure the ISP can get in even if you change the password. I think there's two accounts for it; one that you have, and one that they have. Not sure though.

cvwong · Feb 16, 2014

Looks like only custom firmware can do the trick, am I right?

Someone Somewhere · Feb 16, 2014

Yeah. That's serious firewall stuff, there.

However, if all you're worried about is the ISP's remote access, I'm fairly sure that's not a problem. They don't go in through the web interface, IIRC. There's some obscure standard that governs it; can't remember the name.

cvwong · Feb 16, 2014

Thanks for the answers, Someone Somewhere.

Search

How to prevent users connecting an access point to get into the other modem router's configuration page?

cvwong

Honorable

Someone Somewhere

USAFRet

Titan

Someone Somewhere

Titan

cvwong

Honorable

Someone Somewhere

Titan

cvwong

Honorable

Someone Somewhere

Titan

cvwong

Honorable

Someone Somewhere

Titan

cvwong

Honorable

TRENDING THREADS

Latest posts

Moderators online

Share this page