What's new

No Access to equipment

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

diabolyk

Regular Contributor
Hi,

I don't understand why, but i have some equipments I need to access by IP on my explorer and I can't...

For example : IP cam, SonOff on espeasy...

If i connect directly to my ac86u i have no Access, but if i connect it on my TP Link router in AP mode, I can open the webpage by IP adress.

How is it possible ?
How to resolve this ?

Thanks.
 
I have the begining of an answer...
It seems that all equipment connected on LAN interface have no problems for access, and all by wifi have the problem...
Ones connected by wifi on the AP router are LAN connected for AC86U...

Where I can find an option to enable or disable about that ?

Thanks
 
Perhaps you can help with screenshots
IMG_20230111_173301.jpg

IMG_20230111_173323.jpg


IMG_20230111_173346.jpg
 
GUI > Advanced Settings > Administration > System
 
Disabling airtime fairness and Universal beamforming seems to work very well to have no more problems.
I will check in few Time but it seems solved ☺️
 
I wouldn't allow ssh access from WAN, regardless of port. Is that absolutely necessary? Port scanning might still take you down - have you made a stronger password yet?
I would also make your idle timeout less than what it is now...5min?
 
I wouldn't allow ssh access from WAN, regardless of port. Is that absolutely necessary? Port scanning might still take you down - have you made a stronger password yet?
I would also make your idle timeout less than what it is now...5min?
what do you mean by idle timeout? where to find this ? what will it change ?

thanks
 
did you read my post? it gives you the map of how to get there
Idle timeout will automatically close an ssh tunnel if no activity is seen/measured on it for X minutes. A security feature.
you want that as short as possible, especially if you leave SSH access from WAN open.

Just so i'm sure you're clear on this, that you understand well - leaving SSH open to WAN means anyone, anywhere in the world with internet access can try to gain entry to your router/home network. a strong password is just the first barrier to prevent that from happening. disabling the ability to do so by turning off WAN access means that people will need much more direct physical access to your router/network/home. setting an idle timeout to shut down any tunnel from any computer that can access your network's "control center" after a short period of time also protects you, in case you're human and forget - you don't leave the door to your home open when you're away, do you? idle timeout closes the door automatically behind you, to keep your network safe if you open it up and forget to close it.
 
what do you mean by idle timeout? where to find this ? what will it change ?

thanks
Not sure what router you are using but here (on the Administration > System page in the GUI) is where Idle Time Out is on an RT-AC68U running Asus-Merlin 386.9.
SSHIdleTimeOut.jpg


RMerlin explains what idle time out is here:
https://www.snbforums.com/threads/idle-timeout.63503/post-573751

If you are not seeing idle time out then it may be due to the configuration of your router or is not included in your router's firmware.

Like others have indicated, enabling Remote Access Config to allow remote GUI access is a potential security risk. If a bad actor/unauthorized person gained access to your router's GUI from the WAN side they could potentially reconfigure the router to gain access to the rest of your LAN and its clients.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top