Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsNew Zealand BroadbandHuawei DN8245X6-10 remote management & port forwarding
wratterus

1687 posts

Uber Geek
+1 received by user: 678


#300670 27-Sep-2022 11:56
Send private message

Setting up a new Huawei DN8245X6-10, not so familiar with those routers and not in a situation where I can test it properly. 

 

Anyone able to advise if there is a way to securely setup remote management on it? eg lock that down to one external IP?

 

Also with port forwarding, do you just need the ports listed in the internal & external boxes, or is the external source box required to be filled out too? Not sure what the difference between the 'External port number' and 'External source port number' is in this situation. 

 

Thanks very much. 

Create new topic
Lias
5655 posts

Uber Geek
+1 received by user: 3978

ID Verified
Trusted
Lifetime subscriber

  #2973480 27-Sep-2022 13:42
Send private message

I'm pretty sure the advice you are going to get is "Don't enable remote management".

 

Even if you can lock it down, just exposing the interface on the WAN offers a vastly greater attack surface if any 0-days are in the router firmware.

 

 




I'm a geek, a gamer, a dad, a Quic user, and an IT Professional. I have a full rack home lab, size 15 feet, an epic beard and Asperger's. I'm a bit of a Cypherpunk, who believes information wants to be free and the Net interprets censorship as damage and routes around it. If you use my Quic signup you can also use the code R570394EKGIZ8 for free setup. Opinions are my own and not the views of my employer.



Lias
5655 posts

Uber Geek
+1 received by user: 3978

ID Verified
Trusted
Lifetime subscriber

  #2973535 27-Sep-2022 13:54
Send private message

Also re source port question.

 

TCP uses a port at both ends of the connection, for example if I connect from my laptop to the RDP port of a remote system, while having a connection to a website open, then run netstat I'll see something like this:

 

Active Connections

 

  Proto  Local Address          Foreign Address        State
  TCP    10.10.0.69:1982       ec2-12-34-56-78:443 ESTABLISHED
  TCP    10.10.0.69:1983       172.26.33.72:3389  ESTABLISHED

 

So the connection between my laptop and the website is using a local port of 1982, and a remote port of 443, the RDP connection is using a local port of 1983 and a remote port of 3389.

 

Without being rude, there's a pretty good chance you REALLY shouldn't be port forwarding anything, especially if you don't understand enough about TCP to know this :-)




I'm a geek, a gamer, a dad, a Quic user, and an IT Professional. I have a full rack home lab, size 15 feet, an epic beard and Asperger's. I'm a bit of a Cypherpunk, who believes information wants to be free and the Net interprets censorship as damage and routes around it. If you use my Quic signup you can also use the code R570394EKGIZ8 for free setup. Opinions are my own and not the views of my employer.

wratterus

1687 posts

Uber Geek
+1 received by user: 678


  #2973549 27-Sep-2022 14:21
Send private message

All good, thanks for taking the time to reply. Forwards will be locked down to one IP. Just wasn't sure how those routers behave as I've not had the chance to test one before. 

Create new topic








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.








RSS feeds
Main feed
Forums feed
Copyright
©2002-2026 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright