Hi there, been working on my selfhosted setup a bit lately and just noticed that if I browse to my own WAN-IP it will show to the public the interfance of my oc200 omada hardware controller. While it does have a login form with username password, id be much more confident if this wasnt public at all. I’ve looked online and in my settings but struggle to find anything related to this. Is it common that this is on be default?

Any pointers greatly appriciated.

Edit: Solved - I panicked without thinking I was on my own lan when checking this…

  • anamethatisnt@lemmy.world
    link
    fedilink
    English
    arrow-up
    26
    ·
    10 days ago

    First off, check that it is also true when using a device outside the LAN. Easiest would be to check with your phone with wifi off. You probably won’t get to the login.
    If you do then it’s time to check firewall settings.

    • Sips'@slrpnk.netOP
      link
      fedilink
      English
      arrow-up
      11
      ·
      10 days ago

      Yeah ur right, i was on my LAN and thats why it worked. I only assumed because I was accessing it via my WAN IP it was ‘automatically’ public.

      • Fuck spez@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        1
        ·
        edit-2
        6 days ago

        NAT loopback, if supported and enabled, may appear to bypass firewall rules.

        Basically, traffic to your public (WAN) IP that comes from inside the network is not subject to the same level of security as outside traffic would be. The last part of the parent comment didn’t quite make sense, though.

      • anamethatisnt@lemmy.world
        link
        fedilink
        English
        arrow-up
        15
        ·
        9 days ago

        Hairpin NAT/NAT Reflection can make the experience of visiting the WAN IP from the LAN a different one then if you do it from somewhere else. Or what is your what?

  • bigredgiraffe@lemmy.world
    link
    fedilink
    English
    arrow-up
    16
    ·
    10 days ago

    I know you solved it but for anyone that finds this later this feature/behavior is typically called “NAT Hairpin” in case you are looking for a setting to enable or disable, hope this helps!

  • Goingdown@sopuli.xyz
    link
    fedilink
    English
    arrow-up
    5
    ·
    10 days ago

    Can you access your wan ip when you are somewhere else than on your own lan?

    If not, then this is probably just that your router does firewalling and nat is such order that you can access admin interface from local network via wan address.

    If yes, then router has some serious misconfiguration.

    • Sips'@slrpnk.netOP
      link
      fedilink
      English
      arrow-up
      3
      ·
      10 days ago

      Yeah exactly what happened, i was on my lan thinking WAN IP meant it was public - it was not :P

    • Sips'@slrpnk.netOP
      link
      fedilink
      English
      arrow-up
      3
      ·
      10 days ago

      No I wasnt… just realised this, thats a great relief really. Was afraid it had been publicly available all this time.

      Learn something new every day :)

      • scholar@lemmy.world
        link
        fedilink
        English
        arrow-up
        4
        ·
        9 days ago

        It’s worth checking from an external network anyway, but I’d be surprised if it was public facing.

    • Sips'@slrpnk.netOP
      link
      fedilink
      English
      arrow-up
      3
      ·
      10 days ago

      Ah yeah you’re right, i can only access this interface if I am on my LAN. Tried with hotspot now and it doesn’t “load” - so thats good.

      • TheButtonJustSpins@infosec.pub
        link
        fedilink
        English
        arrow-up
        2
        ·
        10 days ago

        My opnSense box does the same thing. I’d rather get to it via internal IP like pfSense worked. (I assume I can make that happen somehow, but I haven’t researched it yet.)