Jump to content
Sign in to follow this  
g725s

Router won't UPnP for WHS 2011 Remote Web Access

Recommended Posts

ikon

Is there a workaround to access it from inside my LAN?

Nope.  That's your router doing that.  Just RDP into the server, or go into the Site from IIS.

 

I guess the real question is, why would you want to?

Share this post


Link to post
Share on other sites
g725s

I guess the real question is, why would you want to?

 

Well the last time I set this up I was able to and it did not cause this frustration.  I would have thought since this was a newer more feature rich router it would be able to.

Edited by g725s

Share this post


Link to post
Share on other sites
ikon

I can see where you might find the port forwarding frustrating. However, since I can't think of any real reason to use RWA from within the LAN, I don't see where that should be a frustration.

 

And, as to the port forwarding frustration, let's just say you're better off doing it manually than having UPnP enabled. Here's a scenario for you. Someone using a computer on your LAN browses to a web site the secretly downloads malware to their computer. This malware checks to see if UPnP is enabled on your router. If discovers UPnP is enabled, so it starts opening all kinds of ports that allow it to secretly access the computer any time the bad guys want. This allows them to download and run other malware on your LAN that let's them infect other computers on your LAN. In short order, every computer on your LAN is owned by the bad guys. They could then, for example, start using your computers as part of a botnet, or to start sending out SPAM to thousands of email addresses.

Share this post


Link to post
Share on other sites
g725s

I can see where you might find the port forwarding frustrating. However, since I can't think of any real reason to use RWA from within the LAN, I don't see where that should be a frustration.

 

And, as to the port forwarding frustration, let's just say you're better off doing it manually than having UPnP enabled. Here's a scenario for you. Someone using a computer on your LAN browses to a web site the secretly downloads malware to their computer. This malware checks to see if UPnP is enabled on your router. If discovers UPnP is enabled, so it starts opening all kinds of ports that allow it to secretly access the computer any time the bad guys want. This allows them to download and run other malware on your LAN that let's them infect other computers on your LAN. In short order, every computer on your LAN is owned by the bad guys. They could then, for example, start using your computers as part of a botnet, or to start sending out SPAM to thousands of email addresses.

 

Frustrating only because I assumed during setup I could see the site from within my LAN like last time.  And this time it threw me off.  I don't know much about ports and such. So my network was probably not that secure last time.  At lease I've learned a bit about ports ans such from all this.  But still, is there a workround where I could see the site from within my LAN while still having UPnP disabled and still have a secure network?

 

Since you mention "bad guys" is there a way that someone could open ports without my being able to see that they have been opened?  Or would they have to be listed on the router?

Edited by g725s

Share this post


Link to post
Share on other sites
ikon

No, you can't see the site from within your LAN. UPnP really has nothing to do with it; it's a function of how the router works. Enabling UPnP would not suddenly make it work. I would just forget about it.

 

If ports are opened on the router, they would show up in the router configuration pages. But seriously, how likely are you to check your router configuration pages? Most people go months and months, even years, without checking them.

Share this post


Link to post
Share on other sites
jmwills

He can from IIS on the server, but that's way too much trouble.

Share this post


Link to post
Share on other sites
g725s

No, you can't see the site from within your LAN. UPnP really has nothing to do with it; it's a function of how the router works. Enabling UPnP would not suddenly make it work. I would just forget about it.

 

If ports are opened on the router, they would show up in the router configuration pages. But seriously, how likely are you to check your router configuration pages? Most people go months and months, even years, without checking them.

 

Going months...Yeah that would be me.  I set this server up before mainly to have it used inside my LAN as a media server.  I ran the RWA configuration then and really never used it much, and I did not check the ports then either.  But I'm in a different situation now where I'd like to use it to serve media outside my LAN now.

 

I'm glad you are making me more aware of this.  My son likes to game and is downloading stuff.  I've set his account that if he wants to run anything it need Administrator rights, so he has to ask me to put in my password.  But he was trying to setup Minecraft server and such.

 

I ran a check on "All Service Port" on that site listed above:

GRC Port Authority Report created on UTC: 2015-01-15 at 22:19:25

 

Results from scan of ports: 0-1055

 

1 Ports Open

0 Ports Closed

1055 Ports Stealth

---------------------

1056 Ports Tested

 

NO PORTS were found to be CLOSED.

 

The port found to be OPEN was: 443

 

Other than what is listed above, all ports are STEALTH.

 

TruStealth: FAILED - NOT all tested ports were STEALTH,

- NO unsolicited packets were received,

- NO Ping reply (ICMP Echo) was received.

Share this post


Link to post
Share on other sites
ikon

Hey g725s, no problem giving heads up on some stuff. I got the impression from your posts that this stuff is not your everyday activity, so I wanted to offer some things you might find useful.

 

The reason that ShieldsUP! is only showing the 1 port open (443) is that it's not even trying to scan port 4125. If you notice, it's only scanning 1056 ports. Obviously, 4125 is well beyond 1055, so it doesn't get checked. That's why Steve (owner of GRC) has the option to scan custom port numbers. BTW, there are 65536 total possible ports (0 to 65535). 65535 is the largest number that can be contained in 16 bits, which is 2 bytes, and is 216.

Share this post


Link to post
Share on other sites
g725s

Hey g725s, no problem giving heads up on some stuff. I got the impression from your posts that this stuff is not your everyday activity, so I wanted to offer some things you might find useful.

 

The reason that ShieldsUP! is only showing the 1 port open (443) is that it's not even trying to scan port 4125. If you notice, it's only scanning 1056 ports. Obviously, 4125 is well beyond 1055, so it doesn't get checked. That's why Steve (owner of GRC) has the option to scan custom port numbers. BTW, there are 65536 total possible ports (0 to 65535). 65535 is the largest number that can be contained in 16 bits, which is 2 bytes, and is 216.

 

So how does a person know if there are ports opened by a bad guy beyond port 1055?  Having port 433 open does not impose a risk?

 

Also I did check 4125:

Port | Status | Protocol and Application

4125 | Stealth | Unknown Protocol for this port, Unknown Application for this port

 

 

If you really MUST hit the site from within your LAN, you this URL:

 

https://<IPADDRESS OF SERVER>/remote/login , e.g.  https://192.168.1.110/remote/login

 

I tried your link here, with my IP of course, and still I cannot enter the site

Edited by g725s

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this  



×