Using v6.0 on RB2011
Everything works fine from the LAN, but I cannot login from the WAN.
I have set an input chain for my remote IP address so I can manage the router from there:
/ip firewall filter
add action=drop chain=input comment=“Block invalid connections”
connection-state=invalid
add action=drop chain=forward connection-state=invalid
add chain=input comment=“Input chain from inside” src-address=192.168.1.0/24
add chain=input comment=“Input chain from …” src-address=
208.xxx.xxx.xxx
From the remote address, I get the login screen, but my login is not accepted. Same thing with telnet.
What am I missing?
Thanks
If it works locally, and you can see the login page remotely, then it should work remotely. Are you sure you are putting the user/pass in properly?
By the way, your accept rules are not actually serving any purpose because you are not blocking anything after those rules… so everything is being accepted (other than invalid stuff that is being blocked in the first rules)
Thank you for the response. I have verified the user id/pwd several times, and I am sure they are correct.
I understand your point about the rules, I had not listed the whole set. The next line is:
add action=drop chain=input comment=“No other access to router”
Any other ideas?
Thanks
Did you limit the users source?
Yes I had done that, and forgot.
DUH!
I was getting the login screen, so I thought my IP was not restricted. I did not think that, of course, the user restriction would only be checked after login.
Thank you for your help.
