NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

chuskyx's avatar
chuskyx
Aspirant
Nov 16, 2016

secure admin page

Hi community!

 

I have some https shares in my readynas, so i have forwarded 443 port to my readynas to allow external access to the shares. I have port 80 forwarded for compatibility but i don't use it. In configuration i have disabled admin access from http but i didn't find a way to disable access to the admin page from the outside. I would like to restrict access to the /admin url so nobody (or a restricted set of addresses preferable) can try to access admin page from the outside. My firewall can't filter a particular internal url, so i guess i need to do the setup in the NAS. Is there an easy way to do that? Can the admin account be renamed?

 

Thanks!

Tips from other users

3 Replies

  • StephenB's avatar
    StephenB
    Guru
    Nov 17, 2016

    You cannot rename the admin account.

     

    Being able to deny access to the admin web-ui on the secondary https port would be a nice feature.  Perhaps post it on the idea exchange.

     

    I realize you'd prefer to denying outside access on the primary port, but I think it would be difficult for the NAS to reliably tell that the connection came from outside. Forwarding 443 to the secondary port, and then denying admin web-ui access on that port would be easier to do.

    • chuskyx's avatar
      chuskyx
      Aspirant
      Nov 17, 2016

      Thanks for your answer :)

       

      As you say,  a idea could be to use a different por for the admin virtualserver, and use the standard 80 and 443 ports for regular users.

       

      The other question, about how to differentiate a external connection, i think in first place that it is easy to differenciate between LAN and a no-LAN connection and, for generic purposes, allow/deny sets of ip addresses or subnets in a similar way to "hosts" setup in shares. Admin interface is too vulnerable.

      • StephenB's avatar
        StephenB
        Guru
        Nov 18, 2016
        chuskyx wrote:

         

        The other question, about how to differentiate a external connection, i think in first place that it is easy to differenciate between LAN and a no-LAN connection and, for generic purposes, allow/deny sets of ip addresses or subnets in a similar way to "hosts" setup in shares. Admin interface is too vulnerable.

        I agree that it would be great if you could use the physical ethernet connection or VLAN as a filter for various services (including admin access).  Netgear hasn't done that, but the idea is on the idea exchange.  You might want to vote for that idea (by clicking on the large up arrow).  It's here: https://community.netgear.com/t5/Idea-Exchange-for-ReadyNAS/Easy-way-to-dedicate-NICs-for-specific-purposes/idi-p/1141692  You could add a specific comment on admin access.

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More