Why Am I able to log in via WAN IP address

Hi Guys. I am looking for advice.

I upgraded from OS 3.x to 5.x my turris omnia.
Firmware Version:
TurrisOS 5.1.3 78c4c04dd7979a7f6d3cadeb1783b6c38d63b575 / LuCI branch git-20.306.44214-6ad517e
Kernel Version 4.14.202

Now when I am logged in reforis GUI (http://192.168.1.1/reforis/notifications) and I force reboot of router, it boot up and page redirects me to WAN IP and shows login. So I realized, that I am able to log in to the router from my PC connected in lan, via router WAN IP (http://188.167.x.x/reforis/notifications).
I think that functions in http://192.168.1.1/reforis/network-settings/interfaces are not flawless. Somehow my router is not recognizing correctly lan and wan.

Also another strange behavior appear. I have in port lan0 my qnap NAS. It is connected via cable with static IP 192.168.1.4. All lan ports and also enabled wifi is assigned to lan group (see attached screenshot).
Issue is, that when I am connecting to the NAS from my PC via ethernet cable plugged in router port lan1, it is working. But when I am with same PC connected via WIFI, I am not able load login page of the NAS and also mounted folders are not accessible. Ping is working and also tracert.
When I try to connect with mobile phone or another PC via wifi, it is working.
It looks for me like firewall in router is somehow filtering (maybe based on MAC address) my connections inside lan network between my PC and NAS when I am connected via WIFI.

note: with UPC router it worked just fine so I do not suspect settings in my PC. I also disabled firewall in PC and turn off esset during tests. I have my wifi in PC marked as private network so even windows sharing settings should not affect this.

Hi,

As for the first issue, as long as you are not able to log in while connected from the WAN interface, it is quite normal. Every Linux, including OpenWRT uses soft binding between interfaces and IP addresses. So even that your WAN IP is in WAN zone, as long as your requests are coming from LAN interface, it is considered as LAN zone.

As for the second issue, please check that you are connected on WiFi adapter 2 (in LAN zone), not unassigned adapter 1. If so, please post output of “iptables -S” or “nft list ruleset” (if using nftables). Interesting part would be the FORWARD chain and chains connected with that (via -j or -g).

Hi hunekm,

Thank you for your reaction and for info regarding first issue. You are right and connection from internet to WAN ip of my router is not allowed. Just from my lan. So you show me that there is no security issue and now I may stop panic.

Regarding second issue. You encourage me to do some troubleshooting and according tcpdup on router I saw no response to my connection from my PC to NAS. Then I tried same wifi but with mobile phone. It worked. So I checked NAS (qnap) security rules. It somehow blacklisted IP of my PC. So I deleted that rule on NAS and it works now. I am sorry for such stupid mistake. Issue is solved.

1 Like

I am still curious how could the turris interface redirect you to its public IP.
Is your WAN IP statically configured?