FreshTomato Wiki

User Tools

Site Tools

Trace: advanced-access enable_disable_ethernet_port restrict-edit tools-qr forward-triggered ip_script tools-iperf status-devices advanced-tor advanced-vlan
admin-access

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
admin-access [2024/11/28 22:59] – [SSL Certificate] -Condense hogwildadmin-access [2024/11/28 23:13] (current) – [Admin Restrictions] -Formatting hogwild
Line 6: Line 6:
 ===== Web Admin ===== ===== Web Admin =====
  
-This section has settings to control who can access FreshTomato's web interface, how, and from where. You can also which menus stay nested or shown. Finally, it also has settings for the interface's color scheme.  \\   \\ **Local Access:  **here, choose the web protocols allowed for communication with the web interface via LAN. \\ Port and Wireless access options appear, depending on the selection you choose. \\  \\+This section'settings control who can access FreshTomato's web interface, how, and from where. You can also choose which menus stay nested or shown. It also has settings for the interface's color scheme.  \\   \\ **Local Access:  **here, choose the web protocols allowed for communication with the web interface via LAN. \\ Port and Wireless access options appear, depending on your selection. \\  \\
  
   * Disabled - disables all LAN access to FreshTomato's web\\ interface via web protocols.   * Disabled - disables all LAN access to FreshTomato's web\\ interface via web protocols.
  
   * HTTP - lets LAN Ethernet clients access the web interface via HTTP.   * HTTP - lets LAN Ethernet clients access the web interface via HTTP.
-    * HTTP Port - enter the port on which to allow HTTP administration \\ traffic to flow. (Default: 80). +    * HTTP Port - enter the port on which to allow HTTP  \\ administration traffic to flow. (Default: 80). 
-    * Allow Wireless Access - lets LAN WiFi clients access the \\ web interface. (Default: enabled).+    * Allow Wireless Access - lets LAN WiFi clients access  \\ the web interface. (Default: enabled).
  
-  * HTTPS - allows Ethernet LAN clients to access the web interface \\ via HTTPS (SSL-encrypted web).+  * HTTPS - lets Ethernet LAN clients access the web interface \\ via HTTPS (SSL-encrypted web).
     * HTTPS port: the HTTPS port to use. (Appears only if  \\ HTTPS is a chosen option).     * HTTPS port: the HTTPS port to use. (Appears only if  \\ HTTPS is a chosen option).
     * Allow Wireless Access - lets LAN WiFi clients access  \\ THE web interface via HTTPS. (Default: enabled).     * Allow Wireless Access - lets LAN WiFi clients access  \\ THE web interface via HTTPS. (Default: enabled).
  
-  * HTTP and HTTPS - allows Ethernet LAN clients to access the \\ web interface via HTTP and HTTPS.+  * HTTP and HTTPS - allows Ethernet LAN clients to access  \\ the web interface via HTTP and HTTPS.
     * HTTP Port - the port on which HTTP administration  \\ traffic will flow. (Default: 80).     * HTTP Port - the port on which HTTP administration  \\ traffic will flow. (Default: 80).
     * HTTPS port: the HTTPS port to use. (shows only if  \\ HTTPS is a chosen option).     * HTTPS port: the HTTPS port to use. (shows only if  \\ HTTPS is a chosen option).
     * Allow Wireless Access - lets LAN WiFi clients access  \\ the web interface. (Default: enabled).     * Allow Wireless Access - lets LAN WiFi clients access  \\ the web interface. (Default: enabled).
- \\  + 
- \\ {{::administration-admin_access-web_admin-2024.3.png?539}}+ \\   \\ {{::administration-admin_access-web_admin-2024.3.png?539}}
  
  \\  \\
Line 105: Line 105:
 ===== SSH Daemon ===== ===== SSH Daemon =====
  
-The Secure SHell tunneling protocol lets you make secure local and remote connections to FreshTomato. With the help of the Dropbear service, it also lets you make SSH connections //though //the router to LAN client devices. Settings here let you enable/disable the SSH Daemon and the Dropbear daemon, and configure their operation.+The Secure SHell tunneling protocol lets you make secure local and remote connections to FreshTomato. With the help of the Dropbear service, it also lets you make SSH connections //through //the router to LAN clients. Settings here let you enable/disable the SSH Daemon and the Dropbear daemon, and configure their operation.
  
  \\  \\
  
-**Enable at Startup:**  checking this starts the SSH Daemon when the router boots. (Default: Enabled).+**Enable at Startup:** checking this starts the SSH when the router boots. 
 + 
 +(Default: Enabled).
  
  \\  \\
  
-**Extended MOTD:**  enables the Message of the Day function.+**Extended MOTD:** enables the Message of the Day function.
  
-This displays a custom message when you first log in via Telnet. It can be important information, updates about the system or just a personal greeting from the administrator.+This displays a custom message as you first log in via Telnet. It can be important information, updates about the system or just a personal greeting from the administrator.
  
  \\ {{::administration-admin_access-ssh_daemon-2024.3.png?550}}  \\ {{::administration-admin_access-ssh_daemon-2024.3.png?550}}
Line 121: Line 123:
  \\  \\
  
-**Remote Access:**  allows SSH connections from remote WAN/Internet clients. (Default: Disabled).+**Remote Access:**  allows SSH connections from remote WAN/Internet clients. 
 + 
 +(Default: Disabled).
  
  \\  \\
Line 127: Line 131:
 **Remote Forwarding:  **enables the Dropbear service/daemon. **Remote Forwarding:  **enables the Dropbear service/daemon.
  
-Dropbear provides SSH services on the router, including SSH port tunneling and forwarding. Don't confuse this with standard (local) Port Forwarding.+Dropbear provides SSH services on the router, including SSH port tunneling/forwarding. Don't confuse this with standard (local) Port Forwarding.
  
 For example, say you want to access a PC on your LAN via Remote Desktop. However, you don't want the security risk of using standard port forwarding to open a port for RDP to the Internet. For example, say you want to access a PC on your LAN via Remote Desktop. However, you don't want the security risk of using standard port forwarding to open a port for RDP to the Internet.
Line 135: Line 139:
 This way, when you are connected to the the router via SSH, you can run RDP on your machine, connect to 127.0.0.1:1234 and you're securely connected to 192.168.1.66 on your LAN. All traffic flows through SSH, and thus is encrypted. (To be fair, RDP already uses encryption, but it's weaker than SSH encryption). In such cases, the SSH server is known as a "//jump host//", and the final destination PC is known as a "//target host//". \\  \\ This way, when you are connected to the the router via SSH, you can run RDP on your machine, connect to 127.0.0.1:1234 and you're securely connected to 192.168.1.66 on your LAN. All traffic flows through SSH, and thus is encrypted. (To be fair, RDP already uses encryption, but it's weaker than SSH encryption). In such cases, the SSH server is known as a "//jump host//", and the final destination PC is known as a "//target host//". \\  \\
  
-**Port:  **sets the port on which SSH traffic flows.+**Port: **sets the port on which SSH traffic flows
 + 
 +Changing this from the default is highly recommended. Port 22 is constantly scanned by Internet hackers.
  
-Changing this from the default is highly recommended. Port 22 is constantly scanned by Internet hackers. (Default: 22).+(Default: 22).
  
  \\  \\
Line 143: Line 149:
 **Allow Password Login:  **lets clients login via SSH with only the normal administrative username/password. **Allow Password Login:  **lets clients login via SSH with only the normal administrative username/password.
  
-No authorized encryption key is needed. When disabled, SSH requires an authorized key to allow clients to logon.+An authorized encryption key isn'needed. When disabled, SSH requires an authorized key to let clients logon.
  
  \\  \\
  
-**Authorized Keys:**  one or more encryption keys that authorize an SSH client to access to the LAN.+**Authorized Keys:** one or more encryption keys that authorize an SSH client to access to the LAN.
  
  \\  \\
Line 153: Line 159:
 **Stop Now/Start Now:** clicking this instantly stops/starts SSH, whichever is the opposite of its current state. **Stop Now/Start Now:** clicking this instantly stops/starts SSH, whichever is the opposite of its current state.
  
-The button will display its current state, and later the opposite option after you click on it. The SSH daemon will start again at next bootup (if //Enable at Startup//is enabled.+The button displays its current state, and then the opposite state after you click on it. SSH will start again at next bootup (if //Enable at Startup// is enabled).
  
  
 ===== Telnet Daemon ===== ===== Telnet Daemon =====
  
-(Terminal EmuLation over the NEtwork) is a protocol which allows LAN and remote connections via a command-line interface. Unlike SSH, Telnet is not secure protocol.+The (Terminal EmuLation over the NEtwork) protocol allows LAN and remote connections via a command-line interface. Unlike SSH, Telnet is not secure.
  
  \\  \\
Line 179: Line 185:
 ===== Admin Restrictions ===== ===== Admin Restrictions =====
  
-**Allowed Remote IP Address:** the IP addresses/ DNS names of hosts to allow to connect to the FreshTomato web interface.+**Allowed Remote IP Address:** the IP addresses/DNS names of hosts to allow to connect to the router'web interface.
  
 Addresses can be individual, comma-separated, or a dash-separated range, ("1.1.1.1-2.2.2.2"). The setting applies to local and remote administration via HTTP, HTTPS, SSH (if enabled) and Telnet (if enabled). Addresses can be individual, comma-separated, or a dash-separated range, ("1.1.1.1-2.2.2.2"). The setting applies to local and remote administration via HTTP, HTTPS, SSH (if enabled) and Telnet (if enabled).
Line 185: Line 191:
  \\  \\
  
-**Limit Connection Attempts: ** specifies whether the number of SSH or Telnet connection attempts will be limited to number (n) at certain frequency (f). (Default: 3 connection attempts every 60 seconds).+**Limit Connection Attempts: **specifies whether the number of SSH/Telnet connection attempts will be limited to number (n) at certain frequency (f).
  
-Checking SSH limits the number of SSH connection attempts to number n at frequency f (in seconds). Checking Telnet works similarly.+(Default: 3 connection attempts every 60 seconds). Checking SSH limits the number of SSH connection attempts to number n at frequency f (in seconds). Checking Telnet works similarly.
  
  \\ {{::administration-admin_access-admin_restrictions-2024.3.png?688}}  \\ {{::administration-admin_access-admin_restrictions-2024.3.png?688}}
admin-access.1732834794.txt.gz · Last modified: 2024/11/28 22:59 by hogwild

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki