this post was submitted on 12 Dec 2024

42 points (97.7% liked)

Selfhosted

40696 readers

309 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.

Resources:

selfh.st Newsletter and index of selfhosted software and apps
awesome-selfhosted software
awesome-sysadmin resources
Self-Hosted Podcast from Jupiter Broadcasting

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago

MODERATORS

HybridSarcasm@lemmy.world

HybridSarcasm@lemmy.hybridsarcasm.xyz

(SOLVED) Is it normal that browsing to my own WAN-IP shows my Omada controller interface? (slrpnk.net)

submitted 1 week ago* (last edited 1 week ago) by Sunny@slrpnk.net to c/selfhosted@lemmy.world

18 comments fedilink hide all child comments

Hi there, been working on my selfhosted setup a bit lately and just noticed that if I browse to my own WAN-IP it will show to the public the interfance of my oc200 omada hardware controller. While it does have a login form with username password, id be much more confident if this wasnt public at all. I've looked online and in my settings but struggle to find anything related to this. Is it common that this is on be default?

Any pointers greatly appriciated.

Edit: Solved - I panicked without thinking I was on my own lan when checking this..

all 19 comments

sorted by: hot top controversial new old

[–] anamethatisnt@lemmy.world 26 points 1 week ago (2 children)

First off, check that it is also true when using a device outside the LAN. Easiest would be to check with your phone with wifi off. You probably won't get to the login.
If you do then it's time to check firewall settings.

[–] Sunny@slrpnk.net 11 points 1 week ago

Yeah ur right, i was on my LAN and thats why it worked. I only assumed because I was accessing it via my WAN IP it was 'automatically' public.

[–] Agility0971@lemmy.world 0 points 1 week ago (2 children)

Wait what?

[–] anamethatisnt@lemmy.world 15 points 1 week ago

Hairpin NAT/NAT Reflection can make the experience of visiting the WAN IP from the LAN a different one then if you do it from somewhere else. Or what is your what?

[–] Fuck_u_spez_@sh.itjust.works 1 points 1 week ago* (last edited 6 days ago)

NAT loopback, if supported and enabled, may appear to bypass firewall rules.

Basically, traffic to your public (WAN) IP that comes from inside the network is not subject to the same level of security as outside traffic would be. The last part of the parent comment didn't quite make sense, though.

[–] bigredgiraffe@lemmy.world 16 points 1 week ago (4 children)

I know you solved it but for anyone that finds this later this feature/behavior is typically called “NAT Hairpin” in case you are looking for a setting to enable or disable, hope this helps!

[–] fuckwit_mcbumcrumble@lemmy.dbzer0.com 5 points 1 week ago

In pfSense land it's called nat reflection. I believe it's off by default on pfSense, but it makes accessing your own stuff "externally" while inside the network a pain so I'd imagine most devices have it enabled by default.

[–] Harald_im_Netz 1 points 1 week ago

Yeah, I've never fixed this issue with my fritz.box, only thing that helps is calling up my DynDNS URL. Is there a better way?

[–] Sunny@slrpnk.net 1 points 1 week ago

Thanks!

[–] Goingdown@sopuli.xyz 5 points 1 week ago (1 children)

Can you access your wan ip when you are somewhere else than on your own lan?

If not, then this is probably just that your router does firewalling and nat is such order that you can access admin interface from local network via wan address.

If yes, then router has some serious misconfiguration.

[–] Sunny@slrpnk.net 3 points 1 week ago

Yeah exactly what happened, i was on my lan thinking WAN IP meant it was public - it was not :P

[–] scholar@lemmy.world 4 points 1 week ago (1 children)

Are you browsing from outside your local network?

[–] Sunny@slrpnk.net 3 points 1 week ago (1 children)

No I wasnt.. just realised this, thats a great relief really. Was afraid it had been publicly available all this time.

Learn something new every day :)

[–] scholar@lemmy.world 4 points 1 week ago

It's worth checking from an external network anyway, but I'd be surprised if it was public facing.

[–] TheButtonJustSpins@infosec.pub 3 points 1 week ago (1 children)

Do you see that only when you're on the LAN or also when you're coming in from WAN?

[–] Sunny@slrpnk.net 3 points 1 week ago (1 children)

Ah yeah you're right, i can only access this interface if I am on my LAN. Tried with hotspot now and it doesn't "load" - so thats good.

[–] TheButtonJustSpins@infosec.pub 2 points 1 week ago

My opnSense box does the same thing. I'd rather get to it via internal IP like pfSense worked. (I assume I can make that happen somehow, but I haven't researched it yet.)

[–] possiblylinux127@lemmy.zip 2 points 1 week ago

It is just a loopback interface you are seeing.