Technical Discussion
  >> Home Networking, Internet Connection Sharing, etc.


Register (or login) on our website and you will not see this ad.


Pages in this thread: 1 | 2 | (show all)   Print Thread
Standard User AWM_Mars
(newbie) Tue 24-Oct-17 09:41:19
Print Post

Huawei HG633 - TalkTalk Router


[link to this post]
 
Hi,

I am trying to setup a webserver on one of my PC's connected to my home network.

I have 2 main PC's directly connected through the Huawei Router, A=Upstairs using WiFi 5.0, B=Downstairs using Ethernet cable.

Both machines are using Windows10 Pro 64bit fully patched, along with all applications and drivers etc.

The PC I want to setup as a webserver is B

The issue I am facing is that PC B cannot respond to any port forwarding rules I apply in both the router and the Kaspersky Firewall (Kaspersky Internet Security 2017).

On PC B I am running the latest version of Apache and confirm that it is listening to port 80. This is part of the wampserver software which included PHP and MySQL servers. http://www.wampserver.com/en/

When I use websites to check ports, some say port 80 is open, others closed.

I have setup folders called www http public_http on the root HD with both PHP and Html versions of my website.

I have set up a domain which points to my router/IP url and is dynamic so it updates every 5 minutes.

There are no issues with any outbound ports and I can connect remotely to this PC over the LAN.

If I use my data connection from my smartphone, or another location not connected to my Lan, and try to connect using a standard browser, I get a couple of warnings that the connection is not secure, then if I bypass those warnings I get the admin login page for my router.

Anyone have any idea's what I maybe doing wrong?

Politeness is priceless when received, cost nothing to own or give, yet many cannot afford. AWM 2003

Edited by AWM_Mars (Tue 24-Oct-17 09:44:08)

Administrator MrSaffron
(staff) Tue 24-Oct-17 10:17:31
Print Post

Re: Huawei HG633 - TalkTalk Router


[re: AWM_Mars] [link to this post]
 
MOST IMPORTANT...

It looks like you have exposed the web admin interface of your router, fix that first before worrying about the web server.

Second....web hosting including full virtual machines is so cheap these days that in terms of security and hassle much better to host with a hosting service.

The author of the above post is a thinkbroadband staff member. It may not constitute an official statement on behalf of thinkbroadband.
Standard User AWM_Mars
(newbie) Tue 24-Oct-17 10:23:48
Print Post

Re: Huawei HG633 - TalkTalk Router


[re: MrSaffron] [link to this post]
 
Thanks for the rapid response.

How I have exposed the admin, I have no clue, for all I know it could have been like that since I installed the router some 18 months ago. I have been informed by those that frequent the TalkTalk (my ISP) forums, this is 'quite normal'.

The purpose for setting up a home webserver is a requirement for demonstrating purposes. I already have several virtual hosts, but none of those suit my direct requirements. Getting this working is a need, not a want, for me.

Politeness is priceless when received, cost nothing to own or give, yet many cannot afford. AWM 2003


Register (or login) on our website and you will not see this ad.

Standard User BatBoy
(sensei) Tue 24-Oct-17 10:57:25
Print Post

Re: Huawei HG633 - TalkTalk Router


[re: AWM_Mars] [link to this post]
 
Your router is running a webserver on port 80 and this is serving pages in preference to your port forwarding.

You need to disable the routers webserver's access to the WAN, as anybody on the internet currently has access, which is obviously a security risk.
Administrator MrSaffron
(staff) Tue 24-Oct-17 11:20:14
Print Post

Re: Huawei HG633 - TalkTalk Router


[re: BatBoy] [link to this post]
 
If the HG633 is not playing nicely you might be better swapping it out for third party hardware where you are more in control too. Is this an ADSL2+ or VDSL2 service.

Most router interfaces have the option to disable WAN access to config interface, but without a HG633 to hand impossible to say where it is hidden, and very much doubt that this is open by default on the WAN side to people.

The author of the above post is a thinkbroadband staff member. It may not constitute an official statement on behalf of thinkbroadband.
Standard User AWM_Mars
(newbie) Tue 24-Oct-17 12:42:06
Print Post

Re: Huawei HG633 - TalkTalk Router


[re: MrSaffron] [link to this post]
 
In reply to a post by MrSaffron:
If the HG633 is not playing nicely you might be better swapping it out for third party hardware where you are more in control too. Is this an ADSL2+ or VDSL2 service.

Most router interfaces have the option to disable WAN access to config interface, but without a HG633 to hand impossible to say where it is hidden, and very much doubt that this is open by default on the WAN side to people.

I have no idea how to do that. All I have altered is in Port Forwarding, so whatever is the cause, has been factory/firmware set.

Politeness is priceless when received, cost nothing to own or give, yet many cannot afford. AWM 2003
Standard User AWM_Mars
(newbie) Tue 24-Oct-17 12:45:20
Print Post

Re: Huawei HG633 - TalkTalk Router


[re: MrSaffron] [link to this post]
 
In reply to a post by MrSaffron:
If the HG633 is not playing nicely you might be better swapping it out for third party hardware where you are more in control too. Is this an ADSL2+ or VDSL2 service.

Most router interfaces have the option to disable WAN access to config interface, but without a HG633 to hand impossible to say where it is hidden, and very much doubt that this is open by default on the WAN side to people.

To make things even more difficult, as Huawei made this router bespoke for TalkTalk, they have released no manuals, or even acknowledge it on their website. TalkTalk only say the router came with a manual...... yeah the one that says 'the yellow plug goes into the yellow hole'.......

I have a fibre connection so a VDSL2 router.

Politeness is priceless when received, cost nothing to own or give, yet many cannot afford. AWM 2003
Administrator MrSaffron
(staff) Tue 24-Oct-17 13:09:58
Print Post

Re: Huawei HG633 - TalkTalk Router


[re: AWM_Mars] [link to this post]
 
https://help2.talktalk.co.uk/guided-assist/what-enha...

A few clicks and found this article showing where remote management is controlled from

The author of the above post is a thinkbroadband staff member. It may not constitute an official statement on behalf of thinkbroadband.
Standard User Michael_Chare
(fountain of knowledge) Tue 24-Oct-17 14:55:35
Print Post

Re: Huawei HG633 - TalkTalk Router


[re: AWM_Mars] [link to this post]
 
I use port forwarding and translation to access web sites on my local lan. The web sites on my lan have fixed IP addresses, and I set my router to translate from some 5 digit port number to port 80. All the domestic routers I have seen will do this.

Michael Chare
Standard User AWM_Mars
(newbie) Tue 24-Oct-17 15:19:03
Print Post

Re: Huawei HG633 - TalkTalk Router


[re: MrSaffron] [link to this post]
 
In reply to a post by MrSaffron:
https://help2.talktalk.co.uk/guided-assist/what-enha...

A few clicks and found this article showing where remote management is controlled from

Oh, thanks for that, I thought I had explored every inch of the router, that must have been enabled by default from day 1. Bad Huawei, bad talktalk.

Politeness is priceless when received, cost nothing to own or give, yet many cannot afford. AWM 2003
Standard User AWM_Mars
(newbie) Tue 24-Oct-17 15:24:26
Print Post

Re: Huawei HG633 - TalkTalk Router


[re: Michael_Chare] [link to this post]
 
In reply to a post by Michael_Chare:
I use port forwarding and translation to access web sites on my local lan. The web sites on my lan have fixed IP addresses, and I set my router to translate from some 5 digit port number to port 80. All the domestic routers I have seen will do this.

Hi,

Yes, in the router I have given every connected device a name that reflects its operation, my smartphone, samknows router, downstairs_PC, Upstairs_PC etc, saves memorising IP addresses. That way I can simply select the right device from a drop down menu. I setup portforwarding using this method.

I have also setup a static IP for the device thats acts as a static webserver.

The only thing I can think of, is the router is somehow hardwired to prevent incoming port requests. I have read this is very common with 'domestic' plans. Quite what they gain from it, defies my logic.

Politeness is priceless when received, cost nothing to own or give, yet many cannot afford. AWM 2003
Administrator MrSaffron
(staff) Tue 24-Oct-17 16:49:26
Print Post

Re: Huawei HG633 - TalkTalk Router


[re: AWM_Mars] [link to this post]
 
It is this simple....

If the remote management is turned on and listening then incoming port 80 traffic will hit that and not get port forwarded, turning off remote management is the usual fix, but if ever fault finding with TalkTalk support you might find they want it turned back on.

The author of the above post is a thinkbroadband staff member. It may not constitute an official statement on behalf of thinkbroadband.
Standard User AWM_Mars
(newbie) Tue 24-Oct-17 16:57:25
Print Post

Re: Huawei HG633 - TalkTalk Router


[re: MrSaffron] [link to this post]
 
Then it is time to shed the fat controller and seek out another ISP and router that does what I want, what I pay for. smile

Politeness is priceless when received, cost nothing to own or give, yet many cannot afford. AWM 2003
Standard User Michael_Chare
(fountain of knowledge) Tue 24-Oct-17 19:41:10
Print Post

Re: Huawei HG633 - TalkTalk Router


[re: AWM_Mars] [link to this post]
 
I use port translation. When my router sees a request for port 54321 it knows to send it to a particular ip address on my home network and port 80. I have never seen a domestic router that can not do this.

If my public DNS name is me.xyz.com and my web server has an address of 192.168.1.123 then

http://me.xyz.com:54321 goes to http://192.168.1.123:80

Michael Chare
Administrator MrSaffron
(staff) Wed 25-Oct-17 00:33:41
Print Post

Re: Huawei HG633 - TalkTalk Router


[re: Michael_Chare] [link to this post]
 
In terms of port translation there are some that cannot, but don't recall models.

In this posters case, they've been shown how to turn off remote management that will then allow the port forwarding to work.

The author of the above post is a thinkbroadband staff member. It may not constitute an official statement on behalf of thinkbroadband.
Standard User ukhardy07
(knowledge is power) Wed 25-Oct-17 01:18:56
Print Post

Re: Huawei HG633 - TalkTalk Router


[re: MrSaffron] [link to this post]
 
To confirm and put your mind at rest, remote management is not enabled by default.

Edited by ukhardy07 (Wed 25-Oct-17 01:19:08)

Standard User AWM_Mars
(newbie) Wed 25-Oct-17 09:52:15
Print Post

Re: Huawei HG633 - TalkTalk Router


[re: ukhardy07] [link to this post]
 
In reply to a post by ukhardy07:
To confirm and put your mind at rest, remote management is not enabled by default.

Strange you say that, but as I have said, I didn't even relate that portion of the menu system, except to reboot the router or do ping tests. TalkTalk support have several times installed firmware updates on my router and even checked settings, clearly this is a default that was set before shipment to allow them to do this.

Politeness is priceless when received, cost nothing to own or give, yet many cannot afford. AWM 2003
Standard User ukhardy07
(knowledge is power) Wed 25-Oct-17 10:03:37
Print Post

Re: Huawei HG633 - TalkTalk Router


[re: AWM_Mars] [link to this post]
 
They donít enable the router interface over port 80 by default. Just no.

They can remotely update your router and this is done over TR069.

This is known as enhanced remote management and is different to having the router interface open over port 80.

Edited by ukhardy07 (Wed 25-Oct-17 10:04:57)

Pages in this thread: 1 | 2 | (show all)   Print Thread

Jump to