by Cubytus » Wed Feb 07, 2024 11:42 pm
Thanks for the tip.
So I cut port 9091 from the router's firewall, leaving data port open, and opened the https port (non-standard of course!).
In total, the router lets in traffic for:
[list=]FTP server
Transmission data
HTTPS port (non-standard)[/list]
On my mobile phone, I can get Transmission's admin interface from the WAN over HTTPS, which I don't need and may be a security risk as it sits behind a single password
I get the same interface through plain HTTP (I wish it could redirect non-LAN connections to HTTPS automatically…)
So far three issues remaining:
I can get Transmission's Web interface from the WAN, but it doesn't accept my user/password pair (the ones dedicated to Transmission, just in case anyone was wondering). When accessed from the WAN, Transmission reports an error 401 "Unauthorized user". For the sake of this test, these are the default ones.
The other one: as the HTTPS certificate is a self-signed one, examining the content reveals the LAN-side IP, hostname, which may be a problem.
Emitter name is fvdw, which I understand is by design, but nevertheless should be editable, especially for those who don't have many fvdw-powered NASes.
The third one, perhaps more serious: there should be an option to completely disable fvdw's firmware general admin interface from WAN access, and only leave services the user explicitly wishes to access. It's a bit nonsensical for a user to see "you need to enable service X, otherwise you won't get service Y", even if it makes sense from a computer point of view.