Obi202 Can't close port 80 on WAN side

[SteveM]

First, the background.  The ONLY way that I've been able to avoid choppy audio in the uplink direction is to turn on QoS AND set restricted bandwidth (currently set to 130K).  Now it works perfectly.  As I understand it, and my experiments have shown, to use those settings the Obi must be in router mode, not bridge mode.  My DSL modem is a combination router / modem so to avoid a double-NAT, I set the DSL router in bridge mode and turned on the Obi firewall.

To check for open WAN ports, I ran GRC Shields Up scanner and guess what, port 80 is wide open, even with the setting device Administration > Web Server > AccessfromWAN unchecked.  Toggling the check box with a reboot between made no difference.  For kicks, I moved the web server to port 8000 and ran the scan again.  GRC reported port 80 is now closed but port 8000 is open.

Is this a bug?  How can I close the web server port to the outside world but leave it open for admin behind the firewall?

[SteveM]

Bump.

[SteveM]

Last bump.....

[Mango]

I don't have an OBi202, but since no one else has responded: if you port forward 8000 to an invalid IP address, does that solve the problem?

This is a hack that works with some routers, but I'm not sure about the OBi.

[zerocool]

I'm having this same issue on the Feb 2015 firmware. It was fine last week, but this week it started responding to port 80 requests, even with unchecking the AccessFromWAN, disabling from the phone itself, and even forwarding port 80 to an invalid IP. What in the world is going on?

[zerocool]

Just want to add that, like the OP, the server port would change as I would change that, but it still is ignoring the AccessFromWAN config and port forwarding is having no effect on killing this.

[202Owner]

Me, I would bridge the DSL modem/router, install my own trustworthy router/ap, and bridge the OBi.  Nobody should buy a $60 OBi for its routing and firewalling (throughput falls to 30Mbps in router mode).

[zerocool]

There's two reasons I have the obi coming off the modem before hitting my switch:

1) Can be supported by my UPS. Otherwise, I'd have to get another UPS to power the switch in the event of a power outage, which is something I don't have budgeted currently.

2) Having the obi as the first device helps ensure its packet priority.

I understand fully what you're saying, but the issue at hand is something did previously work, and now it doesn't. There's a config option that is being ignored. Unfortunately, I can't recall if I had performed a firmware update in between the "it works" and "it doesn't work" situations. Perhaps I can try downgrading the firmware, but I've read that it either doesn't work or it bricks it. I submitted a ticket to obi yesterday and haven't received a response yet, but hopefully they'll come up with something.

[202Owner]

I understand your reasoning, but the issue at hand is more reason NOT to trust an OBi and its ata-centric firmware maintenance for your network router and firewall.

[dircom]

There's two reasons I have the obi coming off the modem before hitting my switch:

1) Can be supported by my UPS. Otherwise, I'd have to get another UPS to power the switch in the event of a power outage, which is something I don't have budgeted currently.
response yet, but hopefully they'll come up with something.

2) Having the obi as the first device helps ensure its packet priority.

If you are saying you don't have enough sockets on your UPS, to plug in your Obi, and switch, then just plug in a power strip to the UPS, and plug your Obi, and switch into the power strip.

I guess I am lucky, I have my 202 plugged into my router, and also have a switch hanging off the router.
My audio quality is fine, without any settings changed on my part.

[zerocool]

Yeah, I might have to end up changing this. Even downgraded the firmware and restored the config I backed up last week that was working fine, and it still refuses to disable wan access. What a crock