Limiting access to ntop



  • Hi,

    I've got ntop installed on my router, but I do not want everyone to be able
    to read the stats.

    So I openend the website, went to Firewall -> Rules -> LAN and added
    something like:

    Reject
    Proto: TCP
    Source: Lan subnet
    Destination: LAN addess
    Port: 3000 which translates to HBCI :)

    But, I still can access the port from every machine in my subnet.
    I tried to move the rule on top of all other rules or to the bottom,
    but nothing helps to limit the access.

    What am I doing wrong?

    regards,
    Marcus



  • Your source is: "Lan subnet" meaning everyone out of your lan-subnet can access it.

    Change your source to the computer you want access from.

    Or if you want multiple users to be able to access it use aliases.



  • Hmm,

    I tried to block everyone, even myself in the test.
    Because of that I used Lan subnet as source.

    Changed it now to an alias using not, so everyone but
    me should be kept away, saved, reloaded, second machine
    opens the website fine..

    I have made two screenshots of my rule, maybe you could
    have a look at those.

    regards,
    Marcus

    P.S.: just deleted the two pictures, as they were unreadable.. resizing .png files suck :)



  • Can you get us some better quality please?



  • Yes,

    just realized, that I did render them unreadable :(

    Sorry for the mess up.

    Here is a better one.

    regards,
    Marcus




  • Are you sure the hbci alias is correct? Also try to disable the lan antilogout rule at system>advanced.



  • Yes,

    I am pretty sure about hbci, as I entered the value "3000" into the input field.

    But your hint with the antilogout worked. Now the second machine cannot
    access the ntop status page any longer.

    Would nerver have found this myself! Many thanks to you!!!

    kind regards,
    Marcus


Locked