Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BB #321] Feature request: Allow a WAN to be used for OOB (Out Of Band) management only #39

Open
xixix-ft opened this issue Jan 29, 2025 · 0 comments
Open

[BB #321] Feature request: Allow a WAN to be used for OOB (Out Of Band) management only #39

xixix-ft opened this issue Jan 29, 2025 · 0 comments

Comments

@xixix-ft
Copy link

Ref. https://bitbucket.org/pedro311/freshtomato-arm/issues/321/feature-request-allow-a-wan-to-be-used-for

rs232 created an issue 2024-02-08

With dependency on #65 as briefly discussed in the tomat64 subforum as well there could be a nice improvement for the WAN settings where an interface (say 3/4/5G but it can be any connectivity really) can be set to be “OOB Only”.

This would allow a backdoor into the system for administration only.

In certain country it’s very cheap to buy a SIM card that is charged by traffic, apart from the DDNS updates and little more this could be an almost free backdoor into the system that provides big value for remotely administered devices.

The practical idea would be to add under the relevant WAN or perhaps VLAN something like:

This interface is for “Out Of Band” management only [ ]

When set the WAN/VLAN would:

Update the DDNS
Make sure the interface is not present in any routing table (so only answering when a packet comes in)
Restrict traffic to certain protocols only (ssh/https/VPNs)
Restrict attempts
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@xixix-ft