Topic: TG585 v7 Remote Access (Read 22398 times)

mongo · « **on:** December 16, 2008, 02:13:52 PM »

Hiya,

have looked far and wide on the Internet but was not able to come across information that would assist me in allowing a telent session to be opened from a remote location using the TG585 v7.

Was previously using a SpeedTouch 585v6 but recently it started to reboot 2-3 times a day, so my ISP replaced it with a 585v7.

Now regarding the 585v6, I successfully managed to reprogram the device using the CLI commands so to allow me to open a telnet session from a remote location, specifically the following command was successfully inputed into the ra.ini

config state=enabled secure=enabled port=sum# timeout=20 mode=Permanent ipintf="" randompassword=disabled randomport=disabled group=administrator user=sumuser

This allowed me to successfully open/start a telent session from a remote location.

Now I have tried using the same methodology to program the 585v7 but this is not working, only greeting me with a

'Connecting To xxx.xxx.xxx.xxx...Could not open connection to the host, on port 23: Connect failed'

I am hoping someone out there can assist me with this.

Further information can be provided if there is an interest in this thread.

Hope to hear back from someone soon

roseway · « **Reply #1 on:** December 16, 2008, 02:48:58 PM »

Hi and welcome

I've no experience of that router, but recent models from Thomson/Speedtouch have various tweaking capabilities removed from their firmware. This page might be helpful, but I don't know.

orainsear · « **Reply #2 on:** December 16, 2008, 03:18:47 PM »

Could the firewall be blocking access? Have a look in the router firewall logs and see if there are any alerts.

Azzaka · « **Reply #3 on:** December 16, 2008, 03:38:28 PM »

Reset users

It is known that some customers will find themselves locked out from the GUI after changing the password for the Administrator user, however they will still have access via telnet. Do the following to create an appropriate user.

first before resetting the users - just in case its an IE7 lockout which can occur after changing the Administrator password.

system config digestauth=disabled

user flush
exit

Telnet to the router again but this time use the username root with no password.

user add name Admin password awordortwo role SuperUser defuser enabled defremadmin enabled deflocadmin enabled

Allow remote access to GUI or Telnet

Users that want to remotely manage their routers either through the GUI or via telnet can. First create a user as above, this gives that user privilege to manage remotely, then telnet to the router.

service system ifadd name HTTP group wan
service system ifadd name HTTPs group wan
service system ifadd name TELNET group wan

This of course opens the router up to anyone on the internet. To secure access to an IP or range of IP's type the following.

service system ipadd name HTTP ip 212.23.9.123
service system ipadd name HTTPs ip 82.69.227.123/29
service system ipadd name TELNET ip 212.23.9.250-212.23.9.249

If locking down to IP, remember that it takes effect immediately. If you are connected to the router via telnet from the local network and you lock telnet down to a WAN IP you will be instantly disconnected and be unable to connect from anywhere other than the WAN IP specified. Be sure to add the IP you are currently connected from first.

mongo · « **Reply #4 on:** December 16, 2008, 04:15:24 PM »

Hi peeps,

thanks for your fast responses, very much appreciated

roseway, thanks for the link, have been reading other sources on the net, but hadnt come across that page, cheerss

orainsear, nothing is showing in the logs, but I agree with you that the message I am receiving is as if it is being blocked

Azzaka, looks like you posted info from the link roseway pointed to

On first try I got the following error message

Failed to add interface group to TELNET service access list.

Thats logged in as root

Going to play a bit more............

mongo · « **Reply #5 on:** December 16, 2008, 04:28:42 PM »

Ok, I have resolved the problem.

What a diddy (well it depends how you look at it)

Remembered that the ISP routers come pre-configured with the firewall as 'inactive'. Using the GUI, I simply had to login, 'enable' the firewall, then set it to disabled.

Now I can telent into the router from a remote location, thats after having setup an account with remote access permissions.

Anyhow, I have learned alot of info in the last few hours, way too much really, LOL

Many thanks again for your assitance

Kind Regards

Andreas

roseway · « **Reply #6 on:** December 16, 2008, 06:39:04 PM »

>> Azzaka, looks like you posted info from the link roseway pointed to

If you look at the bottom of that page, you'll see that it was Azzaka who provided the original information.

Any way, thanks for your additional bit of information.

Azzaka · « **Reply #7 on:** December 19, 2008, 11:49:25 AM »

Quote from: roseway on December 16, 2008, 06:39:04 PM

>> Azzaka, looks like you posted info from the link roseway pointed to

If you look at the bottom of that page, you'll see that it was Azzaka who provided the original information.

Any way, thanks for your additional bit of information.

hehehe..

I have used that article so many time. I am at a point where i can do it in my sleep :p

mongo · « **Reply #8 on:** October 08, 2009, 10:47:45 AM »

LOL, well here we are again, TG585 v7 problems, hehehee

Googling brought me back to this page

-- Offtopic --
My TG585 v7 is opening certain ports by itself after it reboots!

Port numbers: 8/21/23/53/80/443/1723/1900/3235/51005

Was searcing for information on how to enable verbose logging to an external file so I can see when this is happening and what is instigating this.

Have spoken to my ISP but they couldnt assist me, as per usual, LOL

Anyhow, if someone has some info on how this can be done would be appreciated

roseway · « **Reply #9 on:** October 08, 2009, 11:33:54 AM »

Most of those ports are recognised standard ports for things like FTP, HTTP, HTTPS and so on (see here for a list). But they shouldn't be open for incoming traffic of course. As your original query was about opening port 23 for remote telnet access, I can't help thinking that you've inadvertently changed something in the configuration which has led to this behaviour. Perhaps you should do a factory reset of the router and start again?

mongo · « **Reply #10 on:** October 09, 2009, 10:22:54 AM »

Hello roseway,

yup standard ports, they are ports that would be open if I was hosting a webserver, ftpserver, dnsserver etc etc

but I am not

I manually delete them in the CLI and then they come back again, but not straight away, some event is triggered, that re-maps the ports.

My concern is that either:-

1/ There is a zombie PC in my network (we only have 4 computers, all scanned and come back clean)
2/ Somone has figured a way of hacking the units remotely and are mapping these ports
3/ The ini file that is loaded with the router when it is booted up / crashes re-maps these ports

Will have to look at number three to see if there is something in the ini file, like many I am far from an expert, just learn from places like kitz and reading through the manual.

Thanks for you comments......

mongo · « **Reply #11 on:** October 09, 2009, 10:41:16 AM »

Well looks like the values are in the ini file

Code: [Select]

[ expr.ini ]
add name=wan type=intf intfgroup=wan
add name=local type=intf intfgroup=local
add name=lan type=intf intfgroup=lan
add name=tunnel type=intf intfgroup=tunnel
add name=WAN_Not_Management type=intf intf=ipInternet
add name=WAN_Not_Management type=intf intf=pppInternet
add name=dmz type=intf intfgroup=dmz
add name=guest type=intf intfgroup=guest
add name=private type=ip addr=10.0.0.0/8 mask=0
add name=private type=ip addr=172.[16-31].*.* mask=0
add name=private type=ip addr=192.168.1.0/24 mask=0
add name=private type=ip addr=192.168.10.0/24 mask=0
add name=ssdp_ip type=ip addr=239.255.255.250 mask=0
add name=mdap_ip type=ip addr=224.0.0.103 mask=0
add name=icmp type=serv proto=icmp
add name=igmp type=serv proto=igmp
add name=ftp type=serv proto=tcp dstport=ftp
add name=telnet type=serv proto=tcp dstport=telnet
add name=http type=serv proto=tcp dstport=www-http
add name=httpproxy type=serv proto=tcp dstport=httpproxy
add name=https type=serv proto=tcp dstport=443
add name=RPC type=serv proto=tcp dstport=135
add name=NBT type=serv proto=udp dstport=netbios-ns
add name=NBT type=serv proto=udp dstport=netbios-dgm
add name=NBT type=serv proto=tcp dstport=netbios-ssn
add name=SMB type=serv proto=tcp dstport=445
add name=imap type=serv proto=tcp dstport=imap2
add name=imap3 type=serv proto=tcp dstport=imap3
add name=imap4-ssl type=serv proto=tcp dstport=585
add name=imaps type=serv proto=tcp dstport=993
add name=pop2 type=serv proto=tcp dstport=pop2
add name=pop3 type=serv proto=tcp dstport=pop3
add name=pop3s type=serv proto=tcp dstport=995
add name=smtp type=serv proto=tcp dstport=smtp
add name=ssh type=serv proto=tcp dstport=22
add name=dns type=serv proto=tcp dstport=dns
add name=dns type=serv proto=udp dstport=dns
add name=nntp type=serv proto=tcp dstport=nntp
add name=ipsec type=serv proto=ah
add name=ipsec type=serv proto=esp
add name=ipsec type=serv proto=udp dstport=ike
add name=ipsec type=serv proto=udp dstport=4500
add name=esp type=serv proto=esp
add name=ah type=serv proto=ah
add name=ike type=serv proto=udp dstport=ike
add name=DiffServ type=serv dscp=!cs0
add name=sip type=serv proto=udp dstport=sip
add name=sip type=serv proto=tcp dstport=sip
add name=h323 type=serv proto=tcp dstport=h323
add name=h323 type=serv proto=udp dstport=h323
add name=h323 type=serv proto=tcp dstport=1718
add name=h323 type=serv proto=udp dstport=1718
add name=h323 type=serv proto=tcp dstport=1719
add name=h323 type=serv proto=udp dstport=1719
add name=dhcp type=serv proto=udp dstport=bootpc
add name=dhcp type=serv proto=udp dstport=bootps
add name=rtsp type=serv proto=udp dstport=rtsp
add name=rtsp type=serv proto=tcp dstport=rtsp
add name=ssdp_serv type=serv proto=udp dstport=1900
add name=mdap_serv type=serv proto=udp dstport=3235
add name=syslog type=serv proto=udp dstport=syslog

Have no idea how those made their way in there!

Will edit the file and re-load it then put the router under surveillance, lol

roseway · « **Reply #12 on:** October 09, 2009, 10:49:04 AM »

It will be interesting to see the result. I'm afraid that this is way beyond my knowledge of the subject.

orainsear · « **Reply #13 on:** October 09, 2009, 11:06:35 AM »

When you deleted the port mappings using the CLI did you enter the 'saveall' command after each one?

mongo · « **Reply #14 on:** October 09, 2009, 11:34:41 AM »

roseway, beyond my knowledge too, lol, well not for long, heheheee

orainsear, yup, saveall, and not just one time

Reading up on expr part of the ini file, these are to add an 'expressions' am assuming expression == script

These expressions have always been in the ini file from the very first dump I made, will have to check the modem at home to see if it has the same items in the expr section.

Not so sure now if this is where I should be editing as there are some ports that are being opened that are not in the list

Hopefully someone with more knowledge on this can chime in...

News:

Author Topic: TG585 v7 Remote Access (Read 22398 times)

mongo

TG585 v7 Remote Access

roseway

Re: TG585 v7 Remote Access

orainsear

Re: TG585 v7 Remote Access

Azzaka

Re: TG585 v7 Remote Access

mongo

Re: TG585 v7 Remote Access

mongo

Re: TG585 v7 Remote Access

roseway

Re: TG585 v7 Remote Access

Azzaka

Re: TG585 v7 Remote Access

mongo

Re: TG585 v7 Remote Access

roseway

Re: TG585 v7 Remote Access

mongo

Re: TG585 v7 Remote Access

mongo

Re: TG585 v7 Remote Access

roseway

Re: TG585 v7 Remote Access

orainsear

Re: TG585 v7 Remote Access

mongo

Re: TG585 v7 Remote Access