This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
admin-access [2022/02/03 16:39] – formatting hogwild | admin-access [2023/06/23 20:44] (current) – [SSL Certificate] -condense hogwild | ||
---|---|---|---|
Line 5: | Line 5: | ||
===== Web Admin ===== | ===== Web Admin ===== | ||
- | The Web Admin section has settings to control who can access FreshTomato' | + | The Web Admin section has settings to control who can access FreshTomato' |
+ | | ||
- | ==== Local Access | + | **Local Access: **This let you choose which web protocol(s) are allowed to communicate with the web interface via the LAN. \\ Port and Wireless access options will appear, depending on which selection you choose. |
- | This menu let you choose which web protocol(s) are allowed for communication to the web interface via the LAN. | + | |
- | + | * HTTP - Choosing this allows LAN Ethernet clients | |
- | | + | * HTTP Port - Here, enter the port number on which you want HTTP administration traffic to flow. (Default: 80). |
- | * HTTP Port: Choosing this allows LAN client access | + | * Allow Wireless Access - Checking this lets LAN WiFi clients access the web interface. (Default: enabled). |
- | * HTTPS: Choosing this allows LAN client access | + | * HTTPS - Choosing this allows LAN Ethernet clients |
- | * HTTP and HTTPS: Choosing this allows LAN client | + | * HTTPS port: Here, enter the HTTPS port number to use. (appears only if HTTPS is among the chosen options). |
- | + | * Allow Wireless Access - Checking this lets LAN WiFi clients access the web interface via HTTPS. (Default: enabled). | |
- | **HTTP Port:** In this field, enter the port number on which you want HTTP administration traffic to flow. (Default: 80). | + | * HTTP and HTTPS - Choosing this allows LAN Ethernet clients to access |
+ | * HTTP Port - Here, enter the port number on which you want HTTP administration traffic to flow. (Default: 80). | ||
+ | * HTTPS port: Here, enter the HTTPS port number to use. (appears only if HTTPS is among the chosen options). | ||
+ | * Allow Wireless Access - Checking this lets LAN WiFi clients access the web interface. (Default: enabled). | ||
\\ | \\ | ||
Line 23: | Line 27: | ||
\\ | \\ | ||
- | |||
- | **HTTPS port:** Here, enter the https port number you wish to use. (This option appears only if HTTPS is among the chosen options). | ||
==== SSL Certificate ==== | ==== SSL Certificate ==== | ||
Line 34: | Line 36: | ||
**Save in NVRAM: **TBD. | **Save in NVRAM: **TBD. | ||
- | ==== Remote Access | + | **Remote Access:** This lets you choose whether and how a user can remotely access FreshTomato' |
- | This menu lets you choose whether | + | * Disabled - This prevents all access to FreshTomato' |
+ | * HTTP - This allows web access | ||
+ | * HTTPS - This allows web access to FreshTomato' | ||
- | * Disabled: This prevents all access to FreshTomato' | + | \\ **Unmount JFFS during upgrade:** Checking this unmounts any existing JFFS partition during firmware upgrades. :-(! |
- | | + | |
- | * HTTPS: This allows web access to FreshTomato' | + | |
- | **Allow | + | **Allow |
- | **Directory with GUI files:** | + | **Remote Access:** This menu lets you specify |
- | **Color Scheme:** Here, you can choose the color scheme used for the web interface pages. (Default: Default). | + | * Disabled - No Remote access to the web interface will be permitted. |
+ | * HTTP - Remote access via the HTTP protocol will be permitted. | ||
+ | * HTTPS - Remote access via the HTTPS protocol will be permitted. | ||
+ | |||
+ | \\ | ||
+ | |||
+ | **Allow Wireless Access: | ||
+ | |||
+ | **Directory with GUI files:** Here, select the directory which contains the files that provide the graphical web interface. \\ CAUTION: Do not change this setting unless you're experienced. An error could prevent you from accessing the web interface. | ||
+ | |||
+ | **Theme UI:** This lets you choose the color scheme | ||
+ | |||
+ | **Open Menus: | ||
- | **Open Menus: | ||
===== SSH Daemon ===== | ===== SSH Daemon ===== | ||
- | **S**ecure **SH**ell | + | Secure SHell is a tunneling protocol |
- | **Enable at Startup:** Checking this starts the SSH Daemon when the router boots. (Default: Enabled). | + | **Enable at Startup: |
- | **Extended MOTD:** Checking this enables the Message of the Day function. This function displays a custom message when you first log in via Telnet. The message can be can be important information or updates about the system or just a personal greeting from the system administrator. | + | **Extended MOTD: |
\\ | \\ | ||
Line 64: | Line 77: | ||
\\ | \\ | ||
- | ==== Remote Access | + | **Remote Access:** Checking this allows SSH connections from remote WAN/ |
- | Checking this allows | + | **Remote Forwarding: |
- | **Remote Forwarding: **Checking this enables | + | For example, let's say you want to be able to access a Windows PC on your LAN via Remote |
- | As an example, say you want to be able to access a Windows PC on your LAN via Remote Desktop, but you don't want the security risk of opening up a port for RDP to the Internet directly, via standard | + | **Port: **Here, enter the port number |
- | **Port: **Here, you can enter the port number on which you want SSH traffic to flow. (Default: 22). Changing the port number from the default is highly recommended, as port 22 is being constantly scanned by Internet hackers. | + | **Allow Password Login: **Checking this allows clients to login via SSH with only the normal administrative username and password. No authorized encryption key is needed. When disabled, SSH will require an authorized key to allow a client to log on. |
- | **Allow Password Login: **Checking this allows clients | + | **Authorized Keys:** Here enter one or more encryption keys which authorize an SSH client |
+ | |||
+ | **Stop Now:** Clicking this button immediately stops the SSH daemon. SSH will start again at the next bootup. After clicking, the button | ||
- | **Authorized Keys:** Here you can enter one or more encryption keys which authorize an SSH client to access to the LAN. | ||
===== Telnet Daemon ===== | ===== Telnet Daemon ===== | ||
- | (Terminal EmuLation over the NEtwork) is a protocol which allows LAN and remote connections via a command-line interface. Telnet is not a secure protocol. | + | (Terminal EmuLation over the NEtwork) is a protocol which allows LAN and remote connections via a command-line interface. |
**Enable at Startup:** Checking this enables the Telnet Daemon, allowing connections to FreshTomato via Telnet. | **Enable at Startup:** Checking this enables the Telnet Daemon, allowing connections to FreshTomato via Telnet. | ||
- | **Port:** Here, you can enter the port number on which Telnet connections will be made to the router. | + | **Port:** Here, you can enter the port number on which Telnet connections will be made to the router. (Default: 23). |
- | **Stop Now / Start Now. **Clicking this button immediately stops the Telnet Daemon. | + | **Stop Now / Start Now. **Clicking this button immediately stops the Telnet Daemon. |
\\ | \\ | ||
Line 103: | Line 117: | ||
[[https:// | [[https:// | ||
+ | |||
===== Username/ | ===== Username/ | ||
- | The Username/ | + | You are strongly urged to change these from the default settings to keep the router and network secure. |
**Username: | **Username: | ||
Line 117: | Line 132: | ||
{{: | {{: | ||
+ | |||
+ | \\ | ||
+ | |||
+ | \\ | ||