Remote Access to a Thomson Router


If you need help with telnet commands, see this first telnet.html

There's a few different options here.
a) HTTP remote access to the routers user interface from across the internet.
b) HTTPS remote access to the routers user interface from across the internet. This gives the benefit of encrypted access.
c) Telnet remote access to the router from across the internet.

All of these options have a security risk. The router will be accessible to anyone on the internet and given enough time the password could be cracked.
We can reduce this security risk, but not eliminate it, by:
d) Deleting all the user names and passwords and creating a new unique username and password.
e) Restrict the IP or IP range which can access the router.
f) Ensure every PC is running a software firewall (eg windows firewall)

Lastly use dynamic DNS to maintain easy access for those on a dynamic IP address.

Option a)
HTTP Remote Access

Commands Comments
service system list name=HTTP expand=enabled Optional -- see the settings before we start.
service system ifadd name=HTTP group=wan Join the HTTP server to the WAN
service system modify name=HTTP state=enabled Not usualy required as HTTP is already enabled for LAN.
service system list name=HTTP expand=enabled Optional -- see the changes.
saveall Make permanent

Use a "Open Port Check" web site  such as http://canyouseeme.org/
Test that port 80 is open. If the port is open then HTTP remote access should work.

Undo -- remove the above settings.
Commands Comments
service system list name=HTTP expand=enabled Optional -- see the changes.
service system ifdelete name=HTTP group=wan Remove HTTP server from WAN
saveall Make permanent

Option b)
HTTPs Remote Access

Commands Comments
service system list name=HTTPs expand=enabled Optional -- see the settings before we start.
service system ifadd name=HTTPs group=wan Join the HTTPs server to the WAN
service system modify name=HTTPs state=enabled Enable HTTPs.
service system list name=HTTPs expand=enabled Optional -- see the changes.
saveall Make permanent

Use a "Open Port Check" web site  such as http://canyouseeme.org/
Test that port 443 is open. If the port is open then HTTPs remote access should work.

Undo -- remove the above settings.
Commands Comments
service system list name=HTTPs expand=enabled Optional -- see the changes.
service system modify name=HTTPs state=disabled Disable HTTPs server.
service system ifdelete name=HTTPs group=wan Remove HTTPs server from WAN
saveall Make permanent

Option c)
Telnet Remote Access

Commands Comments
service system list name=TELNET expand=enabled Optional -- see the settings before we start.
service system ifadd name=TELNET group=wan Join the TELNET server to the WAN
service system list name=TELNET expand=enabled Optional -- see the changes.
saveall Make permanent

Use a "Open Port Check" web site  such as http://canyouseeme.org/
Test that port 23 is open. If the port is open then TELNET remote access should work.

Undo -- remove the above settings.
Commands Comments
service system list name=TELNET expand=enabled Optional -- see the changes.
service system ifdelete name=TELNET group=wan Remove TELNET server from WAN
saveall Make permanent

Option d)
More Secure Username and Password

Most Thomson routers have a SuperUser account. To improve security we need to replace this with something less obvious.
This deletes all users, creates a new user hopefully with a strong name and password.
The new user has full "root" privileges.

Commands Comments
user flush Delete all usernames and passwords
Exit telnet session and start a new one. No username or password needed.
user add name=MyUserName password=MyPassWord role=root defuser=enabled defremadmin=enabled deflocadmin=enabled Replace MyUserName and MyPassWord
with ones of your own.
saveall Make permanent.

If something goes wrong or you forget the new user details - A factory reset will restore the original settings.

Option e)
Restrict Remote Access to a Specified IP Range

Warning -- If you fail to assign the LAN IP's first you will be locked out of the router -- It's then factory reset time.

Commands Comments
service system ipadd name=HTTP ip=192.168.1.[1-254] Important -- Assign the LAN IP range first
service system ipadd name=HTTP ip=93.96.1.1/24 Assign single IP or IP range you wish to allowed remote access.
service system list name=HTTP expand=enabled Optional -- see the changes
saveall Make permanent.

If required, repeat with HTTPs and / or TELNET

Undo -- Remove IP Range Restriction

Warning -- If you fail to unassign the LAN IP's last you will be locked out of the router -- It's then factory reset time.

Commands Comments
service system ipdelete name=HTTP ip=93.96.1.1/24 Unassign IP range allowed remote access
service system ipdelete name=HTTP ip=192.168.1.[1-254] Important -- Unassign the LAN IP range last
service system list name=HTTP expand=enabled Optional -- see the changes
saveall Make permanent.

If required, repeat with HTTPs and / or TELNET

Remote Access using Dynamic DNS

The dynamic DNS updater can easily be setup in the routers GUI.
You just need a free account at http://dyn.com/dns/dyndns-free/ and away you go.

Telnet Project for Thomson Routers
Telnet commands for a Thomson router

Multiple SSID  -- (TG587n only)

Web Access Control Schedule (TOD) -- (TG587n only)

Web content filter

Telnet scripting

Enable WDS on a TG585v7 / TG587n

Connect Two Thomson Routers Together

Basic DMZ on a Thomson Router

Advanced DMZ on a Thomson TG587n

Forward all ports to a specific LAN IP

IP QoS

Wake on LAN from Internet

Xbox and PS3 on a Thomson router

Remote Access to a Thomson Router

Home Page

footer
Copyright© NPR 2010 - 2012       Disclaimer