Access Wi-Fi router admin page from WAN side

[gev]

Topology:
Fiber optic modem -> 16 port TP-LINK hub/switch-> computers, devices, Tenda W268R Wi-Fi router.
Desktop computers and anything wired are connected to the hub, anything wireless to Tenda. I'm not using Tenda's 4 LAN ports and NOT GOING TO.
So LAN (wired) IPs are generated by modem's DHCP, anything wireless by Tenda.
Gateway is 192.168.1.1 (Modem).
Tenda WAN mode is set to DHCP (looks like getting IPs dynamically from modem), LAN IP is set to 192.168.0.1.
So to summarize all wired devices, connected to the hub are in 192.168.1.XXX range, all Wi-Fi devices, connected to Tenda in  192.168.0.XXX
Now question:
I can access Tenda's administration page from wireless devices, by browsing to 192.168.0.1, but cannot do so from wired ones. How I shall change Tenda's configuration to be able to do so?

[DaveLembke]

This is a unusual setup.... is it this way for fear that someone connecting to your wireless would have access to wired nodes(devices)?

Most configurations are Modem -> Router -> Hub or Switch *used only if you exceed the 4 wired connections available or you have a Hub or Switch in one room with multiple wired devices and 1 single Cat5 or Cat6 cable run back to the Routers 1 of 4 LAN ports in another room.

If your trying to access the admin page of the Tenda from the HUB/Switch hard wire connections, your then essentially trying to gain admin access to a Tenda router that has the Remote Admin turned off from the WAN side. If the Tenda allows this, it will be probably under Advanced Configuration a checkbox somewhere maybe to allow Access from the DMZ.

Personally, i would leave the Tenda alone and not open up remote admin on the WAN of it, as for if your modem doesnt have a firewall built into it, then your opening your Router up to attack from the outside. Additionally all devices before the modem connected to that Hub/Switch may alsio be sitting on the DMZ which is very dangerous and unsecure if this modem doesnt have a built in firewall. Most modems last Firewalls, Routers are used for protection and allowing multiple devices to connect to a single internet connection.

[gev]

Thanks Dave. You,re right, not only the hub and router are in different ares, but I have much more than 4 wired users, that's why I am using a 16 port hub. Actually accessing the admin page is only a part of the issue. A bigger one is shared folders. Currently wired can share for wireds and wifi with wifi, but we need the sharing to work cross type, for all. Not sure about firewall. ISP doesn't provide an access to it, just in case, it's Zyxel PSG1282-22 (Rev. 2). As for DMZ thing on Tenda, don't even know what to say, didn't anything like it in the menu.

[attachment deleted by admin to conserve space]

[DaveLembke]

If I am understanding your setup correctly.... your network is like the one to the right in this sketch attached, and you will want to have it configured like the setup to the left in this sketch which will place wireless and wired devices onto the same network. The Firewall on this router is likely blocking traffic between wireless and hard wired because its improper router use for what you need. Its a huge mess trying to get devices on both sides of firewall of router to talk. You would be opening up ports and port forwarding and all that and its just a big mess.

While you stated that you didnt want to use the 4 wired ports of the router, its best to have the router in between the modem and 16-port switch, use the routers DHCP, and keep wired and wireless devices on the same network as for the other side of the router on the modem side between modem and router is a different network. While all part of the same internet connection there is isolation between each.

The orange half circles stacked in the sketch is your wireless. Placement on top of green connection just symbolizes that its on the same network as the switch in this connection on the left. The connection configuration on the right shows it isolated based on what you said it sounds isolated due to the configuration you have.

[attachment deleted by admin to conserve space]

[gev]

Absolutly! How come I didn't think of it earlier? Better a couple of long wires than no sharing. I did it now, it works OK. Great!
There is only one moment that bothers me now. Now my configuration is exactly like the left drawing you provided, except for another Tenda Wi-Fi router (pretty much like this with 4 ports, a different model though) connected to one of that hub ports, that my neighbor uses. He's using 1 LAN connection and Wi-Fi. At this time I cannot ask him. Do you think it's going to be OK?

[DaveLembke]

Here is a means of having your neighbor sharing your internet connection and isolated. However the isolation is only there as long as they dont connect directly to the single cable going into their router. If they connect to wifi or any hard wired LAN ports of their router, they will be on their own DHCP and network branch.

They will be subject to a small amount of latency between the internet and them. Your internet connection would be slightly less latent because your closest to internet connection and they are 1 additional device away. Bandwidth is shared equally under this setup so if they start downloading like crazy, they could affect how slow stuff is to load and buffering of streaming content.

If this becomes a problem, your option is to throttle their bandwidth so that you have more bandwidth than them. You would need to find out the MAC address of the router that they use and then add a rule on your router if it supports QoS to limit how much download/upload bandwidth they are allowed. Such as say you have a 25/5 internet connection and they are causing troubles with too much bandwidth use, if your router has a QoS option you can limit them to 5/1 and so you have 20/4 for yourself. These numbers are download mbps / upload mbps.

For some ISPs its a violation of user agreement to be passing internet to neighbors. In the day of wifi its harder for them to control, but if the cable guy found a Cat5 or Cat6 cable strung from one residence to another, you could be fined as well as they take your internet away etc. If you have an appartment building and they are right next door and cable is out your window and into their window it might not get detected by your provider or hole in wall etc if landlord doesnt mind. 

Also to know is that if they do anything illegal, your door would be the one busted down and you handcuffed etc. So if you trust your neighbor then I guess its ok. Just some stuff to be aware of.

Additionally.... the neighbor should be made aware that their connection is not secure! Your smack dab in the middle and they are susceptible to whats known as Monkey in the Middle, where you can see all traffic to and from their connection and so I am assuming you 2 are friends and you dont intend to do anything illegal, but for them, they are not as secure as you are. Your traffic they wouldnt be able to sniff out, that is unless they plug directly into that green connection that is suppose to remain plugged into their router. 

[attachment deleted by admin to conserve space]

[gev]

Many thanks Dave.
You're overestimating the threat level on the legal side, I guess that's because you live in US or another "democratic" country . No worries here, where I live, ISP is well aware of my sharing with the neighbor. Even more, before there were 2 neighbors .
Actually my current configuration, a bit different, is in the diagram attached, and actually it caused a bit of a problem that's resolved by now.
As I mentioned in my initial message the modem's IP is 192.168.1.1, Tendas, as you know, are defaulting at 192.168.0.1, so after configuration change my Tenda (let's call it A) did OK. The neighbor's though (let's call it B) stalled up until I changed his config to LAN IP 192.168.1.1 and DNS to 192.168.0.1. Right now it's pretty OK. Do you think connecting Tenda B directly to Tanda A or to the hub makes any big difference.
By the way, QoS, you're mentioning, do you think it's the one attached, cause I couldn't find anything saying QoS explicitly?


[attachment deleted by admin to conserve space]

[DaveLembke]

Ah Ukraine Cool ... And yes this is the QoS Bandwidth control for that device.... oddly it doesnt have a mac address to set. Its IP Address Range configured for those devices in that range to be throttled bandwidth. So the IP neighbors router gets would be the IP to throttle if you need to. as long as routers stay powered all the time it shouldnt be a problem once set, but if the DHCP lease expires and they get a different IP for their router connected to your router then the throttled bandwidth will no longer apply if they have an IP for router as picked up by your DHCP which is outside that range that is throttled.

[gev]

:)Appreciate the wit, Ukraine.
Actually I'm from Armenia, if it says anything to you.
I don't think I'll use throttling, it's just that you told about it I got curious to know more. So far I've had no problems with that, but thanks anyways, that's a good thing to know.
And what about the topology I used? I'll copy that question from my most recent message for you. >Do you think connecting Tenda B directly to Tanda A or to the hub makes any big difference?<. Please see below.


[attachment deleted by admin to conserve space]

[DaveLembke]

Appreciate the wit, Ukraine.
Actually I'm from Armenia, if it says anything to you.

Noticed your browser tabs and Ukraine mentioned there... my apologies 

I would connect Tenda A to Tenda B to make their connection less latent, additionally the switch would have additional activity with their traffic + yours, I would have the switch for just yourself as for no sense congesting the switch with extra neighbor traffic.

Both ways will work, but thats what I would do.   No sense in your switch having the additional neighbor traffic and giving your neighbor more latency basically. 

[gev]

Thanks Dave.
It sounds like not a big difference to me. I'll do it when the time's right as doing it will take me more wiring job. Don't feel like it right now.
What bothers me now is that from neighbor's network I can access my Tenda's interface. Not that they're going to tamper with it or something worth a concern, but I'm just worried of the guy's kids accidentally ruining all my configurations. Is there a way blocking it, so that I can access it from 192.168.0.1 but not from his 192.168.1.1.
One more thing. Although I've set admin password, it looks like Chrome somehow overcomes it. I made sure the password is not avlbl in Chrome's Settings/Passwords and Forms/Manage Passwords/Saved Passwords, but every time I browse to management page (from my network to 192.168.0.1, from neighbor's network to both ...1.1 as well as ...0.1) Chrome jumps to image 1 attached (from here you just click on that Advanced Settings and you're there), whereas Inet Explorer goes to image 2 attached, as it's supposed to. Any idea why this happens? Just in case I'm attaching an edited topology diagram with IP info too.

[attachment deleted by admin to conserve space]