0

I have a fiber connection in my house that's fiber directly connected to the ISP-provided modem, meaning the modem acts as a convertor from fiber to metallic and I can't get rid of it. The modem also acts as a router and I can't switch it to bridge mode, as it offers no such setting.

I also have my own router (ASUS AX6000) connected to the modem (modem is connected to the WAN slot in the router), however, my router treats the modem as a part of the local network. I can access the modem when connected to the router and I can access the router when connected to the modem (admin interfaces). I can also ping other devices within the network when connected to the modem.

The modem is horribly outdated, insecure and the ISP has full remote control over modem. Is there any way I can make the router treat the ISP modem as WAN, meaning my local network will be hidden from the modem and the ISP?

I would be okay with buying other necessary equipment to make my network more secure.

Improve this question
8
  • What makes you think your internal network is accessible from by ISP? What you describe is actually normal. It would only be insecure if neither network was protected with a passphrase in the event the modem supported WiFi and you should be able to disable that. Additionally, if it’s a huge concern, you should be able to replace the modem with hardware of your choice.
    – Ramhound
    Commented Aug 15, 2023 at 11:52
  • @Ramhound Like I said in the post, the ISP has full remote control over the modem. If I can access my home devices from the modem, so can the ISP right? Also the modem receives no security updates, so if anyone was able to compromise the modem (other users within the same ISP network), they would be able to access my home network too. I want to to achieve that the modem would be treated strictly as WAN, as if it was in the bridge mode (if that's posible). I am a newbie into networking and want to know whether that's something that is possible to do.
    – Daniel
    Commented Aug 15, 2023 at 11:56
  • Having full control over the modem doesn't mean they can see into your network. That would bring some pretty serious legal ramifications if they did. What you describe is how most modem/routers work - especially in jurisdictions where you cannot just swap to your own personal router [the UK is like this, routers are code-locked to the ISP; swap for your own & it won't connect.]
    – Tetsujin
    Commented Aug 15, 2023 at 12:02
  • @Daniel - “If I can access my home devices from the modem, so can the ISP right?” - No; Your not listening when I and others say it’s normal for a device connected to modem like you describe, to be able to access a network created by a router, the fact this can be done does not mean devices on the intranet can be remotely accessed
    – Ramhound
    Commented Aug 15, 2023 at 12:27
  • @Ramhound I am 100% aware this does not mean my network devices can be accessed remotely. I am cornerned about exploitation of the ISP modem. The changes of this are RARE, yes, I am aware. However, the modem does not receive any security updates, it is running an ancient version of Linux and ISP can remotely push software to the modem. In case the ISP is compromised or supply chain for the modem is compromised, this would mean the compromise of my entire network. If it would be possible to switch the modem to the bridge mode, it would eliminate the risk, but it's not.
    – Daniel
    Commented Aug 15, 2023 at 12:30

1 Answer 1

Reset to default
0

If you do not trust the ISP Modem/Router and you cannot exchange it by your own device you have to use a firewall as the sole connection to the not-trusted device.

There are firewall solutions out there that run on a Raspberry PI or similar lightweight PCs.
In the simplest case you have an old "Internet Router" that can assign a network jack as a WAN port:

      Internet
         |
        ISP
- - - - -|- - - - - 
ISP's Modem/Router
         |
     Firewall —— DMZ — Your_Web-/Pers.Cloud-/Game-Server
         |
      (W)LAN
        /|\
 hosts 1 2 3 ...

A firewall solution offers more sophisticated configuration options than a fully integrated "Internet-Router" and can also provide a DMZ, a second network without access to your secure LAN. There you could securely host servers that shall be accessible from the internet, without exposing your secure LAN.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .