Posted: Fri Nov 09, 2012 9:15 Post subject: Ddwrt router remote web access
I have a linksys wrt310nv1 flashed with build 15962. I set the remote web access port to my desired port. When I try to access the router remotely, I can do so without any problems by accessing http://externalip:port but the weird thing is that I can also access it by just typing http://externalip without the port. Why is this happening? I have another router, wrt54g2v, with exactly the same settings but connected to a different isp and I don't experience this issue. Can anybody shed light on this? Thanks.
give iptables output. looks like some rules are gone.
normally, webserver listen on 0.0.0.0:80. so without rules, it is accessable from outside on port 80.
the remote port points to 80 through NAT.
2nd question: are you trying to access external ip from your local lan ?. so its now wonder. your request to webserver never left your local network, so the router "thinks" it came from LAN. in this case search forum for "nat loopback" _________________ RT-N66U @ Build 25697M K3.10.63
TL-WR842ND v1 @ BS-build 23919 WDS AP
TL-WR841ND @ BS-build 23919 WDS Client
TL-WR841ND @ BS-build 23919 Client Bridge ( Routed )
give iptables output. looks like some rules are gone.
normally, webserver listen on 0.0.0.0:80. so without rules, it is accessable from outside on port 80.
the remote port points to 80 through NAT.
2nd question: are you trying to access external ip from your local lan ?. so its now wonder. your request to webserver never left your local network, so the router "thinks" it came from LAN. in this case search forum for "nat loopback"
How do I get the iptables output?
Ok, I understand what you said. But are rules, by default, present in ddwrt?
Regarding the second question, no I'm accessing the external IP from another external IP (from my 3G connection actually). So this is not the issue for sure.
but thats it. with spi, it logic, isnt it ? see your drop rules. just ssh and telnet incoming are blocked. port 80 is free to go. dunno whats up with ur wrt54g2
and
Code:
60 3120 DNAT tcp -- any any anywhere external ip
tcp dpt:21001 to:192.168.1.1:80
21001 is your remote port huh _________________ RT-N66U @ Build 25697M K3.10.63
TL-WR842ND v1 @ BS-build 23919 WDS AP
TL-WR841ND @ BS-build 23919 WDS Client
TL-WR841ND @ BS-build 23919 Client Bridge ( Routed )
but thats it. with spi, it logic, isnt it ? see your drop rules. just ssh and telnet incoming are blocked. port 80 is free to go. dunno whats up with ur wrt54g2
and
Code:
60 3120 DNAT tcp -- any any anywhere external ip
tcp dpt:21001 to:192.168.1.1:80
21001 is your remote port huh
Oops, I forgot about removing the remote port, lol. But yes, that is my remote port. That's weird. Should I post also the iptables of my wrt54g2v1?
u may post it. but i dont know your network structure. of course the wrt54g2 is not accessable on 80 from external, if its BEHIND the wrt310n and the wrt310n dials your to your ISP. _________________ RT-N66U @ Build 25697M K3.10.63
TL-WR842ND v1 @ BS-build 23919 WDS AP
TL-WR841ND @ BS-build 23919 WDS Client
TL-WR841ND @ BS-build 23919 Client Bridge ( Routed )
u may post it. but i dont know your network structure. of course the wrt54g2 is not accessable on 80 from external, if its BEHIND the wrt310n and the wrt310n dials your to your ISP.
no that isn't correct. this is my network structure.
isp1 - modem1 - wrt54g2
isp2 - modem2 - wrt310n
both routers have exact same settings except that the wrt54g2 has its domain set to get from WAN side. i try to access both webservers from isp3 in my cellphone.
case is clear on wrt310n. disabled firewall, less rules.told ya, without firewall, your router is completely open. i need to see wrt54g2 rules, why port 80 is blocked there. but thats not the point u wants to be solved. create rules, or activate firewall ( btw, why isnt it activated ? )
and what do you mean with: wrtg2 get its domian name from wan ? _________________ RT-N66U @ Build 25697M K3.10.63
TL-WR842ND v1 @ BS-build 23919 WDS AP
TL-WR841ND @ BS-build 23919 WDS Client
TL-WR841ND @ BS-build 23919 Client Bridge ( Routed )
case is clear on wrt310n. disabled firewall, less rules.told ya, without firewall, your router is completely open. i need to see wrt54g2 rules, why port 80 is blocked there. but thats not the point u wants to be solved. create rules, or activate firewall ( btw, why isnt it activated ? )
and what do you mean with: wrtg2 get its domian name from wan ?
Ok then, I will paste the rules of the wrt54g2 here later. It is not activated because I have my own firewall, pfsense? If there's no pfsense, do you recommend turning on the SPI firewall only under the security tab?
Under services tab, used domain is WAN for the wrt54g2 and used domain is LAN&WLAN for the wrt310n.
so when I connect to the webserver of the wrt54g2 router, it really doesn't see that pfsense is there (invisible from the outside world), right? hence why spi firewall is disabled.
for the 2nd modem, i just plainly disabled spi firewall for no reason. but the thing is that these two networks have the same configuration as seen from the outside but they act differently like I explained in the issue above.
This is why I decided not to say in my OP that there is a pfsense in my network, because I would expect that you would answer that of course the wrt54g2 would not be accessible because pfsense is BEHIND it. But as I've said, it is AFTER it. As seen by the wrt54g2 router, pfsense is just one of its LAN clients. Got it?