Can't connect Luci from wan

Hi,

I can connect to Luci of my openwrt router with '192.168.1.1' from lan.

And I configured the following in /etc/config/firewall and 'service firewall restart'

config rule
    option name 'Lucy-From-Wan'
    option src 'wan'
    option proto 'tcp'
    option dest_port '80'
    option target 'ACCEPT'

config rule
    option src 'wan'
    option proto 'tcp'
    option dest_port '443'
    option target 'ACCEPT'

And then I tried to connect Luci of the router with wan ip from outside, but the error, ERR_CONNECTION_TIMED_OUT, occurs.

Please help me to connect Luci from wan.
Thanks in advance

Have you checked which interface(s) Luci/web server is set to listen to ?

also, what you're doing in lethal, security wise, and a big no no.

2 Likes

No, how should I check which interface(s) Luci/web server is set to listen to?

Not sure if it can be seen from Luci, it's in the /etc/config/uhttpd file

But if you haven't played with it, the default is all interfaces - 0.0.0.0

1 Like

Thanks for your reply

I didn't change from the default in /etc/config/uhttpd. It's still as it is.

config uhttpd 'main'
    list listen_http '0.0.0.0:80'
    list listen_http '[::]:80'
    list listen_https '0.0.0.0:443'
    list listen_https '[::]:443'

Do you have any idea?

Well, the next question would be where from you're trying to access Luci on the WAN side ?

So, what's the use case.

you can setup a secure ssh connection and access luci that way.

Currently trying to access Luci through phone for the test.
I will access Luci from outside wherever I want later.

I can already access SSH and FTP from wan, but can't access Luci from wan.
How can I setup to access Luci?

sorry, never tried to access luci over wan.

if you search the fourm, you will find many answers, for example
Remote web access

if you can use ssh, then you need to setup ssh forward rule.
how to is documented,
https://openwrt.org/docs/guide-user/luci/luci.secure

First of all check that the firewall rules are applied properly iptables-save -c
If the rules are there with zero hits, then verify that you are using the correct IP address. The IP of wan interface must match the one you see when you browse from a device in the lan the site http://icanhazip.com/

1 Like

Thanks for your reply

How can I check that the firewall rules are applied properly iptables-save -c?
And how can I check whether the rules are there with zero hits or not?

You can paste the output here.

The output is too much and includes some private information.
Instead, I printed with 80.

root@OpenWrt:~# iptables-save -c |grep 80
[0:0] -A zone_wan_input -p tcp -m tcp --dport 80 -m comment --comment "!fw3: Lucy-From-Wan" -j ACCEPT

Zero hits, nothing reached the firewall.

1 Like

Thanks a lot for your check

From your clue, it looks that port 80 on wan is blocked by openwrt,
so I changed port number from 80 to another and redirected to 80 of 192.168.1.1 in /etc/config/firewall.
Then, I can access Luci from wan

No problem, thanks for your reply

Assuming you didn't make a config error in the 1st place, it's probably blocked by your ISP.
Not a very uncommon way to prevent customers from running web sites.

2 Likes

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.