Hi,
I can connect to Luci of my openwrt router with '192.168.1.1' from lan.
And I configured the following in /etc/config/firewall and 'service firewall restart'
config rule
option name 'Lucy-From-Wan'
option src 'wan'
option proto 'tcp'
option dest_port '80'
option target 'ACCEPT'
config rule
option src 'wan'
option proto 'tcp'
option dest_port '443'
option target 'ACCEPT'
And then I tried to connect Luci of the router with wan ip from outside, but the error, ERR_CONNECTION_TIMED_OUT, occurs.
Please help me to connect Luci from wan.
Thanks in advance
Have you checked which interface(s) Luci/web server is set to listen to ?
also, what you're doing in lethal, security wise, and a big no no.
2 Likes
No, how should I check which interface(s) Luci/web server is set to listen to?
Not sure if it can be seen from Luci, it's in the /etc/config/uhttpd file
But if you haven't played with it, the default is all interfaces - 0.0.0.0
1 Like
Thanks for your reply
I didn't change from the default in /etc/config/uhttpd. It's still as it is.
config uhttpd 'main'
list listen_http '0.0.0.0:80'
list listen_http '[::]:80'
list listen_https '0.0.0.0:443'
list listen_https '[::]:443'
Do you have any idea?
Well, the next question would be where from you're trying to access Luci on the WAN side ?
So, what's the use case.
you can setup a secure ssh connection and access luci that way.
Currently trying to access Luci through phone for the test.
I will access Luci from outside wherever I want later.
I can already access SSH and FTP from wan, but can't access Luci from wan.
How can I setup to access Luci?
sorry, never tried to access luci over wan.
if you search the fourm, you will find many answers, for example
Remote web access
if you can use ssh, then you need to setup ssh forward rule.
how to is documented,
https://openwrt.org/docs/guide-user/luci/luci.secure
trendy
January 12, 2021, 4:05pm
12
First of all check that the firewall rules are applied properly iptables-save -c
If the rules are there with zero hits, then verify that you are using the correct IP address. The IP of wan interface must match the one you see when you browse from a device in the lan the site http://icanhazip.com/
1 Like
x86cokr
January 12, 2021, 4:44pm
13
Thanks for your reply
How can I check that the firewall rules are applied properly iptables-save -c
?
And how can I check whether the rules are there with zero hits or not?
trendy
January 12, 2021, 4:44pm
14
You can paste the output here.
x86cokr
January 12, 2021, 4:58pm
15
The output is too much and includes some private information.
Instead, I printed with 80.
root@OpenWrt:~# iptables-save -c |grep 80
[0:0] -A zone_wan_input -p tcp -m tcp --dport 80 -m comment --comment "!fw3: Lucy-From-Wan" -j ACCEPT
trendy
January 12, 2021, 5:00pm
16
Zero hits, nothing reached the firewall.
x86cokr:
[0:0]
1 Like
x86cokr
January 13, 2021, 3:45am
17
Thanks a lot for your check
From your clue, it looks that port 80 on wan is blocked by openwrt,
so I changed port number from 80 to another and redirected to 80 of 192.168.1.1 in /etc/config/firewall.
Then, I can access Luci from wan
x86cokr
January 13, 2021, 5:36am
18
No problem, thanks for your reply
frollic
January 13, 2021, 6:03am
19
Assuming you didn't make a config error in the 1st place, it's probably blocked by your ISP.
Not a very uncommon way to prevent customers from running web sites.
2 Likes
system
Closed
January 23, 2021, 6:03am
20
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.