Hit the WAN ip, get to the internal LUCI web interface (443, 80, dealer's choice). Just the answer though. 2022 challenge

Someone answer this easy question better: How do I allow access to the LUCI interface from the WAN interface in 2022, using the LUCI interface to set that up? I want to point my browser at the external IP and be able to log in.

Has anyone come up with a better answer for this in 2022? Sure, there are many posts and search results but they all terrible (old, wrong, overly complex, and tons of people blabbering on and on about some stupid security stuff that is irrelevant. Or go on and on about why it should be done another way, or not at all).

Anyone? Best reply gets 2 free tickets to the Dallas Whataburger of your choice (must send prepaid envelope and postage + $20 shipping - $18 taxes - $3 for handling) and gets the 2022 Not a Forum Dick nomination.

feel free to disregard :wink: p.s. what is your ip address?


Here are all 3:

Also, sorry that is not a winning answer.

1 Like

I will seed the pot...

ooh... sounds like such a great deal. (Sadly) it seems like there won't be any winners here.


Your WAN IPv4 ( is not public. You are probably behind a CGNAT, your ISP is to blame. There is nothing you can do in OpenWRT, you will never be able to reach your device via IPv4 from outside.

You may try using IPv6 if your ISP provides it to see if you have better luck.


Just turn off the firewall since you don’t care anyway about security.

Dallas Whataburger tickets…
If I pay the tickets, do you pay for the trip to Dallas, don’t think it will be more than 1000$ ?


SMH, since you want to be such a

yourself...you could have just searched the forum - instead of insulting all prospective respondents.


But yea...maybe you should realize your WAN IP isn't public, so this won't work (as-is) anyway

Dang...taxes are high in Texas...or that's a pretty expensive burger!!!

(But...if you send a pre-paid envelope, what's the postage for???)

I'll pass, I bet it won't be a burger that I receive.

Wow...good answer too!


Theoretically it should suffice to create a new traffic rule with the following properties:

  • Source: wan
  • Destination: this device (input)
  • Protocol: tcp
  • Destination port: 443

Should look like this:

As other have pointed out, this requires an actual WAN IP, not a CG-natted one.

If you access from within LAN to the WAN IP then you might get


Rejected request from RFC1918 IP to public server address

To solve that you can either install luci-app-uhttpd and uncheck:

Or you issue

uci set uhttpd.main.rfc1918_filter=0
uci commit uhttpd
service uhttpd reload

via SSH.


So that derailed exactly as feared and I apologize - in my defense I meant to monitor this tightly and nudge it elsewhere but a covid crapshow hit my house. I am really floored though.... I did not expect to see such a response, especially given the incentives I provided, and it makes me very curious and tempted to follow up (out of band) or at the least send you an actual prize of some sort @jow jow Regardless that solves the question I intended to answer by starting this thread, as well as restored some of my faith in humanity. Thanks to all who participated.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.