If I attempt to access my public IP remotely through a browser (port 80), I receive a white page. The page has no content (so I don't believe it's the LuCI index.html file).
This doesn't seem normal though, I'd expect to see a connection refused or didn't response error instead. Have I misconfigured something?
Update: Previously when I would access the public IP locally, I'd get a page that stated:
Forbidden
Rejected request from RFC1918 IP to public server address
If I then change option rfc1918_filter 1 to option rfc1918_filter 0 in my /etc/config/uhttpd and reload the page, it displays the LuCI login prompt. Remotely though - still just a white page.
Thanks for your reply. I have stopped LuCI with /etc/init.d/uhttpd stop, and this "white page" is still accessible remotely. So it's not LuCI/uhttpd that's responsible for this I assume.
I also ran tcpdump -ni eth1.2 tcp port 80 -v and got this output when trying to access my public IP from my phone's mobile network.
Problem:
If I access my public IP remotely through a browser (e.g. if I go outside and enter my network's public IP into my phone's browser), I see a white page.
From your tcpdump output it looks like your router is responding with the RST TCP header flag set (R in the tcpdump output). This is the standard behaviour of a closed TCP port. Your browser reacts by showing a white page.
We know that luci is actually running on port 80 on the router, but the firewall does its job and does not allow the connection from the WAN zone.
As I understand it, you can switch firewall rules from REJECT to DROP if you instead want your router to appear as if it was not there at all, for exactly this use-case. Note that there may still be other ways to detect that the router is there. This will cause the TCP client to retry the opening of the connection, by sending the SYN fragment again, until it gives up.
That's exactly what I wanted, thank you so much! Just to check, I wouldn't need to change forward to drop as well right? It's currently reject. So far I've only changed input.
Glad it helped. I know a little bit about TCP, but almost nothing about the Linux firewall implementation.
For what its worth, my settings for the WAN=>Reject rule is: Input:drop, Output:accept, forward:Reject.
Exactly how the forward chain works is beyond me. My guess would be that the current setting would REJECT (send RST) for IPv6 traffic with destination IP on the /56 network that my ISP has assigned to me. But I really have no idea. I also have no idea how it works with IPv4 NAT.