Public IP Accessible Remotely?

If I attempt to access my public IP remotely through a browser (port 80), I receive a white page. The page has no content (so I don't believe it's the LuCI index.html file).

This doesn't seem normal though, I'd expect to see a connection refused or didn't response error instead. Have I misconfigured something?

Update: Previously when I would access the public IP locally, I'd get a page that stated:


Rejected request from RFC1918 IP to public server address

If I then change option rfc1918_filter 1 to option rfc1918_filter 0 in my /etc/config/uhttpd and reload the page, it displays the LuCI login prompt. Remotely though - still just a white page.

@strafe, welcome to the communioty!


Thanks for your reply. I have stopped LuCI with /etc/init.d/uhttpd stop, and this "white page" is still accessible remotely. So it's not LuCI/uhttpd that's responsible for this I assume.

I also ran tcpdump -ni eth1.2 tcp port 80 -v and got this output when trying to access my public IP from my phone's mobile network.

15:41:13.518168 IP (tos 0x0, ttl 48, id 0, offset 0, flags [none], proto TCP (6), length 60)
    MY.MOBILE.PHONE.IP.23853 > MY.HOME.PUBLIC.IP.80: Flags [S], cksum 0xa649 (correct), seq 3875127030, win 29200, options [mss 1220,sackOK,TS val 1430073316 ecr 0,nop,wscale 10], length 0
15:41:13.518230 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 40)
    MY.HOME.PUBLIC.IP.80 > MY.MOBILE.PHONE.IP: Flags [R.], cksum 0xa81e (incorrect -> 0x045e), seq 0, ack 3875127031, win 0, length 0

So...that was a yes, or no?

It's a no, my web GUI is not currently exposed to the internet and that is not my goal either.

1 Like

Can you explain your issue and true goal?

  • Do you just see a white page when you believe you shouldn't? or
  • Are you trying to setup a web server?

If I access my public IP remotely through a browser (e.g. if I go outside and enter my network's public IP into my phone's browser), I see a white page.

Do not respond to remote HTTP requests.

You do not seem to be responding to remote HTTP requests, perhaps the blank page you are seeing is in a proxy or cache.

From your tcpdump output it looks like your router is responding with the RST TCP header flag set (R in the tcpdump output). This is the standard behaviour of a closed TCP port. Your browser reacts by showing a white page.

We know that luci is actually running on port 80 on the router, but the firewall does its job and does not allow the connection from the WAN zone.

As I understand it, you can switch firewall rules from REJECT to DROP if you instead want your router to appear as if it was not there at all, for exactly this use-case. Note that there may still be other ways to detect that the router is there. This will cause the TCP client to retry the opening of the connection, by sending the SYN fragment again, until it gives up.

That's exactly what I wanted, thank you so much! Just to check, I wouldn't need to change forward to drop as well right? It's currently reject. So far I've only changed input.

Glad it helped. I know a little bit about TCP, but almost nothing about the Linux firewall implementation.

For what its worth, my settings for the WAN=>Reject rule is: Input:drop, Output:accept, forward:Reject.

Exactly how the forward chain works is beyond me. My guess would be that the current setting would REJECT (send RST) for IPv6 traffic with destination IP on the /56 network that my ISP has assigned to me. But I really have no idea. I also have no idea how it works with IPv4 NAT.

No worries, really appreciate it. As long as yours is set like that too then it's good enough for me!

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.