[Solved]Cannot access Luci gui

Hi,
I installed luci, cannot access gui from outside.
I am not sure of luci config.
Here are some config details , that I am using.
I verified ping/wifi works on the host correctly.
(network)

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd1e:04b0:3594::/48'

config interface 'lan'
	option type 'bridge'
	option ifname 'eth0'
	option proto 'static'
	option netmask '255.255.255.0'
	option ipaddr '192.168.2.1'
	option ip6assign '60'

config interface 'wan'
	option proto 'dhcp'

my wireless is bridged to wan

config wifi-device 'radio0'
	option type 'mac80211'
	option channel '6'
	option country 'US'
	option hwmode '11g'
	option path 'platform/soc/fe300000.mmcnr/mmc_host/mmc1/mmc1:0001/mmc1:0001:1'
	option htmode 'VHT20'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option network 'wan'
	option mode 'sta'
	option ssid 'xxx'
	option key 'xx'
	option encryption 'psk2'

--uhttpd--

config uhttpd 'main'
	list listen_http 'localhost:80'
	list listen_http '[::]:80'
	list listen_https '0.0.0.0:443'
	list listen_https '[::]:443'
	option redirect_https '1'
	option home '/www'
	option rfc1918_filter '1'
	option max_requests '3'
	option max_connections '100'
	option cert '/etc/uhttpd.crt'
	option key '/etc/uhttpd.key'
	option cgi_prefix '/cgi-bin'
	list lua_prefix '/cgi-bin/luci=/usr/lib/lua/luci/sgi/uhttpd.lua'
	option script_timeout '60'
	option network_timeout '30'
	option http_keepalive '20'
	option tcp_keepalive '1'
	option ubus_prefix '/ubus'

config cert 'defaults'
	option days '730'
	option key_type 'rsa'
	option bits '2048'
	option ec_curve 'P-256'
	option country 'ZZ'
	option state 'Somewhere'
	option location 'Unknown'
	option commonname 'OpenWrt'

When you say you cannot access from outside, are you talking about from the internet or on your LAN?

Opening the router such that LuCI can be reached on the WAN (Internet) side is very strongly discouraged -- it opens the router up to brute-force login attempts, and the web server (uhttpd) is not security hardened -- it is a light-weight web server for embedded devices, not intended to be used on the internet.

That said, if your OpenWrt WAN is behind an existing router where you have a trusted LAN (so the OpenWrt WAN is connected to your normal LAN), you probably don't have to worry about the security consideration I mentioned above. If this is the case, all you need to do is open port 80 to the WAN using the traffic rules.

Meanwhile, why is your wireless bridged to the WAN?

Thanks for the reply, I mean from the internet.
like http://192.168.2.1:80/
Regards

my device, raspberry pi is behind the router. raspberry pi has openwrt and luci.
regards

this would not be from the internet. This would be from your LAN. Does it work if you enter this address?

Please confirm that your network looks like this:

Internet > Router w/ Wifi > Raspberry Pi WAN on Wifi from router

Are you trying to connect from the internet itself, or just from the LAN created by the router?

yes, i have router w/wifi, i have other devices (pc, mobile and raspberry pi) connecting to this wifi.
I want to access luci on the LAN created by router.
Regards.

Should be relatively easy... first verify that LuCI is running in general by connecting to the LAN created by the Raspberry Pi (you want to verify that LuCI works so you don't chase your tail). If so, just add a traffic rule like this:

config rule
	option target 'ACCEPT'
	option proto 'tcp'
	option dest_port '80'
	option name 'LuCi-from-WAN'
	option src '*'

(or the equivalent in LuCI).

image438×516 27.8 KB

Please do not expose LuCI to the internet itself, though, as I mentioned earlier.

Apologies, since I cannot access the GUI, how should I add this rule.
Regards.

I added this rule in /etc/config/firewall, and restarted. Still I see
cannot access luci using both static and lan ip's. I see luci is running by ps | grep uht
Regards

Have you tried connecting to the lan side of the pi to make sure you can access LuCI from there?

Actually, since you brought up ( why I am connecting to wan ) , so I made change to use lan for wifi
and made the change in network for lan to have just dhcp. I tried now using ip addr it shows under wlan0
from my pc : http://192.168.1.17:80/ , pc on lan, but still I cannot access.
Regards

Apologies, first, I would like to ask, what would be my ideal configuration for
network and
wireless
should look like, for my device to be on the LAN and get dynamic IP ?
Regards

sorry to deviate, I restored everything to the very begining(network, wireless ).
I added the above rule. now the focus is on Luci. would appreaciate, why I still cannot
access the luci on LAN ?
Regards

Can you ping the OpenWrt Raspberry Pi? Can you login via ssh?

Thanks, Yes, I can ping using wireless ip, but not using static ip( unless I connect ethernet cable).
Also, i cannot ssh to it, I am getting : port 22: Connection refused. I installed openssh server on pi.
Regards

This implies that you are connecting to the OpenWrt WAN. You won't be able to make any changes unless you can connect in general, so you need to be connected to the LAN side of the OpenWrt Pi.

Maybe it would be best to start here: what is your goal? what do you want to do with this OpenWrt Pi? It may impact how to best configure the RPi.

Thanks, I can connect using ftp(installed vsftpd) to the pi. Just I want the pi as additional device, in addition to my laptop.
Regards

FTP? I don't think you're running OpenWrt - FTP is not enabled on OpenWrt.
Can you explain where you got your OpenWrt image and how you installed it?
What version of Raspberry Pi is this?

OpenWrt is not really a general purpose OS -- it is designed primarily as a router firmware. Maybe you want Raspian instead? Can you be more specific about what you want to do with this Raspberry Pi?

Thanks, let us not deviate, issue is bringing up luci on openwrt.?
Regards