OpenWrt Forum Archive

Topic: Remote access luci ports 443, 80

The content of this topic has been archived on 3 May 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Hello guys!
I've been following the tutorials here, but I still can not get remote access either through port 80 or 443. If you can help me, some instruction on something I did not see? Below my settings.

Model: TP-Link TL-WR1043N/ND v1
Firmware: OpenWrt Chaos Calmer 15.05.1

/etc/config/firewal
config zone
        option input 'ACCEPT'
        option output 'ACCEPT'
        option name 'wan_pppoe'
        option network 'WAN'
        option forward 'ACCEPT'
        option masq '1'
        option mtu_fix '1'
config forwarding
        option dest 'lan'
        option src 'wan_pppoe'
config forwarding
        option dest 'wan_pppoe'
        option src 'lan'
config rule
        option target 'ACCEPT'
        option proto 'tcp udp'
        option src 'wan_pppoe'
        option enabled '0'
config rule
        option name 'luci-wan'
        option target 'ACCEPT'
        option proto 'tcp'
        option dest_port '443 80'
        option src 'wan_pppoe'
config redirect
        option _name 'luci-wan-redirect'
        option src 'wan_pppoe'
        option proto 'tcp'
        option dest 'lan'
        option src_dport '4443'
        option dest_port '443'

config redirect
        option _name 'luci-wan-redirect'
        option src 'wan_pppoe'
        option proto 'tcp'
        option dest 'lan'
        option src_dport '8088'
        option dest_port '80'

Can you post here your /etc/config/uhttpd and /etc/config/dropbear files, please?

What do you want to get? Just open ports or redirect them? How are you trying to login?

I have already tried to open the default ports only, and also redirect them as in the previous post file but it did not work. I can not log in, because the luci panel does not appear, it's as if it does not respond: my_address:8088


config uht.tpd 'main'
list listen_ht.tp '0.0.0.0:80'
        list listen_ht.tp '[::]:80'
        list listen_ht.tps '0.0.0.0:443'
        list listen_ht.tps '[::]:443'
        option redirect_ht.tps '1'
        option home '/w.ww'
        option rfc1918_filter '1'
        option max_requests '3'
        option max_connections '100'
        option cert '/etc/uht.tpd.crt'
        option key '/etc/uht.tpd.key'
        option cgi_prefix '/cgi-bin'
        option script_timeout '60'
        option network_timeout '30'
        option ht.tp_keepalive '20'
        option tcp_keepalive '1'
        option ubus_prefix '/ubus'
config cert 'px5g'
        option days '730'
        option bits '1024'
        option country 'ZZ'
        option state 'Somewhere'
        option location 'Uknown'
        option commonname 'OpenWrt'

(Last edited by elias13jr on 22 Feb 2017, 00:12)

Is this a typo:
option home '/w.ww'

Edit: looks like there's a few other extra dots as well.

(Last edited by tunk on 22 Feb 2017, 11:40)

tunk, I think, he is not able to post links at the moment.

elias13jr, try step by step:

config rule
        option name 'luci-wan'
        option target 'ACCEPT'
        option proto 'tcp'
        option dest_port '80'
        option src 'wan_pppoe'

remove

config redirect
        option _name 'luci-wan-redirect'
        option src 'wan_pppoe'
        option proto 'tcp'
        option dest 'lan'
        option src_dport '4443'
        option dest_port '443'

config redirect
        option _name 'luci-wan-redirect'
        option src 'wan_pppoe'
        option proto 'tcp'
        option dest 'lan'
        option src_dport '8088'
        option dest_port '80'

I removed the redirect config and made the config rule.
When trying to access via browser I get the message:
Forbidden
Rejected request from RFC1918 IP to public server address.
Searching the forum, they recommended unchecking the Rebind protection option located in Network> General Settings. Did not work.

Have you tried login via WAN IP or LAN IP from WAN side or LAN side?

(Last edited by ulmwind on 22 Feb 2017, 22:04)

elias13jr wrote:

I removed the redirect config and made the config rule.
When trying to access via browser I get the message:
Forbidden
Rejected request from RFC1918 IP to public server address.
Searching the forum, they recommended unchecking the Rebind protection option located in Network> General Settings. Did not work.

That means your router is detecting a connection coming from a private IP address on and interface that should be public (and thus only public IP addresses would be expected). The "option rfc1918_filter '1'" controls this filter, you might want to set it to '0'; but I would investigate how is that happening.

Thanks for the explanations. The ulmwind question answers my question. My tests were running the IP WAN of my own IP LAN. I understood the problem and it worked.

The discussion might have continued from here.