Web interface login form missing

hkraal · April 6, 2024, 1:48pm

Hi,

At our vacation home a neighbor has been so kind to let us piggyback his internet. I’ve set up an old RB411AH as a WiFi client with an AP connected on ether1 on which our devices are connected. This config has been running quite smoothly besides for 1 thing; I’d really like to be able to use Webfig but it simply doesn’t show the login prompt. Shouldn’t be a caching issue either as it’s the same between Safari/Firefox/Chrome/curl.

I’d figure it’s some kind of “protect management traffic” from non-internal addresses but I’m unclear how I’m supposed to tell RouterOS to allow management from my 192.168.17.0/24 range.

Any hints to what could be the cause would be much appreciated!

Regards, Henk

The current config:

# 2024-04-06 15:23:26 by RouterOS 7.12.1
#
# model = RB411AH

/interface list
add name=LAN
add name=WAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk mode=dynamic-keys supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk group-ciphers=tkip,aes-ccm mode=dynamic-keys name=XXX supplicant-identity=MikroTik unicast-ciphers=tkip,aes-ccm
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n disabled=no frequency=2447 security-profile=XXX ssid=YYY
/ip pool
add name=dhcp_pool0 ranges=192.168.17.100-192.168.17.200
/ip dhcp-server
add address-pool=dhcp_pool0 interface=ether1 name=dhcp1
/port
set 0 name=serial0
/interface list member
add interface=wlan1 list=WAN
add interface=ether1 list=LAN
/ip address
add address=192.168.17.1/24 comment=defconf interface=ether1 network=192.168.17.0
/ip dhcp-client
add interface=wlan1
/ip dhcp-server network
add address=192.168.17.0/24 dns-server=1.1.1.1,192.168.17.1 gateway=192.168.17.1
/ip firewall nat
add action=masquerade chain=srcnat out-interface=wlan1 src-address=192.168.17.0/24
/system clock
set time-zone-name=Europe/Amsterdam
/system note
set show-at-login=no
/system ntp server
set enabled=yes

abbio90 · April 8, 2024, 7:04am

check in /ip service if the http service is enabled and if the port is port 80. Furthermore, if you have firewall rules with action drop, if so, temporarily disable one rule at a time to check if they are connected to what is found.

hkraal · April 9, 2024, 7:36am

Thank you for your time. There are no filter rules active. The config is pretty much vanilla, the www service is enabled (which seems to be the default). I tried setting an address as the docs state “List of IP/IPv6 prefixes from which the service is accessible” but that didn’t help either. No login box is shown;

/ip/service> print detail
Flags: X - disabled, I - invalid
 0   name="telnet" port=23 address="" vrf=main

 1   name="ftp" port=21 address=""

 2   name="www" port=80 address=192.168.17.0/24 vrf=main

 3   name="ssh" port=22 address="" vrf=main

 4 X name="www-ssl" port=443 address="" certificate=none tls-version=any vrf=main

 5   name="api" port=8728 address="" vrf=main

 6   name="winbox" port=8291 address="" vrf=main

 7   name="api-ssl" port=8729 address="" certificate=none tls-version=any vrf=main