There does not seem to be a definitive method to access Webfig on my RB2011 router from the internet. Is it actually possible? I have tried lots of different ways from many sites but none work (NAT, Firewall etc).
Can someone provide a working example?
Thanks
Charles
Re: Why is it so hard to set up internet access to Webfig?
Actually you just need to uncheck "firewall router" checkbox in QuickSet and that should be all
Re: Why is it so hard to set up internet access to Webfig?
Thanks for the response. I don't have that setting on Quick Set. I have a new RB2011 with V6.24.
Where next?
Charles
Where next?
Charles
Re: Why is it so hard to set up internet access to Webfig?
Please post a screenshot of your Quickset page, your full model name (RB2011....) and also the firewall section screenshot (of the Filter tab)
Re: Why is it so hard to set up internet access to Webfig?
Will do.
Please could you also point me at the wiki page that describes how to do it.
Thanks
Please could you also point me at the wiki page that describes how to do it.
Thanks
Re: Why is it so hard to set up internet access to Webfig?
It's not clear why you are unsuccessful, so I can't suggest a specific wiki page. Need to see the configuration page first.
Basically access from the internet is controlled in the "firewall -> filter" menu. if you disable the rules that "drop" the traffic in the "input" chain, it should work from the public IP.
But this is dangerous and opens the router to anyone
Basically access from the internet is controlled in the "firewall -> filter" menu. if you disable the rules that "drop" the traffic in the "input" chain, it should work from the public IP.
But this is dangerous and opens the router to anyone
Re: Why is it so hard to set up internet access to Webfig?
OK.
I found the "Firewall Router" tick box. It was on the "Home AP" Quick set, not the default "WISP AP".
As indicated by some posts, I have added a NAT rule on port 443 to get through to my Fileserver and that works whether I have the "Firewall Router" ticked or nor. However, if I create a NAT rule from port 81 back to the router itself (192.168.1.1 port 80) it only works with the "Firewall Router" unticked.
That seems to indicate the rules used for the ticked "Firewall Router" are too tight. However, your last post seems to indicate that I should not use the rules created when I untick "Firewall Router".
So, as my router is attached to the internet (and is my firewall), it seems dangerous to untick "Firewall Router".
How do I adjust the ticked "Firewall Router" rules to allow access to my router from the internet?
My Filter rules are:
My NAT rules are (excluding some vpn rules):
Thanks
Charles
I found the "Firewall Router" tick box. It was on the "Home AP" Quick set, not the default "WISP AP".
As indicated by some posts, I have added a NAT rule on port 443 to get through to my Fileserver and that works whether I have the "Firewall Router" ticked or nor. However, if I create a NAT rule from port 81 back to the router itself (192.168.1.1 port 80) it only works with the "Firewall Router" unticked.
That seems to indicate the rules used for the ticked "Firewall Router" are too tight. However, your last post seems to indicate that I should not use the rules created when I untick "Firewall Router".
So, as my router is attached to the internet (and is my firewall), it seems dangerous to untick "Firewall Router".
How do I adjust the ticked "Firewall Router" rules to allow access to my router from the internet?
My Filter rules are:
Code: Select all
0 ;;; default configuration
chain=forward action=accept connection-state=established,related log=no
log-prefix=""
1 ;;; default configuration
chain=forward action=drop connection-state=invalid log=yes
log-prefix=""
2 ;;; default configuration
chain=forward action=drop connection-state=new
connection-nat-state=!dstnat in-interface=ether1-gateway log=no
log-prefix=""
3 chain=input action=accept protocol=icmp log=no log-prefix=""
4 chain=input action=accept connection-state=established log=no
log-prefix=""
5 chain=input action=accept connection-state=related log=no log-prefix=""
6 chain=input action=drop in-interface=ether1-gateway log=no
log-prefix="" Code: Select all
2 chain=srcnat action=masquerade out-interface=ether1-gateway log=no log-prefix=""
3 chain=dstnat action=dst-nat to-addresses=192.168.1.2 to-ports=443 protocol=tcp
in-interface=ether1-gateway dst-port=443 log=no log-prefix=""
4 chain=dstnat action=dst-nat to-addresses=192.168.1.1 to-ports=81 protocol=tcp
in-interface=ether1-gateway dst-port=80 log=no log-prefix=""
Charles
Re: Why is it so hard to set up internet access to Webfig?
So I managed to figure this out.
To access a server within the internal network from outside, you need to set up a NAT rule.
To access the router itself from outside, you need to set up a Firewall rule to open up the port you want to use.
Perhaps that is obvious to some, but it confused me a lot when trying to figure out why I needed to use two different methods when opening up routes to the internal network.
CHarles
To access a server within the internal network from outside, you need to set up a NAT rule.
To access the router itself from outside, you need to set up a Firewall rule to open up the port you want to use.
Perhaps that is obvious to some, but it confused me a lot when trying to figure out why I needed to use two different methods when opening up routes to the internal network.
CHarles
-
-
hossain2004a
Member Candidate
- Posts: 247
- Joined:
- Location: Iran
Re: Why is it so hard to set up internet access to Webfig?
@howdey57
could you export your firewall and nat config, so I can see them?
could you export your firewall and nat config, so I can see them?
-
-
suntelSean
newbie
- Posts: 48
- Joined:
Re: Why is it so hard to set up internet access to Webfig?
If he doesn't, I can if you need help.@howdey57
could you export your firewall and nat config, so I can see them?
Re: Why is it so hard to set up internet access to Webfig?
For access to the Router itself from the Internet, I use this firewall rule. For my simple mind, this works because it opens up port 80 on the first thing the internet hits.
For access to my fileserver from the Internet, I use this NAT rule. This works because it is able to point the traffic at a different IP on the internal network (Network Address Translation).
I hope this helps.
Code: Select all
chain=input action=accept protocol=tcp dst-port=80 log=no log-prefix="" Code: Select all
chain=dstnat action=dst-nat to-addresses=192.168.1.2 to-ports=443 protocol=tcp in-interface=ether1-gateway dst-port=443 log=no log-prefix="" Who is online
Users browsing this forum: Bing [Bot] and 105 guests