Cannot Reach RutOS web UI from wan side, but can ssh

(applies to RutX10 (7.07.2) & RutX11 (7.06.3)

I want to access the RutOS UI from the wan side.

Following the usual procedure, and as set out in:
wiki.teltonika-networks.com/index.php?title=Firewall_traffic_rules
Sectiomn 3.4 Allow to remotely access the WebUI.
I do:

In System / Administration / Access Control
I have set port 8700 (say) as my ssh access port
and (say) 21898 as my https access port.
And I have set both:

Remote SSH access    On
Enable remote HTTPS access    On

In Network / Firewall / Traffic Rules
I create traffic rules:

	Enable_SSH_WAN
	from Wan (any port)
	to Device input, port 8700

and

	Enable_HTTPS_WAN
	from Wan (any port)
	to Device input, port 21898
	(tcp & udp)

However while I can access ssh from the wan side, I cannot access the https web ui.
Message received: Unable to connect.

However, if i do a port froward from 21898 on the wan side,
to 21898 on the lan side, I can then access the webui from the lan side.

Three possibilities I can think of:
a. Setting the https wan access port is being ignored (most likely)
b. the Traffic Rules are not being implemented correctly
(possible but unlikely as the ssh rule works).
c. My dog has eaten port 21898 on the wan side.

Hi,

Could you try leaving the HTTP and HTTPS ports as 80 and 443 respectively, to rule out any incorrect firewall rules? Make sure to enable both HTTP and HTTPS remote access, and then try to reach both from the WAN side.

Best regards,

Hi Marijus

Today I changed to HTTPS port to 443, the HTTP port to 80,
enabled HTTP & HTTPS both for remote access.
This also automatically changed the https traffic rule from port 22998 to port 443.

However I still could not access the web page from the wan https or http.

For your information, I include the /etc/config/firewall files
(retreived using scp)
#1 from 240619, with https port set to 22998 and http disabled
#2 from 240620 with https port set to 443 and http 80.
#3 from 240620 with https port restored to 22998 and http again disabled
None allow wan access.
(I have removed the last few entries that refer to local devices)

re file#1 240619, with https port set to 22998 and http disabled
there are option enabled statements for the https and http rules.

re file#2 240620 with https port set to 443 and http 80
In the automatically edited version,
the “option enabled 1” statement disappears for https
and the “option enabled 0” statement disappears for http.
So I assume “option enabled 1” is the default.

re file#3 240620 with https port restored to 22998 and http again disabled
And when I return the https port to 22998 and disable http again
the “option enabled 1” statement is not restored,
though the “option enabled 0” statement for http is restored

Let me know if you need any further information.

Hi,

Apologies for the delayed response. How are you attempting to access your device from the WAN side? Are you doing it locally within a private network or over the internet? Which IP address are you using?

Best regards,

Hi Marijus

the RUTX10 is a subrouter (one of 3 subrouters) under the main router, an RUTX11.

The RUTX11’s LAN is 192.168.111.0/14
and the RUTX10’s address on the RUTX11 lan is 192.168.111.8.
I try to connect to the RUTX10 from another local subnet
by using this address 192.168.111.8 and the gui port number.

I can connect to all other routers this way.

Also, as mentioned in my first port,
I can connect to it this way if I port forward its gui port to the lan side
and so then it (I guess) re-enters the router from the lan side.
(this works, but is not the correct way to do it).

For the RUTX11, I have a fixed ip and I set my phone to use the external mobile network
then try to conenct to the RUTX11 by the fixed ip and the gui port.
Again, I cannot connect on the wan side but can on the lan side.

Hello,

Are you sure you have a public IP for the connection? Have you been able to connect to your other devices from the WAN side via the internet?

Best regards,

Hi Marijus

Are you sure you have a public IP for the connection?

Of course, and this was made clear in the previous post:

Have you been able to connect to your other devices from the WAN side via the internet?

Yes. The other devices run Gargoyle (a version of openwrt).

I think we are not going to make much progress this way.

Also, it is not important as the workaround I outlined in the 1st post
(port forward from the wan side of the router to lan side of that router) works.

So let me ask one question:
has “Enable remote HTTPS access”
been tested on either RutX10 (7.07.2) & RutX11 (7.06.3) ?

if yes, and it works, then we can just close this.

Hello,

The issue could be due to various device configurations that might interfere with the connection or block it after multiple incorrect access attempts. Here’s what you can try:

  1. Generate a backup of your current settings for recovery purposes.
  2. Factory reset the device.
  3. Enable only remote HTTP(S) access.
  4. Try accessing the device again.

For more information on accessing your device, please visit: Teltonika Networks Remote Device Access.

Best regards,

Hi Marijus

All these things I’ve done.

You didn’t actually answer my question on whether
“Enable remote HTTPS access”
has been tested on either RutX10 / 7.07.2 or RutX11 / 7.06.3 ?

I’m just wondering if it is a possible bug.

thanks
mc

This topic was automatically closed after 14 days. New replies are no longer allowed.