Hi,
I am trying to enable the remote HTTPS to access RUTX50 from the public IP but I cannot make it works. I confirm IPV4 status is online and I can access internet from LAN.
Can it be something related to sim card? how to check?
Nicolas
Hello,
Try a tcpdump on the RUTX from a ssh or CLI console and do a ping6 from the outside:
tcpdump -i any -n -v icmp
Do you see incoming echo requests ?
Similar test for https:
tcpdump -i any -n -v 'port 443'
Do you see incoming TCP SYN packets ?
Regards
Thanks for your reply.
Got nothing when I tried to ping from outside :
----------------------------------
Device: RUTX50
Kernel: 5.10.233
Firmware: RUTX_R_00.07.13
Build: 32d4973e126
Build date: 2025-02-28 08:58:42
----------------------------------
root@RUTX50:~# tcpdump -i any -n -v icmp
tcpdump: data link type LINUX_SLL2
tcpdump: listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot leng th 262144 bytes
19:45:57.165896 eth1 Out IP (tos 0x0, ttl 64, id 29508, offset 0, flags [DF], proto ICMP (1), length 28)
10.0.21.100 > 1.1.1.1: ICMP echo request, id 35093, seq 0, length 8
19:45:57.177283 eth1 In IP (tos 0x0, ttl 57, id 63286, offset 0, flags [none], proto ICMP (1), length 28)
1.1.1.1 > 10.0.21.100: ICMP echo reply, id 35093, seq 0, length 8
19:47:00.240712 eth1 Out IP (tos 0x0, ttl 64, id 33046, offset 0, flags [DF], proto ICMP (1), length 28)
10.0.21.100 > 1.1.1.1: ICMP echo request, id 35093, seq 0, length 8
19:47:00.246477 eth1 In IP (tos 0x0, ttl 57, id 21608, offset 0, flags [none], proto ICMP (1), length 28)
1.1.1.1 > 10.0.21.100: ICMP echo reply, id 35093, seq 0, length 8
19:48:03.275886 eth1 Out IP (tos 0x0, ttl 64, id 33983, offset 0, flags [DF], proto ICMP (1), length 28)
10.0.21.100 > 1.1.1.1: ICMP echo request, id 35093, seq 0, length 8
19:48:03.281667 eth1 In IP (tos 0x0, ttl 57, id 31846, offset 0, flags [none], proto ICMP (1), length 28)
1.1.1.1 > 10.0.21.100: ICMP echo reply, id 35093, seq 0, length 8
^C
6 packets captured
7 packets received by filter
0 packets dropped by kernel
and nothing we I tried to access HTTPS from outside :
root@RUTX50:~# tcpdump -i any -n -v 'port 443'
tcpdump: data link type LINUX_SLL2
tcpdump: listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot length 262144 bytes
^C
0 packets captured
1 packet received by filter
0 packets dropped by kernel
Bad topic ignore.
So your provider sends you icmp packets but filters out https traffic.
To find open / filtered ports try:
nmap -6 -A the-ipv6-address-of-the-RUTX
from an external device.
At the same time execute:
tcpdump -i any -n -v ip6
on the RUTX.
If you are lucky something will show up.
Bad topic ignore.
Oops sorry for the typo I meant tcpdump -i any -n -v icmp6.
Does a ping6 of the ipv6 address of the RUTX gives something ?
I don’t have IPV6 on mobile network, I was connected via WAN1 then I tried to disable remote access on HTTPS and leave HTTP but I might forget the automatic redirection, I cannot connect any-more with local IP. Is there a way to re-enable HTTPS via SSH or I need to reset everything?
I was expected to access RUTX50 via the public IP rather than local IP so if I do some settings I can always access via public IP, is it possible?
The parameters are in /etc/config/uhttpd, check option enable_https and option _httpsWanAccess. Set both to ‘1’ and restart uhttpd:
/etc/init.d/uhttpd restart
And I have mixed replies, sent to the wrong topic.
no problem, thanks for the fix on ssh, I can connect again via HTTPS.
If I disable remote access It cannot work via WAN port (internal IP), I would like to be able to access the webGUI over the public IP, is it possible?
Are you sure that this 78.41.xx.xx is the address of the RUTX ? Check using ifconfig if you can see it somewhere.
If true then you need to open the firewall (enable remote HTTPS access in System->Administration->Access control).
If not, the RUTX has a private address and cannot be reached from the outside. You’ll have to configure a VPN (Tailscale, Zerotier, RMS …) in order to access it.
I can see the public IP on ifconfig :
qmimux0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 -00
inet addr:78.41.XXX.XXX P-t-P:78.41.XXX.XXX Mask:255.255.255.255
inet6 addr: fe80::a1cc:98a3:fc1e:e762/64 Scope:Link
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:574 errors:0 dropped:0 overruns:0 frame:0
TX packets:21 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:37236 (36.3 KiB) TX bytes:5880 (5.7 KiB)
My goal is to access the RUTX50 from the 78.41.XXX.XXX, do I need to do any config to achieve this (routing Mob interface to Wan interface)?
As you have a public address on the qmimux0 interface you should see incoming packets with tcpdump, even if no valid reply is sent back by the RUTX.
ping 78.41.xxx.xxx from another system + tcpdump -i qmimux0 -n -v icmp on the RUTX => incoming echo requests
or
https access from outside + tcpdump -i qmimux0 -n -v ‘port 443’ => incoming TCP SYN packets.
If nothing comes in the provider blocks incoming traffic you can try to talk to them.
Thanks @flebourse , it is all dead no traffic, I will check with the SIM provider. thanks again for your help.
This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.