FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

12075 questions

14368 answers

22637 comments

36190 members

0 votes
919 views 5 comments
by
Hi

I'm trying to enable Remote Access to a TRB140 that is using a private APN

Router is on version TRB1400_R_00.01.06.1

The router gets a private IP on the WAN interface and I get ping replies from that IP sitting on the "wan"

For test I "Enable remote HTTP access" but can't connect.

Firewall looks correct.

Using a packet sniffer I can see that the browser connects to the IP and gets redirected to /cgi-bin/luci but after that nothing happens.

Have I missed something?

1 Answer

0 votes
by

Hello,

If router gets Private IP on wan interface that means it is behind NAT and devices from "outside" should not see its IP.

So how are you getting ping response? From what device and connection are you pinging it? And from what device and what connection you try to access it via browser?

If from router, of course you can ping yours own IP, and yours gateway. If you are sending ping from another device, that uses same Private APN it also should reach it because you are in same network (similar to LAN) and you should be able to remotely connect to your router from such device. But you should not be able to ping yours Private IP from devices using different connection, and will not be able to access yours router from them. Same goes for connection via browser.

And there is nothing you can do from TRB side as long as you have Private IP address, only yours mobile service provider could give you some kind of access to yours gateway behind NAT.

Best regards,
Vidas.

by
Hi Vidas

I realized my issues are related to MTU size and not an router issue. That's why ping and and SSH signon is working but when router starts to send larger packets they get dropped somewhere on there way.

I'll create a new question regarding MTU size on TRB 140 though :-)

Best Regards

Johan
by
Hello JF,

if that is the case, means that somewhere along the way there is MTU lower than 1500 that is default for TRB mobile connection (and mostly all our devices), And even if you can override default value by editing network configuration, you would still need to figure out what value to set it to, since you would not want to "overkill" yours own MTU since it will affect yours connection, and for that you will need to contact yours Mobile Service Provider, actually they might be able to fix that for you from their side.

Best regards,
VidasKac
by

I ran in to a new issue in the same topic. 

I’m trying to restrict Remote HTTPS access on the TRB140 running FW VER: TRB1400_R_00.01.06.1 but can’t get it to work.

If I “Enable remote HTTPS access” under System>Administration>Access Control I can access the router. I’d like to restrict access to a source net even if a have a private APN. If I add a source address (in my case a subnet from the private range) to the auto created firewall rule “Enable_HTTPS_WAN” it seems to get confused and changes the name and action to below.

NAME 

Enable_HTTPS_WAN

MATCH

Any TCP, UDP

From any host in wan

To any host, port 443 in 1

ACTION

Accept forward

I can’t access the router and the rule seems broken. It doesn’t help to remove the subnet. The only way I found to get it to work again is to remove the rule and the “Enable remote HTTPS access” under System>Administration>Access to get it auto created again.

If I add an address from the public IP scope for testing the rule seems fine. but it doesn’t solve my problem.

Is it not allowed to add addresses from the private range to the wan zone?

by
Hello,

It should not have effect if it is from Private or Public range. Could you send me screenshot of rule configuration, before saving it. because I just edited firewall rule, and it didn't change anything except source IP in it's description.

Best regards,
VidasKac.
by

Hi Vidas

Sorry for late reply. I had to put the routers in production and had to settle for "any" as source for the "Enable_HTTPS_WAN" rule but since it's behind a Private APN the risk is very low.

If I get the chance to send you an image I'll update the thread.

Regards

Johan