10464 questions

12472 answers

19395 comments

21921 members

0 votes
283 views 1 comments
by
I have a VPN to my SIM supplier that gives me access to the private IP of a SIM. What I want is to port forward to my RUT240's IP port 80 from a public IP via the VPN.

I have a server with a public IP, for example, 1.1.1.1 that forwards port 9999 traffic to the routers IP 10.1.0.1 port 80. I have set this up successfully, I can even send REST API calls to it via HTTP://1.1.1.1:9999/ubus and get a response back. However, when I try to access the web UI via my browser, it shows a white page that keeps loading that eventually stops.

I can see that my browser's request is being routed to http://1.1.1.1:9999/cgi-bin/luci so the router is accessible, but it will not continue to load the page. Remote access on port 80 is enabled on the router. Is there something else I have to enable/disable? My forwarding rules are below.

My server is in AWS, so I have to use the private IP. Its private IP (to which the Elastic IP is mapped) is 172.16.4.9

MACRO_CUST -o eth0 -s 172.16.4.0/24 -j MASQUERADE

PREROUTING_CUST -p tcp --dport 9999 -j DNAT --to-destination 10.1.0.1:80

POSTROUTING_CUST -p tcp -d 10.1.0.1 --dport 80 -j SNAT --to-source 172.16.4.9
by
Anybody any idea why this is not working?

2 Answers

0 votes
by

Hello,

Your described situation might be related with MTU value (when MTU is incorrect, same symptoms can be encountered).

 - If indeed VPN tunnel is used in this solution (and if you have any control over this VPN's settings), try to lower VPN tunnels MTU (it might probably be left as default 1500 value. Try to use 1400 value for testing purposes)

 - If VPN tunnel is outside your reach (e.g. if everything is being done in by the operator and you only acquire IP address from him), you can try to lower "mobile interface's MTU value". That can be done from "Network -> Interfaces -> Mobile (edit) -> Advanced settings" menu.

If changing VPN tunnel's or mobile interface's MTU would not help, maybe you could draw a topology scheme of your solution and either share it here or via private message? You have mentioned that you have "server", which sends forward to "10.1.0.1", but it is not completely clear how that forward then reaches RUTX09 and between what points your mentioned VPN is established.

0 votes
by
To answer my own question, it seems the firmware of the router was the problem. Upgrading to FW version 13.X solved the issue.