FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
235 views 3 comments
by anonymous
After considerable time lost trying to figure out why I was not able to get remote access over public IP, I ended up going with static IP address. Once the IP was assigned to my account, I was able to successfully SSH,HTTPS and connect to a VNC server running on host behind firewall. This lasted about 5 minutes and then I lost all access to connect remotely. Restarted multiple times and device LTE pulled the correctly assigned static IP but could not access remotely. Another Call to LTE provider and they determined the APN was incorrect and had me assign a different APN for static configuration and after doing so, I was able to again regain remote access for about 5 min and several restarts. After that, I was again unable to connect remotely. After several more calls to LTE provider and them switching me over to a different class of static IP, I have yet been able to regain remote access. Note sure if they even have a clue as it seems like I talked to 6 or more teams. It just seems like there is a traffic rule being hit on their side that is dropping incoming requests.

This seems more of a provider issue blocking incoming requests than a device issue but wanted to ask the question anyways to see if I am overlooking anything. Not sure why it worked the first several times after assigning static IP and then second time updating APN#.  This has been escalated to more advanced backline team but since they show this as unsupported type, not sure they will engage. The device works fine on their network for all outbound traffic and does what it is supposed to but I need some port forwarding for failover and since I cant establish inbound connections, this does me no good. I am going to try another provider SIM and see if I get the same results. Wanted to see if I am overlooking something on the device side that may be causing this issue.

Thanks,

WC

1 Answer

0 votes
by anonymous

Hello,

Remote WAN access configuration is really simple and straightforward on RUTX11. Simply enable your preferred remote access option from System -> Administration -> Access control. Though it is not recommended as a long-term solution and I would suggest to consider VPN options. 

What is the operator you have issues with?

What is your device's product code?

Do you have a stable and reliable data connection with the device in general?

Would it be possible to attach a troubleshoot file to your question after the issue occurs? To generate the file, then access router's WebUI, go to System -> Administration -> Troubleshoot section and download troubleshoot file from there. 

Best regards,

by anonymous

I only have several ports open to test simple inbound connections before setting up port forwarding. VPN will be utilized once I can resolve the incoming connection request issue.

Operator: T-Mobile

Product#: RUTX1110XXXX -- Firmware: RUTX_R_00.07.02.7

Yes, the device works as it should. Setup as LTE failover only but does route outbound traffic when not in failover mode. Outbound traffic has no issue. Only the incoming request to the now static public IP.

I will attach a troubleshoot file to the original question.

by anonymous

Based on your troubleshoot file, for some reason, you have missing iptables rules, specifically for your remote access options on your specified ports, even though, you can see them enabled in the WebUI Network -> Firewall -> Traffic rules section.

What can be suggested, is to add the following rules via CLI/SSH:

  • iptables -I zone_wan_input -p tcp -m tcp --dport <port> -m comment --comment "!fw3: Enable_SSH_WAN" -j ACCEPT
  • iptables -I zone_wan_input -p tcp -m tcp --dport <port> -m comment --comment "!fw3: Enable_HTTPS_WAN" -j ACCEPT

Replace <port> with a number accordingly.

Or you could try existing rules in the WebUI and try creating new ones. 

Thank you for bringing this up, this behavior will be investigated further.

by anonymous
Thank you for the response. I was able to review the tables and did see where they were missing for SSH and HTTPS so I added the entries you mentioned above but for what ever reason, they did not persist through reboot and before reboot still did not resolve. After making sure I was on the latest firmware, I ended up doing a factory reset. I then went and reset remote SSH and HTTPS and when I viewed the tables, they were present. I was able to add a port forward rule as well and after routing through another public IP, I am now able to access the ports I have opened. I also tested across my LTE static and can also connect to those ports. " Was sure this was a carrier issue :) "  Not sure if the latest firmware update I did several weeks ago caused corruption in the Iptables?  Seems like something corrupted them. As of now I can access the device remotely normally. I appreciate you going through the logs and discovering this. Not sure if this was just an isolated issue on my device or something else.

Thanks,

WC