1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Accessing modem remotely via a Tomato Router?

Discussion in 'Tomato Firmware' started by Toink, Feb 2, 2011.

  1. Toink

    Toink LI Guru Member

    Ok, I can access my modem's GUI locally using a script in tomato. I can also access my router with Tomato remotely from any place where internet is connected.

    With the script in place, (to access the modem locally), is there any way to access my modem's GUI remotely as well? :confused: Thanks! :)
     
  2. mstombs

    mstombs Network Guru Member

    Have you tried a simple portforward?
     
  3. Toink

    Toink LI Guru Member

    Hmm.... never thought of that :redface:

    So in theory, say my modem's IP is 192.168.0.1, I can port forward say 8181 to 192.168.0.1, and then I should be able to access to it as:

    http://myIPaddress:8181 :confused:

    Will try, it then :) Thanks!

    EDIT:

    It works!!!:drinking:

    Da-yum!! Thank you!!! :clap:
     
  4. mstombs

    mstombs Network Guru Member

    worth a try, you might also need to change port? I guess modem security not the greatest - but only real risk is a DOS if bridge modem config changed?
     
  5. Toink

    Toink LI Guru Member

    This idea just hit me while I was planning my long vacation.... Why I haven't thought of the port forwarding beats me... I'm glad I got you and linksysinfo.org to turn to.

    Thanks mstombs :)
     
  6. CBR900

    CBR900 Addicted to LI Member

    Can you help please

    My modem is connected to my router in bridge mode:

    Modem ip: 10.0.0.138
    Router ip: 192.168.1.1

    and I tried this

    [​IMG]

    And did not work :(

    I want to access the modem gui from the internet
     
  7. Toink

    Toink LI Guru Member

    Do you have the script in place in your Tomato router's firewall menu?

    Ideally, the modem's IP is of a different subnet to your router's IP: 192.168.0.1 = modem and 192.168.1.1 = router
     
  8. CBR900

    CBR900 Addicted to LI Member

    I have my modem ip =10.0.0.138 set as in the picture below and no scripts firewall menu

    [​IMG]
     
  9. Toink

    Toink LI Guru Member

    Yes, I see that. But have you actually tried placing the script and changeing the modem's IP?
     
  10. CBR900

    CBR900 Addicted to LI Member

    I change my modem ip to 192.168.0.1 and still not working :(

    I did not use the script since there is a field for the modem ip in basic/network page.

    Can you help pls
     
  11. Toink

    Toink LI Guru Member

    It will not work without the scipt. Those two conditions has to be met. Simple as that.
     
  12. CBR900

    CBR900 Addicted to LI Member

    can post your scripts...I change my IPs to the same IPs you use
     
  13. Planiwa

    Planiwa LI Guru Member

    How to access modem remotely:

    1. Basic > Network "Route Modem IP"
    enter modem's actual IP address (on different subnet from router)
    e.g.: 192.168.1.254 (ROUTER: 192.168.0.1)


    NB: if you cannot ping your modem, there is no point proceeding with the remainder!

    2. Basic > Network > "Static DHCP/ARP & Bandwidth Monitoring of LAN Clients"
    make an entry for the Modem. then you can access the modem by name from the LAN (This is only for convenience.)

    Now you should be able to see and access the modem from the LAN. Try:

    arp ## can you see the modem? what interface is it on? vlan2?
    arping -c5 -I vlan2 modem
    ping -c5 modem
    telnet modem


    and, of course http://modem/


    3. Port Forwarding > Basic
    make an entry like this:
    ON TCP _ 8181 80 192.168.1.254 modem

    (ADD, then SAVE)


    Now you should be able to access the modem like this:

    http://your.domain:8181/
    NB: http, not https

    And, anyone else can try to do so as well. If you want to restrict Internet access to the modem to a particular Internet host, put its IP address under "Src Address" in step 3. (Instead of _ )
     
    CBR900 likes this.
  14. Toink

    Toink LI Guru Member

    Paste the code on the top most of the firewall field. Save and reboot you router.

    Code:
    iptables -I POSTROUTING -t nat -o vlan1 -d 192.168.0.0/30 -j MASQUERADE
    ip addr add 192.168.0.2/30 dev vlan2 brd +
     
  15. Dark_Shadow

    Dark_Shadow Networkin' Nut Member

    What about this save in "int"
    Code:
    ifconfig `nvram get wan_ifname`:0 192.168.0.2 netmask 255.255.255.0
    This saved at the top of firewall

    Code:
    iptables -t nat -I POSTROUTING -o `nvram get wan_ifname` -j MASQUERADE
     
  16. CBR900

    CBR900 Addicted to LI Member

    thank you and all the guys who helped me

    its working
     
  17. Daijoubu

    Daijoubu Network Newbie Member

    One can also SSH into the router and port forward Src: 80, Dest: modemip:80

    Then access it through http://localhost, that way it's password protected behind SSH and through an encrypted tunel

    Edit: hmm it looks like we can login as root, which means it could be prone to brute force if we enable password login, is it possible to include "su" and set the dropbear config RootLogin to no?
    That way an attacker would need to guess the username and the password
     

Share This Page