Bridged Mode; Still no Web Admin Remote Access!!!

Discussion in 'Tomato Firmware' started by threehappypenguins, Feb 5, 2014.

  1. threehappypenguins

    threehappypenguins Networkin' Nut Member

    My original setup was a crappy Speedstream modem/router from Bell Aliant. I had everything running through that. Then I realized that I have an old Linksys WRT54G Version 2 router lying around, so I flashed Tomato on there and tested it out. I wanted to get the remote Web Admin going, but every time I typed in my public IP (or dyndns address) in (plus :8080), I would get the Web GUI for my Bell Aliant Speedstream modem/router.

    I decided to reset that modem/router into bridged mode to force it to act just as a DSL modem. Then I changed the settings in Tomato on the Linksys into PPPOE. All was well, I could access the internet again.

    However, now when I type publicipaddress:8080, I don't get anything. Where am I going wrong?

    Just to clarify, this is my setup:

    Internet (ISP) ==> Speedstream (bridged/modem only) ==> Linksys w/ Tomato ==> Laptop, phone, etc
  2. Grimson

    Grimson Networkin' Nut Member

    Did you enable Remote Access under Administration -> Admin Access? Did you change the HTTP port to 8080, if not use just 80. If you added port forwarding for the HTTP port you'll have to remove it.

    If the above doesn't help you'll have to describe your configuration in more detail.
  3. koitsu

    koitsu Network Guru Member

    How are you testing remote access connectivity? Are you testing it through LAN? If so, stop that. From your LAN, only access the router using its LAN IP address. I cannot stress this enough. I can try to dig up my past posts about it if you want, but please just do it. Accessing the WAN IP from your LAN is bad, and it does not simulate (even close!) an actual connection across your WAN interface.

    For testing connectivity from the Internet to your router's WAN IP on TCP port 8080, there are numerous free services out there (web pages) that can test a TCP connection and tell you what the results are -- try Googling for "test tcp port" or "port test" or "port check".

    TL;DR -- You're going to need to using an actual system somewhere on the Internet to test this reliably, not from within your own home network. You could ask one of us to test with you, except you'd have to give us your WAN IP.

    What @Grimson said about what port number you chose, ditto with any port forwards, is also correct/true. (You cannot use the port forwarding interface to forward a connection to the router itself. That has to be done in a different manner.)

    P.S. -- Can you please provide the filename of the firmware you're using (not the version in About, but the actual filename)? I remember someone else somewhere on the forum complaining about remote access problems which may have been addressed in a later firmware, so knowing which you're running (by filename, not by version) is important.

    P.P.S -- I strongly suggest you configure your Speedstream unit to do the PPPoE authentication and encap/decap itself. The PPPoE implementation on that Speedstream unit is guarantee to work with your ISP, while the implementation used by Tomato/TomatoUSB is not. You can see other threads which I've commented in recently where people have run into this. I always advocate leaving the PPPoE or PPPoA layer up to the actual device your ISP gives you. The Speedstream units I've used (with both AT&T/SBC and Covad) let you put the modem into a "bridged mode" where the modem itself still does PPPoE but passed on DHCP packets and other things transparently to your own router. I used this for years without issue.
    Last edited: Feb 6, 2014
  4. mvsgeek

    mvsgeek LI Guru Member

    If you have a smartphone, you should be able to access your router's GUI from outside your home network by turning off wifi and then entering https://wanip:portno in your phone's browser. On My RT-N16 running
    Tomato Firmware v1.28.7483.2 MIPSR2-Toastman-RT K26 Std, I have Remote Admin set to https, Port 8081.
  5. threehappypenguins

    threehappypenguins Networkin' Nut Member

    1. I went to and typed in 8080 to test it. Result is closed. Tried 80, also closed.

    2. "I strongly suggest you configure your Speedstream unit to do the PPPoE authentication and encap/decap itself." I have no idea how to do this. My Speedstream is a piece of crap stripped of any basic needed features. I managed to find someone had uploaded an htm file that found a bunch of "hidden" features, so I used this. I chose the "reset into Bridged Mode" feature. There was no option for anything about PPPoE. It's either bridged mode, or no bridged mode. And the only way I can figure out to get out of bridged mode is to do a reset on the Speedstream (because once in bridged mode, I can no longer access the router in my browser).

    3. I originally had DD-WRT on the router, and so I chose the WRT54G version 2 compatible file for Tomato. Once I flashed that, I upgraded with tomato-ND-1.28.8754RAF-EN-036-VPN.trx.

    4. "Did you enable Remote Access under Administration -> Admin Access? Did you change the HTTP port to 8080, if not use just 80. If you added port forwarding for the HTTP port you'll have to remove it." Yes, I did enable it. And it doesn't matter whether 8080 or 80. The ports are closed when I go to test them on

    5. I'm lost with the port forwarding. Do you mean going into the Speedstream and forward the ports? I can't figure out how to do that in Speedstream. And when I put it into bridged mode, I don't get a web GUI anymore.

    6. "If the above doesn't help you'll have to describe your configuration in more detail." I don't know what details to give. I have Bell Aliant DSL internet. A phone line goes into the Speedstream modem/router they gave me. I got that htm file which then "unhid" the option for "reset into bridged mode." Then I reset it, and I don't get access to the Web GUI anymore. Then there is an ethernet cable coming out of one of the WAN/Ethernet ports in the Speedstream router/modem, and goes into the "Internet" port in the Linksys WRT54G router that I have. A wireless signal is broadcast from the Linksys and I connect to that wireless with my laptop, phone, and Obi202 (a VOIP device). In order to connect the Linksys to the internet, I had to put it into PPPoE and enter my Bell Aliant username and password. So I assume this PPPoE thing means that it allows the Linksys to go "through" (like a bridge?) the Speedstream and connect to the outside world.
  6. threehappypenguins

    threehappypenguins Networkin' Nut Member

    One more thing regarding my setup that might help. My Speedstream has the internet IP address of and my Linksys has the internal IP address of All devices that connect to the wireless get an address that is assigned with the 3 (my laptop is, for example).
  7. threehappypenguins

    threehappypenguins Networkin' Nut Member

    I'm just not seeing a clear picture on how networking works. I'm playing around with the port forwarding in Tomato and I can't get ports 80 and 8080 to open. I go to Port Forwarding > Basic. Then I choose "Both". Then under Src address, I type and under Ext and Int I put 80, then under Int address I put Then I make another line and do the same thing except put port 8080. I click "Save" and made sure that the lines are "On."

    Still no go. Ports aren't open.
  8. threehappypenguins

    threehappypenguins Networkin' Nut Member

    I poked around some more. I went to Advanced > Routing and I found the following table:

    Destination Gateway Subnet Mask Metric Interface * 0 ppp0 (WAN) * 0 br0 (LAN) * 0 lo
    default 0 ppp0 (WAN)
  9. threehappypenguins

    threehappypenguins Networkin' Nut Member

    Ugggh!!! I just don't understand this!!! I reset the Speedstream and put in my Bell Aliant username and password, and now I'm able to access the web GUI again. I tried following these instructions instead:

    And I took my Linksys out of PPPoE mode and put it back to DHCP. I could NOT get internet access. So I turned back on the DHCP again in my Speedstream. Internet access through the Linksys = fine.

    Now... I STILL get my Speedstreams web GUI when I put in my publicipaddress:80 and nothing when I put in publicipaddress:8080. I have a phone, but no data plan... but I DO have TeamViewer access to my in-law's laptop at their house. So I will "borrow" their laptop, put in my publicipaddress:80 (right now nobody is answering their phone, and their laptop is offline).

    I did the port test on and ports 80 and 8080 and still closed. I even tried going into the Speedstream, navigating to "Port Mapping" and then chose TCP from the dropdown list and put in port 80. I chose the option: "Redirect selected protocol/application to IP Address:" and then put in my Linksys's internal WAN address I did the same with 8080. Then I went into the Linksys Tomato and in Port Forwarding I put in 80 for int and ext port and for Int address I put my computer's IP address ( Still no change. I tried putting (my Linksys's IP) in Int address. Still no change.

    I really have no clue what I'm doing. I'm basically in, "let's try changing this and see if it works" mode. Please help!!!

    I just want to access the Tomato Web GUI remotely and NOT the Speedstream's Web GUI (which is what is happening).
  10. threehappypenguins

    threehappypenguins Networkin' Nut Member


    This is what the "Port Mapping" section looks like in the Speedstream. I just don't understand how to use it. I went into the DMZ section of the Speedstream and chose the Linksys's WAN IP address from the list ( and enabled the DMZ. Everything is still the same. All the "Custom Configuration" stuff that's shown in the picture was added automatically. I didn't do it.

    I. Just. Don't. Know. What. I'm. Doing!!!!!!!!!
  11. Toink

    Toink Network Guru Member

    1. Set your modem's IP address to
    2. Reboot the modem
    3. Set your Linksys' IP address to
    4. Reboot the Linksys

    In your Linksys, place this script in Admin>Scripts>Firewall, paste this in the top most part:

    iptables -I POSTROUTING -t nat -o vlan1 -d -j MASQUERADE
    ip addr add dev vlan1 brd +

    I personally use the above script for the WRT54GS. For my E3000's, E4200, Asus RT's I use the script below:

    iptables -I POSTROUTING -t nat -o vlan1 -d -j MASQUERADE
    ip addr add dev vlan2 brd +
    You may also try another port number, instead of 8080 in the 'Remote Access' in the Admin Access, try 8383, 8283, 8484. Don't forget to SAVE your settings.
    Last edited: Feb 8, 2014
  12. threehappypenguins

    threehappypenguins Networkin' Nut Member

    I tried what you said (at least, I think so). No go. I tried different port numbers for the remote access (8383, 8283, 8484), and none of them worked. I actually have dyndns set up, and when I go to my address (ie, it still brings up the Speedstream router's web GUI. If I try (or 8383, or whatever I change it to in Tomato), nothing happens. I took over my in-law's via TeamViewer and punched my address and the remote port into their browser, and still nothing happened.

    One question... See this picture: [​IMG]

    I assumed that I was supposed to change the IP Address to, the Start IP range to, the End IP range to, and the Default Gateway to (so that the second last number was changed from a 2 to a 0).

    I assumed the same in Tomato. I changed the LAN > Router IP Address from to and I changed the DHCP Server from to (the second last number changing from a 3 to a 1).

    Attached Files:

  13. Toink

    Toink Network Guru Member

    Hmmm... Why do you have your DHCP Server enabled in your modem when your supposed to have it in bridged mode? Are you sure you have already set your modem to work in bridged mode?
    Speedstream Network.png

    Then use the settings I initially posted for the WRT54G router.

    You may also set your WAN settings as below.

    WAN Settings.png
  14. threehappypenguins

    threehappypenguins Networkin' Nut Member

    DHCP was on because I can't do anything when it's off!!! As soon as I turn off DHCP and reboot the Speedstream, I lose access to the web GUI AND the internet. I'll even try authenticating through PPPoE in the Linksys, and still no internet access. I even tried flashing new firmware (tomato-mlppp-1.27-mp3alpha7) and still the same problem. What brought me to flashing new firmware is that I noticed in your picture you have a "Route Modem IP" option while in DHCP. I don't have this. I still can't find the firmware with this option with DHCP enabled.

    So after playing with this stuff all day, it's finally working. I don't really know why. I flashed the new firmware on the Linksys and tried "reset into bridge mode" again in the Speedstream. I lost access to the Speedstream after I did that, so I had to authenticate through PPPoE in the Linksys and was able to get internet access. I ALSO was finally able to get remote access for the Linksys!!!

    Now, when I put the Linksys into PPPoE, I see there is the option for Route Modem IP (there only; not in DHCP). When I put in the modem's IP address (, I will gain internet access again, but I lose remote web GUI access. I even tried the default modem IP address (in case when I set it into Bridge mode it went back to default) Internet access but no remote web GUI again.

    Your script doesn't make a difference. So I took it out and am not using it.

    Now I'm on to see if SSH is working now...
  15. threehappypenguins

    threehappypenguins Networkin' Nut Member

    Ok... SSH is working! :)

    However, I just noticed that there is no more "web usage" tab. Nooooooooooooooooo!!!!!!!! I MUST have the web usage tab. Uggghhhh! I'm going to have to flash another firmware version. Any suggestions for one that works properly for remote access, but also has the "web usage" tab?
  16. Toink

    Toink Network Guru Member

    Have you tried setting a static IP to your PC before you turn off the DHCP in your modem? Example below:


    After which you should be able to set the modem in bridge mode and turn off DHCP.

    Now connect the modem to the Linksys' WAN port. Make sure that your Linksys router's IP address is different than that of your modem's and the Linksys has DHCP enabled. Connect your PC to the Linksys LAN port. Then, change the IP address of your PC to that of your Linksys' IP, replacing the values on the picture above. This will let you access the Linksys web gui.

    Keep your PC's manual IP setting until you flash Toastman's firmware. (Reason: Toastman's firmwares DHCP are disabled by default.)

    You can flash your WRT54G with this firmware from Toastman

    After flash, enable DHCP in your Linksys and set your PPPoE credentials.

    After you set up everything in the Linksys router, remember to change the values of your PC's IP address to 'Obtain an IP address automatically'.

    Your internet should start working by this time.

    The script allows your to access your modem's web gui on your PC as well as remotely ;)
    Last edited: Feb 10, 2014
  17. threehappypenguins

    threehappypenguins Networkin' Nut Member

    I tried to flash the firmware that you suggested, but I got the error: "File is too big to fit in MTD."
  18. threehappypenguins

    threehappypenguins Networkin' Nut Member

    I never have a problem accessing the Linksys (Tomato) web GUI. It's the Bell's GUI (modem) that I can't access after I go into bridge mode.
  19. threehappypenguins

    threehappypenguins Networkin' Nut Member

    I couldn't get around to doing all this until today. I really don't understand what's going on. The modem is in bridge mode (can't access it), I can access the internet fine through the Linksys by entering the PPPoE information in the Linksys. I could access my Linksys' web GUI remotely no problem, and so I saved the config file. Then I flashed this file instead (the one you gave was too big):

    Now I have the Web Usage thing back (I'm glad), but even though I loaded the config file to my settings before, I can now no longer access the web GUI remotely. Ugh! I even tried your script again. It doesn't seem to make a difference.
  20. threehappypenguins

    threehappypenguins Networkin' Nut Member

    Ok, it's gotta be the firmware. I reflashed the firmware where I know the web GUI works. I used tomato-mlppp-1.27-mp3alpha7.7z firmware (the tomato.trx file) from this site:

    And the remote web GUI works FINE! So then I flashed tomato-WRT54G_WRT54GL-1.28.7634Toastman-IPT-ND-VLAN-VPN.bin from Toastman: and it's a no go.

    I would REALLY like to have the remote web GUI, web usage history, and VPN capabilities (even if it's just PPTP). Can someone make a suggestion to something that should work?
  21. threehappypenguins

    threehappypenguins Networkin' Nut Member

    Hallelujah!!! I tried a more recent Toastman one, tomato-WRT54G_WRT54GL-1.28.7634Toastman-IPT-ND-VLAN-VPN.bin, and it wouldn't work, then finally I flashed this one: and EVERYTHING works! Whoohoo! (I still don't need the script... it works without it).

    Now... I'm not sure what happened though. Perhaps it would have worked if I would have checked erase the NVRAM when I was flashing the Toastman, and then put in the settings one by one (rather than uploading the config file I had saved). I found that even with the 1.28.7634 version (that is working now), that it didn't work if I uploaded my config file from the mlppp-1.27. So I don't know. I'm not bothering to update it either. I don't care. It works. And I have web usage. :)
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice