1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Cannot access Tomato GUI remotely from E3000 in Toastman build 7500

Discussion in 'Tomato Firmware' started by smoothifier, Oct 6, 2012.

  1. smoothifier

    smoothifier Networkin' Nut Member

    Hi all,

    I was unsure where to post this. I apologize if this is the wrong forum.

    I have a Linksys E3000 router running the tomato-E3000USB-NVRAM60K-1.28.7500.4MIPSR2Toastman-RT-Ext.bin firmware. I haven't tested everything but I find that I'm unable to access the router from outside the network. Flashing to the latest Tomato USB build (from November 2011) enables this feature once again.

    Is there something I could try differently? Did I choose the wrong firmware by mistake?

  2. shadowken

    shadowken Networkin' Nut Member

    Goto administration > Admin Access , Enable Remote Access for HTTP or HTTPS and define the port (default port is : 8080) .
  3. smoothifier

    smoothifier Networkin' Nut Member

    Thanks for your reply. I've tried port 8080 and also other ports. Port 8080 works fine in Tomato USB. I've gone back to Tomato USB for the time being in hopes this will be fixed in a newer build.

    Is there somewhere I can submit a bug report?
  4. Toink

    Toink Network Guru Member

    remote web GUI works in 7500.4 in one of my E3000's... Have you tried setting and forwarding the ports? Perhaps you may have overlooked that...
  5. Toastman

    Toastman Super Moderator Staff Member Member

    I can assure you that remote web access works fine in all Toastman versions. Because it is absolutely essential to my usage as I have to remotely access all installations many times a day.
  6. koitsu

    koitsu Network Guru Member

    Port forwarding is not relevant to router GUI remote access. By checking the checkbox to enable remote access, a firewall hole is made for the TCP port (default 8080). There's nothing to forward. :)
  7. gfunkdave

    gfunkdave LI Guru Member

    Your ISP may be blocking non-standard ports. If 8080 doesn't work, try 80 or 443, or some random number between 1025 and 65536.
  8. koitsu

    koitsu Network Guru Member

    I don't think that's the case here, as the the OP said, quote:

  9. xtacydima

    xtacydima LI Guru Member

    I am confused by one part, the OP states he went "back to Tomato USB" - back from what, another firmware (stock fw, dd-wrt, etc..)? Might sound silly but a small hassle like this can maybe be from not doing a thorough nvram erase, especially if coming from a different firmware.
  10. koitsu

    koitsu Network Guru Member

    I agree, it could be due to lack of thorough NVRAM reset, but it could also be due to the OP changing something in the router configuration that tickles a bug somewhere in Toastman builds but not in the older/original TomatoUSB builds.

    If doing a thorough NVRAM reset followed by configuration changes reproduces the problem, then the OP will need to provide a very precise / very specific list of every single thing they change in the router GUI (when on Toastman).
  11. yesluv

    yesluv Networkin' Nut Member

    Hi, I also have the same issue using an E3000. It seems to only affect SSL access internally and externally. Haven't had time to fully troubleshoot the issue but did a full NVRAM reset when I loaded Toastmans build Tomato Firmware v1.28.7500 MIPSR2Toastman-RT K26 USB VLAN-VPN. Think it may have been when i enable the PPTP server although i did configure web and ip monitoring at the same time. Tried a regen SSL cert and save NVRAM, changing ports etc Tried everything except a restore which I can't do at the mo. Strange thing is I can access fine from an iPad which suggest the issue could be limited to IE. Will try process of elimination when I have some more time.
    koitsu likes this.
  12. smoothifier

    smoothifier Networkin' Nut Member

    By flashing back to Tomato USB, I meant that I was flashing to the November 2010 build, the latest one that is available on their site. I was not erasing the NVRAM when I did this. So, I have been going back and forth between the Toastman build and the Tomato USB build.

    Tonight, I decided to try the Toastman 7500 build again and was again unable to access the GUI remotely. I say this but in actuality this is very misleading. I was trying to access my router from an inside machine with the address as such: http://mydyndns.dyndns.org:8080

    This resolves to the GUI in the standard Tomato USB build (Nov. 2010) and I get in. However, this does not work from the newest Toastman build (the page does not resolve). When I did this before, I just thought that there was something wrong and I did not troubleshoot the issue far enough.

    I was able to access the GUI from another machine outside the network. I had not tried this before. So, all is in fact well. I'm confused as to why I can't use that URL from inside my network but I suppose it does not matter that much. I'm able to hit my web server in a similar fashion (http://mydyndns.dyndns.org:50080) and everything works with the domain alias.

    I do apologize for not being clear in my first post. Can anyone tell me why I can't resolve https://mydyndns.dyndns.org:8080 from inside my network? It's not a huge deal that I can't since everything appears to be working fine. I'm just curious.
  13. Toastman

    Toastman Super Moderator Staff Member Member

    Under Advanced / Firewall, check the NAT loopback setting.
  14. smoothifier

    smoothifier Networkin' Nut Member

    Thanks, I was able to connect from inside by changing that setting from Forward Only to All.

    Thank you everyone for your help!
  15. koitsu

    koitsu Network Guru Member

    Just a comment in passing, by the way: you should not get in the habit of trying to talk to the WAN IP over your LAN -- that is effectively what you're doing. Packets from 192.168.1.x (your workstation/computer) are trying to go to your.internet.ip.address, so the router has to try and "loop packets back" from the LAN to the WAN and back to the LAN interfaces (this is done in the kernel) just to make this work.

    Instead, you should simply get in the habit of talking to LAN IPs when on the LAN, and using WAN IPs when on the Internet. Meaning: use when accessing your router from your LAN, and use https://your.internet.ip.address:8080/ when accessing your router from the Internet. You should never, ever assume that "NAT loopback" always works on a network (on most commercial/business networks it doesn't, and your network administrator would shake a stick at you for trying it).

Share This Page