1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Can't access interface after enabling Remote Access-Need help with Telnet commands

Discussion in 'Tomato Firmware' started by TekTimer, Nov 21, 2013.

  1. TekTimer

    TekTimer Serious Server Member

    I am running TomatoUSB on a Belkin router and had everything functioning perfect. I then decided to enable Remote Access in the Admin menu and I cannot access the web interface any longer.

    However, I still can log in via Telnet, but I'm not that good at the commands so I can use some guidance.

    I set the router as follows in the Administration>Admin Menu:
    [​IMG]

    Now when I try to connect in the browser it says it cannot connect to the server.
    Tried every possible url combination:
    192.168.1.1
    192.168.1.1:80
    192.168.1.1:8082
    http://192.168.1.1
    http://192.168.1.1:80
    http://192.168.1.1:8082
    https://192.168.1.1:443

    I thought I may have disabled the access somehow since I did that once in the past on another router, but that wasn't the issue. Last time I telnet in and typed this command:
    type command: nvram show | grep http_
    and then had to change:
    http_enable=0
    to
    http_enable=1

    Anyone know why I can't access the interface anymore based on these settings? Can someone help me with the telnet commands to either fix if the reason is known, or, to disable the remote access again so I can get back to the settings I had?
     
  2. mvsgeek

    mvsgeek Addicted to LI Member

    Perhaps the web server has terminated? From a telnet prompt, try this :

    ps | grep http

    If you don't see httpd running, try this :

    service httpd start

    You could also try

    service httpd restart
     
  3. TekTimer

    TekTimer Serious Server Member

    Thanks for the direction, very helpful since I don't have much experience at all at the command prompt level.

    I did reboot the router by pulling the plug and putting it back in so I'm guessing that would have restarted httpd itself but i'll give your commands a try. At work now but will try later.

    If anyone else has any other ideas please do share and i'll try them all :)
     
  4. TekTimer

    TekTimer Serious Server Member

    No luck with the commands above. When I typed ps | grep http it came back with :
    1070 root 1728 S grep http


    If I type service httpd restart it shows:
    ..
    Done.


    Either way the web admin interface is still inaccessible.

    I tried to type the command ps I don't think I see http or https in the list, it should be, correct?

    Here is what I see when I type just plain ps (and top returns something similar without http or https):
    Code:
    Tomato v1.28.7502 MIPSR2Toastman-RT K26 USB Ext
    root@unknown:/tmp/home/root# ps
      PID USER      VSZ STAT COMMAND
        1 root      1348 S    /sbin/init noinitrd
        2 root        0 SW<  [kthreadd]
        3 root        0 SW<  [ksoftirqd/0]
        4 root        0 SW<  [events/0]
        5 root        0 SW<  [khelper]
      18 root        0 SW<  [kblockd/0]
      44 root        0 SW  [pdflush]
      45 root        0 SW  [pdflush]
      46 root        0 SW<  [kswapd0]
      47 root        0 SW<  [aio/0]
      89 root        0 SW<  [mtdblockd]
      281 root      752 S    hotplug2 --persistent --no-coldplug
      320 root      1340 S    buttons
      321 root      1300 S    console
      322 root      1736 S    /bin/sh
      324 root      1728 S    syslogd -L -s 50 -b 1
      326 root      1728 S    klogd
      337 root        0 SW<  [khubd]
      380 root      736 S    {p910nd} p9100d  -f /dev/usb/lp0 0
      511 root      1732 R    telnetd -p 23
      513 root      1012 S    eapd
      516 root      1192 S    nas
      551 root      1748 S    crond -l 9
      553 root      1028 S    rstats
      561 root      1028 S    cstats
      577 root      1744 S    udhcpc -i vlan2 -b -s dhcpc-event -H unknown -m
      583 nobody    1236 S    dnsmasq -c 1500 --log-async
      953 root      1004 S    miniupnpd -f /etc/upnp/config
    1207 root      1740 S    -sh
    1211 root      1732 R    ps
    root@unknown:/tmp/home/root#
    Does this mean http nor https are running any longer?

    Anyone know how to use Telnet to disable remote and get back to the default settings as seen in this screenshot?
    [​IMG]
     
    Last edited: Nov 22, 2013
  5. TekTimer

    TekTimer Serious Server Member

    In addition to my last message, I did some more poking around and from what I can tell it seems like the settings are proper, but when I type PS as I showed above http or https do not display in the list.

    nvram find http returns:
    Code:
    root@unknown:/www# nvram find http
    http_enable=1
    http_id=TID33f7a4efd10d6e2f
    http_lanport=80
    http_passwd=XXXXX
    http_username=
    http_wanport=8082
    https_crt=
    https_crt_cn=
    https_crt_save=0
    https_enable=1
    https_lanport=443
    qos_orules=0<<-1<d<53<0<<0:10<<0<DNS>0<<-1<d<37<0<<0:10<<0<Time>0<<17<d<123<0<<0
    :10<<0<NTP>0<<-1<d<3455<0<<0:10<<0<RSVP>0<<-1<d<9<0<<0:50<<4<SCTP, Discard>0<<-1
    <x<135,2101,2103,2105<0<<<<4<RPC (Microsoft)>0<<17<d<3544<0<<<<-1<Teredo Tunnel>
    0<<6<x<22,2222<0<<<<3<SSH>0<<6<d<23,992<0<<<<3<Telnet>0<<6<s<80,5938,8080,2222<0
    <<<<3<Remote Access>0<<-1<x<3389<0<<<<3<Remote Assistance>0<<-1<x<6970:7170,8554
    <0<<<<2<Quicktime/RealAudio>0<<-1<d<1220,7070<0<<<<2<Quicktime/RealAudio>0<<-1<x
    <554,5004,5005<0<<<<2<RTP, RTSP>0<<-1<x<1755<0<<<<2<MMS (Microsoft)>0<<-1<d<3478
    ,3479,5060:5063<0<<<<1<SIP, Sipgate Stun Services>0<<-1<s<53,88,3074<0<<<<1<Xbox
    Live>0<<6<d<1718:1720<0<<<<1<H323>0<<-1<d<11031,11235:11335,11999,2300:2400,607
    3,28800:29100,47624<0<<<<1<Various Games>0<<-1<d<1493,1502,1503,1542,1863,1963,3
    389,5061,5190:5193,7001<0<<<<6<MSGR1 - Windows Live>0<<-1<d<1071:1074,1455,1638,
    1644,5000:5010,5050,5100,5101,5150,8000:8002<0<<<<6<MSGR2 - Yahoo>0<<-1<d<194,17
    20,1730:1732,5220:5223,5298,6660:6669,22555<0<<<<6<MSGR3 - Additional>0<<-1<d<19
    294:19310<0<<<<6<Google+ & Voice>0<<6<d<6005,6006<0<<<<6<Camfrog>0<<-1<x<6571,68
    91:6901<0<<<<6<WLM File/Webcam>0<<-1<a<<0<skypetoskype<<<1<Skype to Skype>0<<-1<
    a<<0<skypeout<<<-1<Skype Phone (deprecated)>0<<-1<a<<0<youtube-2012<<<2<YouTube
    2012 (Youtube)>0<<-1<a<<0<flash<<<2<Flash Video (Youtube)>0<<-1<a<<0<httpvideo<<
    <2<HTTP Video (Youtube)>0<<-1<a<<0<rtp<<<2<RTP>0<<-1<a<<0<rtmp<<<2<RTMP>0<<-1<a<
    <0<rtmpt<<<2<RTMPT (RTMP over HTTP)>0<<-1<a<<0<shoutcast<<<2<Shoutcast>0<<-1<a<<
    0<irc<<<6<IRC>0<<6<d<80,443,8080<0<<0:512<<4<HTTP, HTTPS, HTTP Proxy>0<<6<d<80,4
    43,8080<0<<512:<<7<HTTP, SSL File Transfers>0<<6<d<20,21,989,990<0<<<<7<FTP>0<<6
    <d<119,563<0<<<<7<NNTP News & Downloads>0<<6<d<25,587,465,2525<0<<<<5<SMTP, Subm
    ission Mail>0<<6<d<110,995<0<<<<5<POP3 Mail>0<<6<d<143,220,585,993<0<<<<5<IMAP M
    ail>0<<17<d<1:65535<0<<<<9<P2P (uTP, UDP)
    remote_mgt_https=1
    nvram find https returns:
    Code:
    root@unknown:/www# nvram find https
    https_crt=
    https_crt_cn=
    https_crt_save=0
    https_enable=0
    https_lanport=443
    remote_mgt_https=1
    Even though I saw they were confirmed above, I went ahead and ran this code just to be certain :
    Code:
    nvram set http_enable=1
    nvram set https_enable=1
    nvram commit
    reboot
    I read somewhere on the web to run this command (netstat -l -n | grep LISTEN)to see if the ip/port was listening, and here was the result which I do not see http or https:
    Code:
    root@unknown:/tmp/home/root# netstat -l -n | grep LISTEN
    
    tcp        0      0 0.0.0.0:35250          0.0.0.0:*              LISTEN
    tcp        0      0 0.0.0.0:53              0.0.0.0:*              LISTEN
    tcp        0      0 :::9100                :::*                    LISTEN
    tcp        0      0 :::53                  :::*                    LISTEN
    tcp        0      0 :::23                  :::*                    LISTEN

    So after all this goose chasing, the problem is that when I enabled remote access, it somehow stopped http and https from starting automatically, and they will not start manually either if I understand all of this right.

    Can anyone help me figure out why http and https are not running, how to get them to restart as they should when the router reboots?

    I'm a newbie so sorry if lots of this is common sense for some of you guys and I should know it, I just don't have the experience but am trying.
     
    Last edited: Nov 22, 2013
  6. mvsgeek

    mvsgeek Addicted to LI Member

    It definitely looks like the httpd service can no longer start. I replicated your settings on a test RT-N12 running Toastman, and issued the following command sequence (via ssh, not telnet):

    root@tcb431:/tmp/home/root# nvram find https
    https_crt=
    https_crt_cn=
    https_crt_save=0
    https_enable=1
    https_lanport=443
    remote_mgt_https=1

    root@tcb431:/tmp/home/root# ps | grep http
    28004 root 2528 S httpd
    28037 root 1240 S grep http

    root@tcb431:/tmp/home/root# netstat -l -n | grep LISTEN
    tcp 0 0 192.168.3.1:80 0.0.0.0:* LISTEN
    tcp 0 0 192.168.1.43:8082 0.0.0.0:* LISTEN
    tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN
    tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
    tcp 0 0 192.168.3.1:443 0.0.0.0:* LISTEN

    root@tcb431:/tmp/home/root# service httpd stop
    .
    Done.

    root@tcb431:/tmp/home/root# netstat -l -n | grep LISTEN
    tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN
    tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN

    root@tcb431:/tmp/home/root# ps|grep http
    28046 root 1240 S grep http

    root@tcb431:/tmp/home/root# service httpd start
    .
    Done.

    root@tcb431:/tmp/home/root# ps|grep http
    28050 root 2528 S httpd

    root@tcb431:/tmp/home/root# netstat -l -n | grep LISTEN
    tcp 0 0 192.168.3.1:80 0.0.0.0:* LISTEN
    tcp 0 0 192.168.1.43:8082 0.0.0.0:* LISTEN
    tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN
    tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
    tcp 0 0 192.168.3.1:443 0.0.0.0:* LISTEN

    You should be able to access the log via telnet after a power cycle, maybe it will shed some light. Failing that, a 30-30-30 reset is probably your only option:(
     
  7. JoeDirte

    JoeDirte Serious Server Member

    You could try http://<yourInternetIP>:8082/ and see if that works since that's what you enabled through the GUI. You need to find your external IP address first. If that works, you can disable the remote access and try to access it on the internal IP again afterwards.
     
  8. TekTimer

    TekTimer Serious Server Member

    Thanks for all the help. I am going to give this a try when I get back to the router tonight. I


    I tried it all:
    192.168.1.1
    192.168.1.1:80
    192.168.1.1:8082
    http://192.168.1.1
    http://192.168.1.1:80
    http://192.168.1.1:8082
    https://192.168.1.1:443
    All combinations of my external IP

    I have DDNS enabled and tried those addresses as well with no luck. I think the problem is deeper since I don't think http or https are running at all.

    I even tried to connect remotely in the chance that somehow I disabled local access but remote access would still function.

    None worked except for telnet.

    Going to try some of the recommendations posted here, and some I received via PM. If one of the suggestions work I will be sure to share it here in case someone needs it in the future.

    If anyone has any other ideas why http and https would have completely failed or ways to try to resurrect it without a reset please do share.
     
  9. TekTimer

    TekTimer Serious Server Member

    Well, after about an hour of playing, tweaking, and reloading. I finally found the issue. It was the version of Toastman USB I was running was problematic. Not sure why, but for whatever reason when that version had HTTP&HTTPS local access enabled, it would not run httpd any longer. I'll give the run down in case it may help someone else one day.

    So after lots of trying, httpd simply was not able to be resurrected. I took the advice from the posts here, some PM posts, and other stuff on the web, but none brought it back. I'm a newbie at the commands, but I seemed to be doing everything right but had no success.

    Ultimately httpd (http and or https) were not functional any longer. Tried it all, and nothing would get it working, so, I did the old nvram erase, and reboot command.

    That put me on a fresh slate. So I started recofiguring everything and then it dawned on me that I should attempt enabling http/https local access, and https remote access right now before I went and further.

    I did this, and the same thing happend. Router couldn't be accessed from the web gui any longer, only telnet, and ssh if I enabled it via telnet.

    I tried a few combinations of only changing the local access without enabling remote access, and that was the problem right then and there.

    As a test, I did another netstat -l -n | grep LISTEN command and this was what I got:
    Code:
    tcp        0      0 0.0.0.0:1329            0.0.0.0:*              LISTEN
    tcp        0      0 0.0.0.0:53              0.0.0.0:*              LISTEN
    tcp        0      0 0.0.0.0:22              0.0.0.0:*              LISTEN
    tcp        0      0 :::9100                :::*                    LISTEN
    tcp        0      0 :::53                  :::*                    LISTEN
    tcp        0      0 :::22                  :::*                    LISTEN
    tcp        0      0 :::23                  :::*  
    Wipe it fresh and do the same command and this is what I would get:
    -n -l | grep LISTEN
    Code:
    tcp        0      0 192.168.1.1:80          0.0.0.0:*               LISTEN
    tcp        0      0 0.0.0.0:53              0.0.0.0:*               LISTEN
    tcp        0      0 0.0.0.0:27868           0.0.0.0:*               LISTEN
    tcp        0      0 :::9100                 :::*                    LISTEN
    tcp        0      0 :::53                   :::*                    LISTEN
    tcp        0      0 :::23                   :::*                    LISTEN
    Also, both times httpd would not show when running ps or top, but when wiped clean and the -n -l | grep LISTEN command actually showed the 192.168.1.1 address it did show.

    I also tried to restart the httpd/http/https services with no success.

    So ultimately by enabling the Local HTTP & HTTPS setting, it would kill these services and not allow them to run any longer even on a fresh reload of the firmware.

    I then decided to go grab the very latest version of TomatoUSB and test, and that is where I learned that version of the firmware was the problem, and not what I was inputting.

    So ultimately about 2 hours of life spent trying to get it to work, but what I learned in the process, and how it forced me to use ssh and commands I am grateful since I now understand how everything is working much better, and if I run into more issues I should be able to hopefully overcome them easier.

    The bad firmware that had this issue was:
    Tomato Firmware v1.28.7502 MIPSR2Toastman-RT K26 USB Ext

    The new one I loaded that does not have this problem any longer and works well is:
    Tomato Firmware v1.28.7503 MIPSR2Toastman-RT K26 USB VPN

    I guess this is one of the small downsides of running an open source free firmware but as everone understands it is built out of lots of time and dedication, and its free.

    I just reconfigured everything with the updated firmware and everything seems to be running as it should.

    Thanks again to everyone who shared knowledge and helped out.
     
    JoeDirte likes this.
  10. Justio

    Justio Serious Server Member

    @TekTimer

    Putty -> SSH to your router

    Try this:
    nvram find http -> and see what's disabled (equals "zero") http, https or both => I had: http_enable=0 and also https_enable=0

    than:
    set http enable 1

    Acces than the router trough your browser via http://...., disable remote access, reconfigure your access settings, reboot.


    That's it!
    Thank's for the post => I had the same problem and this helped me narrow my search a little bit :)
     

Share This Page