1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Need help for remotely access WRT54(s) behind a gatewat WRT54

Discussion in 'Tomato Firmware' started by winwin, Jul 3, 2007.

  1. winwin

    winwin LI Guru Member

    I have WRT54 as a gateway router (192.168.1.13) connected its WAN port to an ADSL modem to the net. And I have two WRT54 (192.168.1.14 and 15)connected their LAN port to the gateway WRT54's LAN ports. All are tomato 1.07.

    My requirement is to access the behind WRT54 (192.168.1.14 and 15) remotely from the net. What I have done and found out were as the following.

    (1). Config port forwarding in my gateway WRt54 (192.168.1.13)
    EXT 8084, INT 8080 --> IP 192.168.1.14 - not work
    Ext 8084, INT 80 --> IP 192.168.1.14 - not work
    Ext 8084, INT 443 --> IP 192.168.1.14 - using https - not work.

    (2). Try to access from the net, it didn't work.

    (3). Try to ping from my WRT54 (192.168.1.14) to the net (out from my network). it seem like "the WRT54 don't know where are its gateway to go" but it can ping to the gateway 192.168.1.13

    I am sure that if my 192.168.1.14 can know its gateway to send the packet back, it would be work.

    Please help.

    I also try to use the static route to set the default gateway. there was not thing change.
     
  2. ifican

    ifican Network Guru Member

    It wont work that way as you have discovered. What you can do is connect the wan ports of your other 2 routers to the lan ports of .13, you can now port forward to whatever ports you have set up for remote management. Keep in mind though you will need to have different ext port numbers for each router, you can use 8084 with .14 but you will need to use a different port for .15. Also if you want to use 443 you will have to turn on https for secure management but know that if you are using 443 on .13 you will not beable to forward it on to any other router.
     
  3. silentaccord

    silentaccord Network Guru Member

    Why won't it work that way? If the .14 and .15 routers can be accessed on port 80 (or 443 if https is enabled) from the LAN, there's no reason why forwarding different external ports to 80 or 443 on these devices shouldn't work. I've actually done this myself. Connecting the WAN ports of the 2 additional WRTs to the main router would require enabling the DHCP servers on these 2 routers and then you end up with a second unnecessary layer of NAT. The fact that .14 can't ping past the gateway seems to be a clue about the actual problem.

    My advice is to keep things connected the way you have it now. Then go to the Basic-Network pages on the .14 and .15 routers and make sure they're setup like this:
    1) Set the connection type to "Disabled" because you're not using the WAN ports on these 2 devices.
    2) For the LAN settings, you should have already entered 192.168.1.14 or 192.168.1.15 as the router IP address but make sure you also have the subnet mask (255.255.255.0), default gateway (192.168.1.13) and one static DNS entry (192.168.1.13).
    3) Uncheck (disable) DHCP server because it should only be running on the gateway. Click Save and try to reach the .14 and .15 routers remotely using TCP forwarding to port 80. If you still have trouble, try using a different external port number.

    One additional tip: For security, you should really only use https for remote access. On the Administration-Admin Access pages of the .14 and .15 routers, set local access to "HTTPS" or "HTTP & HTTPS." You can leave remote access disabled since you aren't using the WAN ports on these routers. Then on the .13 router, change your port forwards to use 443 as the internal port. When you want to access them, you'll probably have to use "https" in the address (i.e., https://yourhostname:8084).
     
  4. ifican

    ifican Network Guru Member

    I will have to say you are correct, however when i intially typed it i took it from the sense that he was wanting to segment the network and that was the whole point of having the extra routers instead of switches. So i assumed he had mistakenly connected the lan ports. The rest is what it is, but yes the config should also work the above stated way.
     
  5. winwin

    winwin LI Guru Member

    Thank you both of you for help.

    I did as Mr. Silentaccord recommend everything. and confirm that when we manage the WRT54 via its LAN port, it will not reply packets back to you if you are not in the same network with it.

    So, I discovered that my WRT .14 when do the ping (out to a destination in a different network such as 58.65.1.1), it can not reach that destination.

    Any comment, please.
     
  6. GeeTek

    GeeTek Guest

    When you port forward to an internal device, you cannot ping that internal device. Only traffic on that specific port is passed. ICMP stays on the outside of the gateway. Silentaccord's config is correct and works. I have an identical setup working fine. It is slightly more complex than yours. One of my inside devices is a router connecting by WAN. The other is an AP connecting WDS to the primary router. I can access all 3 devices and the secure web server on the #2 router LAN all at the same time. Attached is a screeen shot of my port forward settings. Let me know if you need more clarification.
     

    Attached Files:

  7. ifican

    ifican Network Guru Member

    Can you please provide a little more information

    Gateway router .13
    lan ip/subnetmast
    wan ip/subnetmask
    dhcp status
    default gateway

    router .14
    lan ip/subnetmast
    wan ip/subnetmask
    dhcp status
    default gateway

    router .15
    lan ip/subnetmast
    wan ip/subnetmask
    dhcp status
    default gateway

    at least one host
    lan ip/subnetmast
    default gateway

    And can you again verify that router .14 and .15 is connect from its lan port to .13?
     

Share This Page