FW: Working, Static, Etc but recently Admin login Page not showing

Discussion in 'Tomato Firmware' started by crashnburn, Aug 7, 2012.

  1. crashnburn

    crashnburn LI Guru Member FW: Working, Static, Etc but recently Admin login Page not showing

    It was working fine for a long time now. I can ping it etc and all the Static DHCP etc is working but lately its Admin/ Web login page is not showing up at all.

    I see no reason why it would do so? Any thoughts? I am on the local LAN.

    Tried from many clients, Wired & Wireless. Powered off & on as well.

    Thoughts? Any ideas on what the error is indicating?
  2. Monk E. Boy

    Monk E. Boy Network Guru Member

    What happens if you telnet/ssh into the router? If you can connect, check to see if the http service is running.

    Anything interesting logged in /var/log/messages when you attempt to connect to the admin page via a web browser?
  3. crashnburn

    crashnburn LI Guru Member

    Just tried after you suggested using Putty -

    SSH - Connection Refused

    Telnet - Connects but unable to login using my login "admin" and my <password> (I tried many times). Its like someone/ hacker has taken over it.

    AS_TOM_HOST login: admin
    Login incorrect
    AS_TOM_HOST login:
    What can I do now?

    Is there anyway to reset the password (using a physical reset button) without losing all my settings - esp Network & Static DHCP Settings?
  4. koitsu

    koitsu Network Guru Member

    Are you absolutely certain the login name is "admin"? That is not the case on any Tomato/TomatoUSB router I've used (for years).

    The username/login is "root" (and I know of no way to change that), and the default password is "admin". This applies to telnet, SSH, and the web/GUI interface (they're all tied together).

    Please try again.

    Please do not jump to conclusions like "it's like some hacker has taken over it". Step back for a moment, take deep breaths, and settle down. We will help you figure things out, but there's no need to freak out this soon.
  5. Azuse

    Azuse LI Guru Member

    Incorrect. For web gui both admin and root are valid usernames, however for SSH/Telnet only root is a valid username i.e. SSH > root > pwrd. It's always been that way :)
    newprouser likes this.
  6. koitsu

    koitsu Network Guru Member

    Thanks for correcting me Azuse -- had no idea that was the case for the GUI. Learn something new all the time. :)
  7. crashnburn

    crashnburn LI Guru Member

    Ok. I am not going hyper here.. Lol! Just that this is wierd.

    So I am going to try with "root" on Telnet since SSH & WebAdmin are both - CONNECTION REFUSED.

    So, does the Root have a default password or does it CHANGE to the same as Web Admin when someone changes the "admin" password through the Web Admin?

    I know the "admin" & <Mypassword> that I used on the Web Admin.


    I logged in on Telnet using "root" and <Mypassword> from WebAdmin.

    Now what are my options? I'd like to save a bunch of the configuration info (especially a lot of the IP & Mac stuff I've put in Static DHCP) and when I have more time I'd updated it with the new Shibby or Toastman build.
  8. crashnburn

    crashnburn LI Guru Member

    I was able to connect via Telnet and play around with some of my *nix commands I remember from a while back.

    Here's some output. Where do I go now and what do I do? What can I do?
    Do I/ can I download this "messages" log file to my Windows desktop via Telnet? Its been ages and dont know how.

    AS_TOM_HOST login: root
    Tomato v1.28.9054 MIPSR2-beta K26 USB vpn3.6
    root@AS_TOM_HOST:/tmp/home/root# ls
    root@AS_TOM_HOST:/tmp/home/root# /var/log/messages
    -sh: /var/log/messages: Permission denied
    root@AS_TOM_HOST:/tmp/home/root# chdir
    root@AS_TOM_HOST:/tmp/home/root# chdir /var/log/messages
    -sh: chdir: can't cd to /var/log/messages
    root@AS_TOM_HOST:/tmp/home/root# ls
    root@AS_TOM_HOST:/tmp/home/root# ls-l
    -sh: ls-l: not found
    root@AS_TOM_HOST:/tmp/home/root# cd
    root@AS_TOM_HOST:/tmp/home/root# cd..
    -sh: cd..: not found
    root@AS_TOM_HOST:/tmp/home/root# chdir..
    -sh: chdir..: not found
    root@AS_TOM_HOST:/tmp/home/root# chdir /
    root@AS_TOM_HOST:/# ls
    bin    cifs2  etc    jffs  mmc    opt    rom    sbin  tmp    var
    cifs1  dev    home  lib    mnt    proc  root  sys    usr    www
    root@AS_TOM_HOST:/# cd var
    root@AS_TOM_HOST:/tmp/var# ls
    lib    lock    log    notice  run    spool  tmp    webmon  wwwext
    root@AS_TOM_HOST:/tmp/var# cd log
    root@AS_TOM_HOST:/tmp/var/log# dir
    -sh: dir: not found
    root@AS_TOM_HOST:/tmp/var/log# ls
    messages    messages.0
    root@AS_TOM_HOST:/tmp/var/log# cd messages
    -sh: cd: can't cd to messages
  9. crashnburn

    crashnburn LI Guru Member

    Ok. I am not sure what all commands and features it allows. After some googling I tried "top"

    Here's the output.

    Mem: 16900K used, 110052K free, 0K shrd, 2188K buff, 6852K cached
    CPU:  0% usr  0% sys  0% nic  99% idle  0% io  0% irq  0% sirq
    Load average: 0.00 0.00 0.00 2/27 2070
    2070  2041 root    R    1708  1%  0% top
      408    1 root    S    2544  2%  0% httpd -s
    2041  384 root    S    1720  1%  0% -sh
      395    1 root    S    1720  1%  0% crond -l 9
      564    1 root    S    1720  1%  0% udhcpc -i vlan2 -b -s dhcpc-event -H A
      328  327 root    S    1712  1%  0% /bin/sh
      384    1 root    S    1704  1%  0% telnetd -p 23
      330    1 root    S    1700  1%  0% syslogd -L -s 50
      332    1 root    S    1696  1%  0% klogd
        1    0 root    S    1308  1%  0% /sbin/init noinitrd
      326    1 root    S    1296  1%  0% buttons
      327    1 root    S    1264  1%  0% console
      398    1 root    S    1192  1%  0% nas
    1442    1 nobody  S    1076  1%  0% dnsmasq -c 1500 --log-async
      404    1 root    S    1028  1%  0% rstats
      389    1 root    S    1012  1%  0% eapd
      286    1 root    S      748  1%  0% hotplug2 --persistent --no-coldplug
      90    2 root    SW<      0  0%  0% [mtdblockd]
        5    2 root    SW<      0  0%  0% [khelper]
        2    0 root    SW<      0  0%  0% [kthreadd]
        3    2 root    SWN      0  0%  0% [ksoftirqd/0]
        4    2 root    SW<      0  0%  0% [events/0]
      17    2 root    SW<      0  0%  0% [kblockd/0]
      43    2 root    SW      0  0%  0% [pdflush]
      44    2 root    SW      0  0%  0% [pdflush]
      45    2 root    SW<      0  0%  0% [kswapd0]
      46    2 root    SW<      0  0%  0% [aio/0]
  10. koitsu

    koitsu Network Guru Member

    top shows httpd running, which means the webserver is at least running on TCP port 80. You can verify that it's listening by doing netstat -l -n | grep LISTEN (please note that UNIX is case-sensitive so type that command correctly; that's netstat hyphen-ELL not hyphen-ONE, and that's a pipe symbol (Shift Key + \ Key)). You should see a line like this:

    tcp        0      0*              LISTEN
    The above is from my own RT-N16 router, and indicates the webserver is listening on IP address (default). If you have changed the IP address of your router then yours may be listening on a different IP.

    The -s flag to httpd causes it to listen on TCP port 443 (SSL / HTTPS) as well, so you should have a similar entry for :443. Based on that I can tell, bare minimum, you have enabled HTTPS in the router (via the GUI, this would be: Administration -> Admin Access -> Local Access -> HTTP & HTTPS).

    There is also the possibility that you chose Local Access -> HTTPS, in which case the router is ONLY listening on port 443, and you will not be able to diagnose the problem described below (because the below method uses plaintext/HTTP, not HTTPS. There is no way to diagnose SSL this way)

    You can verify the webserver is actually functional by telnetting to the IP address on port 80 and verifying it manually. Given your unfamiliarity with UNIX (I can see you doing things like trying to cd into files rather than directories, and doing things like "ls-l" when you mean "ls -l" (note the space)), this may be difficult for you to verify.

    This is how you would verify it -- by issuing telnet {ipaddressofrouter} 80 on the router itself (do not use "telnet localhost 80" or "telnet 80" if someone tells you to). If it's successful in connecting, you won't see any output. At that point you need to type in GET / HTTP/1.0 and hit Enter twice. It's very important you use proper capitalisation and proper spacing here.

    You should get back an HTTP 401 response from the server indicating lack of authentication credentials, which is normal. If you get back this response, then the webserver is answering / alive / working and the problem is with something else on your network or you have done something very strange to your router/configuration (possibly iptables/firewall-related) and managed to lock yourself out of it (effectively).

    Here's an example of what you should see:

    root@gw:/tmp/home/root# telnet 80
    GET / HTTP/1.0
    HTTP/1.0 401 Unauthorized
    Date: Fri, 10 Aug 2012 17:10:31 GMT
    Content-Type: text/html; charset=utf-8
    Cache-Control: no-cache, no-store, must-revalidate, private
    Expires: Thu, 31 Dec 1970 00:00:00 GMT
    Pragma: no-cache
    WWW-Authenticate: Basic realm="tomato"
    Connection: close
    <html><head><title>Error</title></head><body><h2>401 Unauthorized</h2> Unauthorized</body></html>Connection closed by foreign host
    The telnet binary that comes with Busybox is a complete pile of junk, but that's the way it goes. At least it functions to this degree. :)

    If you want to view the router log, you can simply do cat /var/log/messages and see the output for yourself. The information in the log is only helpful if you know what you're looking at though.
  11. crashnburn

    crashnburn LI Guru Member

    Thanks. I just ran netstat as you had suggested (I've used it many times) and it showed up with this:

    Tomato v1.28.9054 MIPSR2-beta K26 USB vpn3.6
    root@AS_TOM_HOST:/tmp/home/root# netstat -l -n | grep LISTEN
    tcp        0      0    *              LISTEN
    tcp        0      0 192.168.X.Y:443*              LISTEN
    tcp        0      0 :::53                  :::*                    LISTEN
    tcp        0      0 :::23                  :::*                    LISTEN
    After looking at 443 I just remembered that I had probably set it up for HTTPS access only. Figured out why I was not able to access. Thank you so much. I totally forgot and was wondering why HTTP was being rejected.

    Damn, I figured that even if I accessed via HTTP, it would auto-invoke & go from HTTP to HTTPS to secure the connection as with certain sites I've used.
    Is there a way to make it do that?
  12. crashnburn

    crashnburn LI Guru Member

    Thanks a lot all of you for the guidance.
  13. koitsu

    koitsu Network Guru Member

    Ah, always the simple explanation... ;-) Glad you got it figured out.

    At this time there is no way to make the webserver automatically redirect http://routerip/ to https://routerip/. And yes, this is something that needs to be done 100% within the webserver, not via iptables rules or otherwise. Is it do-able (technologically)? Yes absolutely, but such a feature presently does not exist. You know the open-source mantra by now I'm sure: patches are welcome...
  14. Hans van Luttikhuizen

    Hans van Luttikhuizen Serious Server Member

    I'm having a very similar problem, I can't log in. Except my router running tomato shows this:

    Mem: 11776K used, 2752K free, 0K shrd, 1416K buff, 4904K cached
    CPU:  0% usr  2% sys  0% nic  97% idle  0% io  0% irq  0% sirq
    Load average: 1.00 0.97 0.68 1/15 1573
        3    1 root    SWN      0  0%  0% [ksoftirqd_CPU0]
      185    1 root    D      996  7%  0% miniupnpd -f /etc/upnp/config
    1573  1571 root    R    1952  13%  2% top
        1    0 root    S    1728  12%  0% init noinitrd
      63    1 root    S    1940  13%  0% telnetd -p 23
        7    1 root    SW      0  0%  0% [mtdblockd]
    1571    63 root    S    1972  14%  0% -sh
    1569    1 root    S    1968  14%  0% /bin/sh /etc/qos stop
    1570  1569 root    S    1480  10%  0% tc qdisc del dev vlan1 root
      332    1 root    S    1952  13%  0% udhcpc -i vlan1 -s dhcpc-event -H unkn
      70    1 root    S    1532  11%  0% dropbear -p 22
        2    1 root    SW      0  0%  0% [keventd]
        4    1 root    SW      0  0%  0% [kswapd]
        5    1 root    SW      0  0%  0% [bdflush]
        6    1 root    SW      0  0%  0% [kupdated]
    # netstat -l -n | grep LISTEN
    tcp        0      0  *              LISTEN
    tcp        0      0    *              LISTEN
    tcp        0      0    *              LISTEN
  15. koitsu

    koitsu Network Guru Member

    httpd isn't running on your router, which is why the web page / GUI interface doesn't work. You can try starting it manually (run httpd or httpd -s), but I make no promises that it stays up/running. Otherwise just reboot the router via the reboot command and see if it comes back up.

    I also find it funny that there's a "/etc/qos stop" script still running. Amusing. I would strongly advocate rebooting the router altogether.
    Hans van Luttikhuizen likes this.
  16. Hans van Luttikhuizen

    Hans van Luttikhuizen Serious Server Member

    Thank you very much, it didn't seem to work after the first reboot, but it's back up and running now!
  17. TVOps

    TVOps New Member Member

    I'm unable to access the web GUI for my tomato flashed router.
    I am attempting to Telnet into my Linksys and after running the grep LISTEN command I get this:
    # netstat -l -n | grep LISTEN
    tcp        0      0  *               LISTEN
    tcp        0      0    *               LISTEN
    tcp        0      0    *               LISTEN
    tcp        0      0   *               LISTEN
    I've confirmed httpd is running. I'm pretty sure I had configured this to only allow wired connections (I'm wired in) from a specific hostname (I've got that, checked with the iptables --list command) and HTTPS yet when I try to connect via, I get connection refused, invalid auth, etc. I never even get the option of putting in my username and password. Perhaps I also set this up to only allow connections from a certain IP? Is there any way to check that via Telnet?
  18. Monk E. Boy

    Monk E. Boy Network Guru Member

    You need to connect via for 443, not - https uses 443 by default. If you just type into a modern dumbed-down web browser it'll try to connect over http, which will fail.

    If you use a hostname the system will do a one-time hostname-to-ip lookup at or shortly after startup and whatever ip it determines at that time for that hostname is the ip used for the iptables rule until the router is rebooted. As a result it's not a good idea to use hostnames, just use an IP and set the system to a static DHCP lease, so it'll always get set to that IP (and other systems won't get assigned that IP).

    If https doesn't let you in, I would guess that you need to delete the iptables rule and change your configuration around to not use the hostname anymore.

    Also, if you're feeling particularly security conscious, you probably should turn off telnet & enable SSH instead, since telnet sends everything in plain text. For Windows PuTTY is a free SSH client that's (last time I checked) fairly well trusted and open source.

    Finally, in the future, rather than find some somewhat unrelated old thread and bumping it with your new problem, you probably should create your own topic. It's not like old threads are going to get more attention.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice