Accessing modem remotely via a Tomato Router?

Discussion in 'Tomato Firmware' started by Toink, Feb 2, 2011.

  1. Toink

    Toink Network Guru Member

    Ok, I can access my modem's GUI locally using a script in tomato. I can also access my router with Tomato remotely from any place where internet is connected.

    With the script in place, (to access the modem locally), is there any way to access my modem's GUI remotely as well? :confused: Thanks! :)
  2. mstombs

    mstombs Network Guru Member

    Have you tried a simple portforward?
  3. Toink

    Toink Network Guru Member

    Hmm.... never thought of that :redface:

    So in theory, say my modem's IP is, I can port forward say 8181 to, and then I should be able to access to it as:

    http://myIPaddress:8181 :confused:

    Will try, it then :) Thanks!


    It works!!!:drinking:

    Da-yum!! Thank you!!! :clap:
  4. mstombs

    mstombs Network Guru Member

    worth a try, you might also need to change port? I guess modem security not the greatest - but only real risk is a DOS if bridge modem config changed?
  5. Toink

    Toink Network Guru Member

    This idea just hit me while I was planning my long vacation.... Why I haven't thought of the port forwarding beats me... I'm glad I got you and to turn to.

    Thanks mstombs :)
  6. CBR900

    CBR900 Network Guru Member

    Can you help please

    My modem is connected to my router in bridge mode:

    Modem ip:
    Router ip:

    and I tried this


    And did not work :(

    I want to access the modem gui from the internet
  7. Toink

    Toink Network Guru Member

    Do you have the script in place in your Tomato router's firewall menu?

    Ideally, the modem's IP is of a different subnet to your router's IP: = modem and = router
  8. CBR900

    CBR900 Network Guru Member

    I have my modem ip = set as in the picture below and no scripts firewall menu

  9. Toink

    Toink Network Guru Member

    Yes, I see that. But have you actually tried placing the script and changeing the modem's IP?
  10. CBR900

    CBR900 Network Guru Member

    I change my modem ip to and still not working :(

    I did not use the script since there is a field for the modem ip in basic/network page.

    Can you help pls
  11. Toink

    Toink Network Guru Member

    It will not work without the scipt. Those two conditions has to be met. Simple as that.
  12. CBR900

    CBR900 Network Guru Member

    can post your scripts...I change my IPs to the same IPs you use
  13. Planiwa

    Planiwa Network Guru Member

    How to access modem remotely:

    1. Basic > Network "Route Modem IP"
    enter modem's actual IP address (on different subnet from router)
    e.g.: (ROUTER:

    NB: if you cannot ping your modem, there is no point proceeding with the remainder!

    2. Basic > Network > "Static DHCP/ARP & Bandwidth Monitoring of LAN Clients"
    make an entry for the Modem. then you can access the modem by name from the LAN (This is only for convenience.)

    Now you should be able to see and access the modem from the LAN. Try:

    arp ## can you see the modem? what interface is it on? vlan2?
    arping -c5 -I vlan2 modem
    ping -c5 modem
    telnet modem

    and, of course http://modem/

    3. Port Forwarding > Basic
    make an entry like this:
    ON TCP _ 8181 80 modem

    (ADD, then SAVE)

    Now you should be able to access the modem like this:

    NB: http, not https

    And, anyone else can try to do so as well. If you want to restrict Internet access to the modem to a particular Internet host, put its IP address under "Src Address" in step 3. (Instead of _ )
    CBR900 likes this.
  14. Toink

    Toink Network Guru Member

    Paste the code on the top most of the firewall field. Save and reboot you router.

    iptables -I POSTROUTING -t nat -o vlan1 -d -j MASQUERADE
    ip addr add dev vlan2 brd +
  15. Dark_Shadow

    Dark_Shadow LI Guru Member

    What about this save in "int"
    ifconfig `nvram get wan_ifname`:0 netmask
    This saved at the top of firewall

    iptables -t nat -I POSTROUTING -o `nvram get wan_ifname` -j MASQUERADE
  16. CBR900

    CBR900 Network Guru Member

    thank you and all the guys who helped me

    its working
  17. Daijoubu

    Daijoubu Serious Server Member

    One can also SSH into the router and port forward Src: 80, Dest: modemip:80

    Then access it through http://localhost, that way it's password protected behind SSH and through an encrypted tunel

    Edit: hmm it looks like we can login as root, which means it could be prone to brute force if we enable password login, is it possible to include "su" and set the dropbear config RootLogin to no?
    That way an attacker would need to guess the username and the password
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice