My case is so hard? (Remote Access to Admin Web GUI)

Discussion in 'Tomato Firmware' started by bchen, Feb 3, 2012.

  1. bchen

    bchen Networkin' Nut Member

    I've been trying this for 2 weeks. no luck. I looked at almost all related posts here but still couldn't get mine to work.

    Local access works when I point my browser to the local router IP of or the DDNS address of (belongs to

    I am trying to get remote access working and when I point a remote browser to or my.real.internet.ip:8080, nothing comes up.

    My network settings:
    I guess the complexity of my case is from the cable modem. Motorola SBG900. It comes with router functionality although I need it to be modem only. I disabled its NAT but its DHCP cannot be disabled so it got an IP and assigned an IP ( to my router A.The router A's WAN is wired to the modem.

    I have two routers (A and B) loaded with Tomato 1.28 as listed below. They are connected wirelessly via WDS. As an experiment, when I enable Remote access of Admin on this MODEM, I can access it remotely. It's currently disabled since what I want is the admin access of my router A.

    Router A (Asus RT-N16, Gateway) :
    Under Administration > Admin Access > Web Admin, I have the following setttings:
    Remote Access: checked and HTTP
    Port: 8080
    Allow Wireless Access: checked
    Note that the WAN of this router can get the internet (outside) IP address.

    Under Port Forwarding I have the following settings:
    Proto: Both
    Src Address: /blank/
    Ext Ports: 8080
    Int Port: 80
    Int Address:

    Router B (Linksys E3000, Router, wirelessly WDS with Router A) :
    This router is AP only.
    Both Gateway and DNS point to Router A (

    I want to access the Admin GUI of router A remotely but I can't no matter how hard I tried. I even tried that via OpenVPN. It barely works, a lot of timeout. It sometime shows GUI partially after several refresh (F5).

    Really frustrating! Please help.
  2. Monk E. Boy

    Monk E. Boy Network Guru Member

    Ideally you should setup Router A as the DMZ host on the SBG900. This will forward all unrequested traffic coming into the SBG900 to Router A, which includes remote access to Router A.

    You don't need to setup port forwarding on Router A, you've already setup remote access on port 8080 so the service is going to listen on port 8080 on the WAN port. Setting up a forward is just going to create problems, because only one or the other can listen on port 8080.

    Also, assuming you get this working, I would choose a different port than 8080. It's a very common port for http development.
  3. bchen

    bchen Networkin' Nut Member


    I tried. It's better. The admin GUI prompted me for user/pwd. it timed out after I input the login info. I refreshed it (F5), Firefox showed "transferring data from ..." first and then immediately changed to "connecting to ...". It eventually timed out again. I refreshed several times, it loaded the partial GUI. If I clicked any link on the incomplete GUI, it timed out again. I felt something's clogging it.
  4. Monk E. Boy

    Monk E. Boy Network Guru Member

    Well, I've only once tried to setup remote GUI access, and that was on an internal router that doesn't even have NAT enabled because it's routing between two NAT networks, and it just never opened a listen port on the WAN interface no matter what I did. At home I'm way too paranoid to open the GUI to the world, I've got a bad enough time with jackasses randomly launching DDoS attacks.

    You could try disabling remote GUI access and setting up the port forwarding rule. In theory that should work, you just don't want to do both at the same time.
    crashnburn likes this.
  5. ntest7

    ntest7 Network Guru Member

    I had trouble with remote access to the admin page over a cablemodem on port 8080 a while back. Sometimes it would work, sometimes not, sometimes I'd get half a page and then it would quit.

    A cable guy told me they use 8080 for remote management on some segments. I'm not sure I believe him, but using a different port (8888) fixed the problem immediately.

    The bottom line is 8080 wouldn't work reliably at that one site, but a different port did.
    crashnburn likes this.
  6. bchen

    bchen Networkin' Nut Member

    I tried with 8778 and 8888, the same problem... I feel the problem is so persistent as long as it's accessed remotely. I even tried with OpenVPN, with which I got an LAN IP ( at the remote site but I still couldn't access the GUI via its LAN ip ( Once I'm back to my home, I can access it either via LAN IP or WAN IP. Really odd! Are there any debugging tools running on Tomato, like tcpdump, showing more details?
  7. ntest7

    ntest7 Network Guru Member

    You don't still have any port forwarding active do you? Enabling remote access on the Admin/Access page takes care of that for you.
  8. bchen

    bchen Networkin' Nut Member

    No port forwarding for them. I traceroute from my router to my office IP, it stuck somewhere during the course but it worked fine from my office IP to my router. That explained why the GUI access always timed out? (packet lost on the way back to my office PC?)
  9. bchen

    bchen Networkin' Nut Member

    Never mind. I figured out. It's because the remote site (my office) somehow blocked the access, maybe some rules with the firewall blocked http but ok with ssh.
  10. Monk E. Boy

    Monk E. Boy Network Guru Member

    Aha! It's always the network nazi!

    (Note: my day job is to be a NN, though I try to be a kindler, gentler version)
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice