Remote admin of Tomato Access point possible?

Discussion in 'Tomato Firmware' started by fefrie, Sep 2, 2014.

  1. fefrie

    fefrie Networkin' Nut Member

    I've got two routers.

    An asus rt-n16 which is the main router with the dhcp server turned on.

    A wrt54gl running as a wireless access point.

    Both have tomato firmware.

    I can remote log in to admin the asus using and I can log in fine.

    I configured the wrt to use the same login, but instead specified port 1001. I also created a port forwarding rule on the asus to forward port 1001 requests to the IP address of the WRT.

    But it doesn't work as I hoped.

    I don't have DDNS set up on the WRT. Is that necessary?
  2. Toastman

    Toastman Super Moderator Staff Member Member

    This is how all of mine are configured:

    AP's have web access as normal at port 80, so we need to forward to that port.

    Router accessed as normal with ddns-isp:8080

    AP1 accessed as ddns-ip:8011 etc ... repeat for as many AP's as necessary

    Router has port forward rule to AP1 for port 8011 ----> port 80
    Router has port forward rule to AP2 for port 8012 ----> port 80
    Router has port forward rule to AP3 for port 8013 ----> port 80 - etc..
  3. fefrie

    fefrie Networkin' Nut Member

    Wow, thanks Toastman.

    You are my Obi-Wan Kenobi.

    Your tutorial is the reason why I ditched DD-WRT

    I run my own little residential network, and what I needed done just wasn't possible with dd-wrt.

    It runs pretty well for a 7.5mbps network so much so that no one wanted to pay the extra $1.50 to upgrade it to a 25mbps network. The only people that suffer are the P2P people, but we don't care about those people anyways.
  4. gfunkdave

    gfunkdave LI Guru Member

    I'd strongly recommend doing this via ssh and a public/private key pair. Otherwise you leave your network wide open for potential attack...
  5. fefrie

    fefrie Networkin' Nut Member

    How would I go about doing that?
  6. gfunkdave

    gfunkdave LI Guru Member

    In Administration -> SSH, paste in your public key, check the box for remote access, choose an appropriate port (I use 443 because some corporate firewalls don't allow non-HTTP traffic out), and uncheck the Allow Password box.

    You can use any SSH program you like. If you're running Windows or Linux, PuTTy is a free and full-featured one. The PuTTygen utility that comes with it can generate the public/private key pair for you.
  7. Monk E. Boy

    Monk E. Boy Network Guru Member

    Does dropbear (the ssh daemon included with Tomato) support port tunneling?

    (for fefrie, I know you know this gfunkdave) Port tunneling allows you to create port on your local system, say port 8080, that gets connected over the SSH tunnel to a port on the system you're connected to, say port 80. So to connect to the remote system's port 80 you simply connect to port 8080 on your system (e.g. http://localhost:8080/ or Before VPN that's how I used to connect to remote systems, though to be honest I was doing it under *nix and not Windows... I know PuTTy can create tunnels, just not sure if dropbear supports them.

    I second the recommendation to not open your router's website up to the internet on a custom port. Hackers will randomly portscan your IP address, find the port, then run a script 24/7 until they find a valid username/password combination. What's real fun is when if do that against the PPTP daemon your router's CPU gets pegged at 100% (so I wouldn't recommend enabling PPTP).
  8. koitsu

    koitsu Network Guru Member

    Yes, dropbear supports SSH port forwarding/tunnelling. I believe it's enabled by default in TomatoUSB.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice