Access modem Web UI on WAN port (no script) failure

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

psychbiz

Regular Contributor
Running 384.13 on RT-AC86U and following Merlin's Github instructions ( https://github.com/RMerl/asuswrt-merlin/wiki/Access-modem-Web-UI-on-WAN-port-(no-script) ) for accessing the modem GUI from within a browser through my router. If I configure my router as per step 4, I can indeed access the modem's webUI, but unfortunately, that is all. Internet access is cut off. :(

I recall that method used to work fine before when I was using an RT-AC66U with Merlin's last firmware on it.

Is it actually possible to still do this? ie. access the bridged modem webUI from a browser through the router and still have internet access?
 

JDB

Very Senior Member
That guide is working exactly as intended, giving you temporary access to the modem in lieu of internet.

You can have permanent access if use a script to assign a 2nd IP to your router WAN interface (in addition to it’s normally assigned one).

I can share it if you are interested?


Sent from my iPhone using Tapatalk
 

JDB

Very Senior Member
First ensure you have enabled the JFFS partition and user scripts - https://github.com/RMerl/asuswrt-merlin/wiki/User-scripts

Then enable SSH and gain access - https://github.com/RMerl/asuswrt-merlin/wiki/SSHD

Create the file /jffs/scripts/init-start (using your preferred terminal editor - 'nano' is good for novices - give it a google for the basics) with the following contents;
Code:
#!/bin/sh

ifconfig $(nvram get wan_ifname):1 10.11.20.254 netmask 255.255.255.0
iptables -t nat -I POSTROUTING ! -s $(nvram get lan_ipaddr) -d 10.11.20.0/24 -j SNAT --to 10.11.20.254
logger Set routing to reach Modem

You will need to adjust the 10.11.20.0 to be the subnet of the modem and 10.11.20.254 (in both places!) to be the IP you are assigning to the router in that subnet.

Make the script executable with;
Code:
chmod a+x /jffs/script/init-start

Finally, reboot!

You should then be able to browse to the Modem IP and access the interwebs at the same time :)
 

psychbiz

Regular Contributor
I couldn't wait and gave it a try, but failed. I probably didn't understand your changes I needed to make properly:

If my bridged modem is on 10.1.1.1 and my router is 192.168.50.1 and WAN is set to automatic ip, then is the script syntax I've created correct?
Code:
#!/bin/sh

ifconfig $(nvram get wan_ifname):1 10.1.1.2 netmask 255.255.255.0
iptables -t nat -I POSTROUTING ! -s $(nvram get lan_ipaddr) -d 10.1.1.1.0/24 -j SNAT --to 10.1.1.1.2
logger Set routing to reach Modem

Code:
AC86U:/jffs/scripts# chmod a+x init-start
 

JDB

Very Senior Member
Code:
#!/bin/sh

ifconfig $(nvram get wan_ifname):1 10.1.1.2 netmask 255.255.255.0
iptables -t nat -I POSTROUTING ! -s $(nvram get lan_ipaddr) -d 10.1.1.0/24 -j SNAT --to 10.1.1.2
logger Set routing to reach Modem

One tiny edit made! 10.1.1.0 - you had 10.1.1.1.0

Edit - 2 tiny edits, 10.1.1.1.2 was too long as well


Sent from my iPhone using Tapatalk
 

JDB

Very Senior Member
See edit!


Sent from my iPhone using Tapatalk
 

psychbiz

Regular Contributor
For some reason its still not working. My first ever effort with a jffs script, so the error is probably mine. :( Below is a cut and paste from nano and also file properties:

Code:
#!/bin/sh

ifconfig $(nvram get wan_ifname):1 10.1.1.2 netmask 255.255.255.0
iptables -t nat -I POSTROUTING ! -s $(nvram get lan_ipaddr) -d 10.1.1.0/24 -j SNAT --to 10.1.1.2
logger Set routing to reach Modem

Code:
/tmp/home/root# ls -l /jffs/scripts/init-start
-rwxrwxrwx    1 admin    root           213 Nov  4 20:26 /jffs/scripts/init-start
 

JDB

Very Senior Member
Can you try manually running the script and see it that works (maybe it's just not being called on boot)
Code:
/jffs/scripts/init-start

If that works, try renaming it services-start, I wonder if init-start is called to early and the IP you are adding gets removed by something as part of the boot sequence. Mine is in my services-start as I have other stuff in there and no other use for init-start (so one less script to manage).
Code:
mv /jffs/scripts/init-start /jffs/scripts/services-start
And reboot again.

Failing all that can you paste the results of these commands;
Code:
nvram get wan_ifname
nvram get lan_ipaddr
ifconfig $(nvram get wan_ifname):1
 

psychbiz

Regular Contributor
Manually running script (after name change):
Code:
/tmp/home/root# sh /jffs/scripts/services-start
: not foundts/services-start: line 2:
"ptables v1.4.15: Bad IP address "10.1.1.2

and the 3 commands you said to post the results:
Code:
:/tmp/home/root# nvram get wan_ifname
eth0

[email protected]:/tmp/home/root# nvram get lan_ipaddr
192.168.50.1

[email protected]:/tmp/home/root# ifconfig $(nvram get wan_ifname):1
eth0:1    Link encap:Ethernet  HWaddr 10:7B:44:13:4D:E8
          UP BROADCAST RUNNING ALLMULTI MULTICAST  MTU:1500  Metric:1

I'm assuming I need to configure WAN to static IP and the bridged router on diff subnet as gateway here while implementing script?
 

psychbiz

Regular Contributor
Hmmm. Just rebooted router and repeated the script start and it worked!
Code:
[email protected]:/tmp/home/root# nano /jffs/scripts/services-start

Not sure why given the error in line 2 mentioned above.

Repeated the procedure, but the script did not run. Ran the script manually, it reported the error in line 2 as before and Syslog reports:
Nov 4 23:29:03 kernel: nf_conntrack: automatic helper assignment is deprecated and it will be removed soon. Use the iptables CT target to attach helpers instead.
Nov 4 23:30:56 lldpd[907]: removal request for address of 10.1.1.2%10, but no knowledge of it
Nov 4 23:30:56 admin: Set routing to reach Modem^M
 
Last edited:

JDB

Very Senior Member
No need to change any IP’s or subnets

Your example of it ‘working’ you have nano in front of it so your not running the script... or are you saying you now have access to the modem?

The error you had would suggest a syntax error in the iptables line of the script, but I can’t see it and the nvram commands are clearly working as expected.

Can you try manually running the 2 lines of the script one after another (so the ifconfig..... and then the iptables.....)


Sent from my iPhone using Tapatalk
 

psychbiz

Regular Contributor
Yes. I had access to the modem and the internet at the same time.

I ran those two line manually, but no feedback on commandline. Still have access to modem through router. Its getting too late for me to continue tonight, but am keen to follow through with why script doesn't work at boot but only manually with errors.
 

JDB

Very Senior Member
Well at least it’s basically working.

Hopefully won’t be too hard to get it to run on boot too. Mine definitely works in services-start on boot.

I’m guessing maybe it’s just not being called at all, but as far as I’m aware there’s nothing special you have to do, if a script exists (with the correct name) it is called.


Sent from my iPhone using Tapatalk
 

ColinTaylor

Part of the Furniture
Nov 4 23:30:56 admin: Set routing to reach Modem^M

You have created your script in DOS format instead of Unix format. Fix the file with the following command and it will work.
Code:
dos2unix /jffs/scripts/services-start
 

JDB

Very Senior Member
You have created your script in DOS format instead of Unix format. Fix the file with the following command and it will work.
Code:
dos2unix /jffs/scripts/services-start

Good call! I’m so Mac/Linux centric these days I forget that this happens.


Sent from my iPhone using Tapatalk
 

psychbiz

Regular Contributor
You have created your script in DOS format instead of Unix format. Fix the file with the following command and it will work.
Code:
dos2unix /jffs/scripts/services-start
Ah! I was using Windows 10 to copy and paste into nano with powershell. I dual boot and normally use linux, but happened to be in Windows. Should know better or use Notepad++.

Result: 10 second fix and it all works now after a reboot.

Good call! I’m so Mac/Linux centric these days I forget that this happens.

Its been a great learning for me and my first script in Merlin's firmware after using it for years. So thank you for the assistance.
 
Last edited:

eclp

Senior Member
You can have permanent access if use a script to assign a 2nd IP to your router WAN interface (in addition to it’s normally assigned one).

I can share it if you are interested?

I would like to take up this issue again.

With my router / modem constellation it is a little different.
The modem used has some weird features and is actually a router that now runs in modem mode. In this mode, my router (AX88U 192.168.1.1) can only be connected to LAN4 of the modem. However, the WebUI of the modem can only be reached via LAN1 and its fixed IP 169.254.2.1. Now I have connected modem and router with a second LAN cable (via LAN1). How can I now use the script to access the modem without connecting a PC to the modem via LAN1?

Any help would be greatly appreciated.

:)
 

ColinTaylor

Part of the Furniture
@eclp If for example you plug a laptop directly into the modem's LAN1 port, what IP address does the laptop have to have? Does it not matter, does it pick one up from a DHCP server running on the modem, or do you need to configure something particular on the laptop?
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top