What's new

Smart RG SR515AC Router: Port 80 redirects to router admin

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

ray

Regular Contributor
Hi all, I'm desperate! I've googled, searched reddit, searched my ISP's forum (Sonic in Berkeley) and can't find a solution. Hoping this isn't as unique as it sounds and there's a solution.

I have a my-domain.net hosted on my NAS. I've done all the reverse-proxying and I know for sure everything works.

However, when I try to access my-domain.net while connected to the home network, the router keeps trying to redirect back to its admin page and times out.

When I access my-domain.net from outside the home network, eg. on my phone's cell network, it works fine!

There's some setting in the router that's intercepting Port 80 and 443 traffic and redirecting it to its admin page.

Anyone who's come across this have a possible fix? TIA!
 
There are several ways to solve this problem.

The most straightforward is "hairpin NAT" aka. "NAT Loopback". Your router or third-party firmware for the router needs to explicitly support this feature. It requires the router to have the same Internet IP as the Internet machine hostname, i.e. it will likely fail for routers that are not bridged.

The main alternatives involve fiddling with internal DNS queries, known as "split DNS". One way this can be achieved is by using your router for DNS and creating a static DNS entry that serves the internal IP of the web server directly, or you run a separate DNS server that does the same. Another way would be to change all the relevant clients "host" files to contain this internal IP for the web server name - obviously this option is manual and intensive, but good for testing that there is no other problem to overcome than just the correct IP resolution.

Asus routers running Merlin firmware support both the main options above.
 
There are several ways to solve this problem.

The most straightforward is "hairpin NAT" aka. "NAT Loopback". Your router or third-party firmware for the router needs to explicitly support this feature. It requires the router to have the same Internet IP as the Internet machine hostname, i.e. it will likely fail for routers that are not bridged.

The main alternatives involve fiddling with internal DNS queries, known as "split DNS". One way this can be achieved is by using your router for DNS and creating a static DNS entry that serves the internal IP of the web server directly, or you run a separate DNS server that does the same. Another way would be to change all the relevant clients "host" files to contain this internal IP for the web server name - obviously this option is manual and intensive, but good for testing that there is no other problem to overcome than just the correct IP resolution.

Asus routers running Merlin firmware support both the main options above.

Thank you so much for your response.

I just tried the static DNS entry you suggested and it worked!

I'm beginning to think there is a bug in this router's firmware.

Under "Access Control", there's a setting for HTTP(S) WAN which is disabled and uses port 80 by default.

After I set up my own port 80 forward, I noticed Access Control for WAN was automatically changed to port 8080. So the router is acknowledging my own port forward. And all this while WAN access is disabled.

Yet the router continued to hijack the port 80 activity.

Anyway your static DNS suggestion worked.
 
Thank you so much for your response.

I just tried the static DNS entry you suggested and it worked!

I'm beginning to think there is a bug in this router's firmware.

Under "Access Control", there's a setting for HTTP(S) WAN which is disabled and uses port 80 by default.

After I set up my own port 80 forward, I noticed Access Control for WAN was automatically changed to port 8080. So the router is acknowledging my own port forward. And all this while WAN access is disabled.

Yet the router continued to hijack the port 80 activity.

Anyway your static DNS suggestion worked.

If you keep getting bugs and glitches from your router, I would consider doing a full reset to it. Just a thought.
 
I spoke too soon. The static DNS entry only worked when I was hardwired to the router.

The problem persist when I'm back on wifi!

BTW when I try to access the router with 192.168.1.1, I'm blocked:

Code:
Forbidden

You don't have permission to access /prime-home/control-panel/login on this server.
Apache/2.2.29 (Amazon) Server at smartrg.sonic.net Port 443

The admin page needs to be access with 192.168.1.1/admin.

Does that have anything to do with my problem?
 
If you keep getting bugs and glitches from your router, I would consider doing a full reset to it. Just a thought.

Yeah I've done the reset about 4 times now trying to figure out this router.
 
Is there a setting that blocks access from WiFi?

Are you sure you're connected to WiFi and not 3/4G?

Is it time to do a full network 'sanitize'?
 
Is there a setting that blocks access from WiFi?

Are you sure you're connected to WiFi and not 3/4G?

Is it time to do a full network 'sanitize'?

I haven't come across a setting that blocks access from WiFi, can you suggest the language to look out for?

By 3/4G you mean cellular data? I'm definitely on WiFi since I'm on my laptop. However, I've confirmed my-domain.net is reachable and works on cellular data—it's when I'm on the internal network that this doesn't work.

The router has this Access Control page:

Screenshot%202019-03-16%2011.32.02.png


WAN was always disabled by default. However, by default, that port was set to 80. After I set up my own port forward, the router automatically changed it to 8080—so it acknowledges that I'm using port 80 yet it continues to hijack it.

This is my port forward:

Screenshot%202019-03-16%2011.48.11.png


Can you clarify what you mean by "sanitize"?
 
Last edited:
BTW when I try to access the router with 192.168.1.1, I'm blocked:

Code:
Forbidden

You don't have permission to access /prime-home/control-panel/login on this server.
Apache/2.2.29 (Amazon) Server at smartrg.sonic.net Port 443

The admin page needs to be access with 192.168.1.1/admin.

Just to expand on this, when I enter 192.168.1.1 into the browser, it resolves to

Code:
https://smartrg.sonic.net/prime-home/control-panel/login?device=3C9066:3C90667EEA30

and serves up that Forbidden error.
 
I haven't come across a setting that blocks access from WiFi, can you suggest the language to look out for?

By 3/4G you mean cellular data? I'm definitely on WiFi since I'm on my laptop. However, I've confirmed my-domain.net is reachable and works on cellular data—it's when I'm on the internal network that this doesn't work.

The router has this Access Control page:

Screenshot%202019-03-16%2011.32.02.png


WAN was always disabled by default. However, by default, that port was set to 80. After I set up my own port forward, the router automatically changed it to 8080—so it acknowledges that I'm using port 80 yet it continues to hijack it.

This is my port forward:

Screenshot%202019-03-16%2011.48.11.png


Can you clarify what you mean by "sanitize"?


Look here for what I'm thinking that might block the UI over WiFi.

https://www.snbforums.com/threads/turn-off-admin-panel-for-wifi.22481/

Does http://192.168.1.1 or https://192.168.1.1 make a difference on your laptop?

Can you use the same laptop wired and see it work?

See the Sanitize Network link in my signature for further info.
 
Look here for what I'm thinking that might block the UI over WiFi.

https://www.snbforums.com/threads/turn-off-admin-panel-for-wifi.22481/

There is this panel in my router admin that seems to offer what that thread discusses:

Screenshot%202019-03-16%2012.09.31.png



Does http://192.168.1.1 or https://192.168.1.1 make a difference on your laptop?

http://192.168.1.1 resolves to https://smartrg.sonic.net/prime-home/control-panel/login?device=3C9066:3C90667EEA30 and gives me the Forbidden error.

https://192.168.1.1, the browser tries to perform a TLS handshake and eventually times out.

Can you use the same laptop wired and see it work?
Yes, with the static DNS entry (my-domain.net -> 192.168.1.252) and laptop wired to router, it worked.
 
Last edited:
Maybe leave it for a day or two and then proceed to fully sanitize your network in a last attempt to make this work as you expect?

I am not familiar with this router, but it seems worth doing the above to give it the best shot of working properly for you.
 
  • Like
Reactions: ray
Thank you very much for the assist, I'm thankful I didn't have to troubleshoot alone!

I wish I was still on my trusty RT-N66U with Merlin but it couldn't handle the gigabit connection optimally when I tried it :(
 
Thank you very much for the assist, I'm thankful I didn't have to troubleshoot alone!

I wish I was still on my trusty RT-N66U with Merlin but it couldn't handle the gigabit connection optimally when I tried it :(

You're welcome. Hope we get this fixed for you.

The RT-N66U was great in its day, today a single core 600MHz CPU is just not enough to power our network expectations with their greatly updated capabilities and demands we place on them.
 
Which Asus router do you think is a good replacement for it? I've been so out of the loop relying on the n66u!
 
Which Asus router do you think is a good replacement for it? I've been so out of the loop relying on the n66u!

The RT-AC3100 has been great for customers and me for a few years now. However, I too am looking for a replacement to properly handle a Gbps ISP connection.

The best candidate so far is the RT-AC86U. I hope to be picking one up myself in the next few weeks.
 
  • Like
Reactions: ray
I've had my eye on the AC86U for a while but I'll check out the AC3100! Thank you again!!
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top