Can't change web UI remote access port, only 80 and 443 work

PostPosted: Fri Mar 29, 2024 18:49    Post subject: Can't change web UI remote access port, only 80 and 443 work
I've got an Asus RT-AC68U (was actually a TM-AC1900) running firmware r55460. It's successfully running in repeater bridge mode - got it connected to my network and has internet connectivity through both wired and wireless via my primary Verizon FiOS router, CR1000A.

I've been messing around with it to see if I could gain remote access to the web UI just for the fun of it, not to actually set it up permanently. But for some reason, none of the ports that I entered in the Administration > Management page under Remote Access, Web UI management could provide me access to my dd-wrt router EXCEPT for ports 80 and 443.

I don't know much about networking but I've been learning a ton just trying to configure the settings to find a solution.

To describe an example for my setup, I configured my Verizon router to port forward external port 11111 to internal port 80 pointing to my dd-wrt bridge at with port 80 as the web UI management port in the dd-wrt settings, checking all the relevant boxes. With this, I can access my dd-wrt settings from outside my network at http://111.222.333.444:11111. No problems there, I can do the same with internal port 443 using HTTPS.

Any other port I select in the settings besides 80 and 443 don't work, and I know the ports can be forwarded on my Verizon router, as I've tested it on another PC. I also know the changes are actually set in the configuration, as entering the following shows the settings I input are the same:

nvram show | grep remote
nvram show | grep http_wanport

I also get similar success with SSH tunneling using the guide here under Local Port Forwarding: - I can access my dd-wrt web UI at http://localhost:12345 both within and out of my network, where I've opened port 12345 locally. Again, I can't access the web UI when I change the remote management port to anything other than 80 or 443.

When I do try the above methods with any other ports, I receive a "connection refused" error - this indicates to me that the bridge can be reached but traffic is being rejected, compared to getting timeout errors when I enter a non-forwarded port. Not sure if this means the bridge isn't listening on those other ports even when I set it up to do so, or if perhaps there's a filter blocking traffic on those ports. I have the SPI Firewall disabled, but apparently that setting doesn't matter as the router is in bridge mode anyway, and I don't think it's due to my Verizon router blocking anything as I tested it with low security settings along with the fact that I could successfully test on another device whether the ports I tried forwarding to my bridge were open.

Any thoughts or potential solutions are welcome, I'm just glad to have gotten to this point as far as getting WAN remote access is concerned - I spent a lot of time trying to figure out what I was doing wrong. One thing I can think of is that maybe the remote web UI port field is the external port for the device while port 80/443 is always listening as the internal port, and also that perhaps the firmware doesn't allow the external port to be remapped when the router isn't the primary router? I tried configuring the settings for remote access with the router in AP mode but faced the same issues - haven't tried doing so as the primary router.
