Port forwarding/Security config to access GL.iNet AXT 1800 from main network

Hi all,

I've spent the better half of last weekend to try and find a solution to my problem, felt I got close a couple of times, but never managed to get through. So with a bit of luck this won't be too tricky...

Setup: Fritzbox 7583 as primary router with a PiHole as DNS (WAN connector), GL.iNet AXT1800 as secondary router (LAN connector).

Issue:
I'd like to access the GL.iNet router from a computer in my main network, really just for convenience reasons. Don't need to access any other devices in the secondary network.

What I did:

  • Primary (FB) network: FB: 192.168.0.1 (DHCP range starts at .10) / GL: 192.168.0.2 (fixed). Secondary (GL) Ethernet: IP: 192.168.0.2, Gateway: 192.168.0.1, DNS: 192.168.0.10 (PiHole), DCHP: on. Router IP address (GL): 192.168.1.1
  • Configured a static IPv4 route in my FB: Network: 192.168.1.0, Subnetmask: 255.255.255.0, Gateway: 192.168.0.2

What's missing (I believe): It seems the right firewall settings need to be set up with the GL router for me to get access from the 192.168.0.0 network. Unfortunately, all guides I found were still referring to the old software <4.6 where the firewall setting was still available. This is now split between System > Security and Network > Port Forwarding as far as I understand and I didn't manage to replicate the Firewall configurations from older posts.

(Side note: I don't want to access the GL from outside, traffic is only supposed to go out)

Any thought what needs to be done?

Thanks a lot!

Check the routing (your FB must know about the 192.168.1.x network via 192.168.0.2) and enable remote HTTPS access to access your GL using the WAN port. There is no port forwarding involved.

Thanks for your response. I've configured a static route as per the second bullet point above. Is that what you mean with routing and FB knowing about the second network? I couldn't find an option to enable remote HTTPS.

If I look at this and this topic (you were able to help with both) - it seems I'm having the exact same issue. Only that in the new 4.6 software the presented solution can't be applied anymore (in the same way).

To close this one out - it now works and indeed enabling remote HTTPS accesss does the trick:

For whatever reason, I still couldn't connect initially (network timeout). When entering the GL's IP in the main network (192.168.0.2) I got a network timeout. Only after I allowed "remote access only from specific IPs" (entering 192.168.0.1, i.e. my main router's IP), my antivirus protection suddenly jumped in, blocking a potentially malicious link. After allowing access it finally worked, even without "remote access only from specific IPs". Not sure if this was just a coincidence and my antivirus software was the problem all along or whether this was a required workaround.

Anyways, case closed. Thanks!