The home-router web UI is only accessible from the internal network, not from the outside world. This is to prevent the evil outsiders from try to break it, or break into it.

But sometimes I need to access it remotely. This is a multi-stage process involving multiple ssh port forwards, and some DNS and HTTP-client trickery.

Port forwarding

This needs a PC on the remote network (local to the router) and a server that is world-visible.

  • ssh into a PC on the remote network, then set up a local port-forward from a local port to the router

      remote-pc:~$ ssh -N -L 8123:192.168.1.1:80 stephen@localhost

  • ssh into the same remote PC, then set up a remote port-forward from the world-visible server to the

      remote-pc:~$ ssh -N -R 8124:localhost:8123 stephen@world.visible.server

  • from the local workstation, set up a local port-forward to the world-visible server

      local-pc:~$ ssh -N -L 8125:localhost:8124 stephen@world.visible.server

You can now use an HTTP client to connect to the local port (localhost:8125) and this is forwarded to the very remote router (192.168.1.1:80 on the remote network).

However, there is still a bit of HTTP trickery to do. The HTTP request include a header ‘Host:’. If the remote host (the router) is doing its job, it will verify that this hostname is correct. Normally, the HTTP client uses the hostname from the URL (localhost) as the ‘Host’ header.

In this case, the remote router accepts either the name configured in one of its settings, or one of its own IP address. In either case, either of those name does not resolve to the correct location.

If using curl, you can use the ‘-H’ option to set the hostname

curl -H 'Host: 192.168.1.1' http://localhost:8125

Using firefox, however, this is more tricky. You need an extension such as ‘Modify Header Value’ to change the header on a per-URL basis. I found it best to do the following:

  • add a new host-name to IP mapping to /etc/hosts, something like

      127.0.0.1    remote-router

  • add a new header modification to the firefox extension, something like

      remote-router  modify    'Host'   192.168.1.1