Access BR1 webui over speedfusion 'nat mode' IP address

Jake_W · March 20, 2023, 11:05pm

Let’s say I have a FusionHub with a SpeedFusion tunnel to a BR1. The FusionHub is setup in NAT mode to give an IP address in the 10.248.4.0/24 range to the SpeedFusion clients.

The BR1 receives an IP address successfully (let’s say 10.248.4.9).

The FusionHub can ping 10.248.4.9 successfully. Another device on the same ‘LAN’ (actually WAN) as the FusionHub can also ping 10.248.4.9. So far so good.

If I try and go to 10.248.4.9 in a browser, I hoped to get the webUI login page. However, I don’t.

On the settings for the WebUI access controls, it doesn’t look like it’s possible to enable the WebUI for the NAT mode SpeedFusion address.

Is there a workaround to enable this?

Jake_W · March 20, 2023, 11:52pm

So kind of answering my own question here. Turns out I had my routing wrong hence why it wasn’t working before.

The behaviour seems to be:

If you have WebUI access set to ‘LAN Only’ you will get a 404 error from Nginx when trying to go to the SpeedFusion NAT mode IP.

If you set it to LAN/WAN, you cannot select the SpeedFusion Tunnel as the interface to listen on:

However, this doesn’t seem to matter, as enabling any of these interfaces will fix the 404 error above. This is not ideal from a security perspective unless you have a public interface that you don’t use.

Is there any way of enabling the WebUI just for the SpeedFusion tunnel IP and none of the actual public interfaces?

Edit: turns out you can do some jiggery pokery with port forwarding rules. This seems to work even if the WebUI is limited to LAN only:

192.168.50.1/24 is the local LAN subnet on the BR1.