Skip to main content
Start a Conversation

Unsolved

redxps630

11 Legend

 • 

15.7K Posts

 • 

80.9K Points

23

May 25th, 2026 20:43

remote log in internal router behind main router

internal router is wired to main router/modem from ISP.  the main router is more modern but ISP severely limits user control of it, unlike major router companies such as TP-Link, Netgear, Belkin.

why do I want to do this?  for one application for example if I need to control the router setting remotely.  some of the older security camera works only on internal router network, not when connected to main router for example and etc.  it is an excuse to dive into networking protocol which is always a headache to practice.

read quite a bit how to remotely access log in site of internal router.  quite a learning curve not only in theory but practice.

by default the internal routers have remote management disabled.  therefore need physical access to internal router at least once by connecting to it by ethernet cable or its Wi-Fi, establish connection to it, log in locally to enable remote management (which is more safely done for a single remote IP address that will be used later).

then open ISP main router website to set up Port Forwarding.  In this case set up both external and internal port to 8443.  I found this works.  no need to read more and get more headache on other port options such as 80 or 8080 etc.

use port checker site to test.  I found out 8443 port from a single selected IP address is OPEN.  This was encouraging after long period of hitting walls.  (no need to port forward on internal router now as I am not trying to access a device connected to internal router atp)

to access the router remotely, use https://WAN IP address:8443

but when try to use https://WANIPaddress:8443, on Dell desktop pc Windows 11, keep on getting error: can not establish a secure connection.  this is on MS Edge and also iPhone Safari.  I do not think modern Chrome or Firefox would work either.  in fact tried firefox on another old pc, no luck.  basically the security protocol to access the internal router is dated 2010, around the time the dual band router was released, which is simply too old to be acceptable by modern browsers.

so I am stuck.  a good open port yes but no good way to access it.  internet suggested using Internet Explorer and added the site address to insecure content allowed list.  still no luck.

finally I went to an older PC dated 2010 using original old safari from dates of High Sierra.  That works.   I can see the log in page of internal router over the internet. Fantastic solution.

Recap: must enable remote management of internal router via local connection once.  This will allow Port to be open when you use port checker to check it.  It is quite responsive like an ON OFF switch.  Port forwarding on main router alone does not open the port.  

good to use 8443 as external/internal ports of port forwarding of main router

good to use older pc older browser (2010 contemporary of router) to access the internal router remotely over the internet.  can set up to allow single IP address only access this.  

 

redxps630

11 Legend

 • 

15.7K Posts

 • 

80.9K Points

May 25th, 2026 20:55

I found out incidentally the router website from ISP updates with significant latency.  sometimes the internal router address shows up as local IP 0.0.0.0 (which is in holding place) and does not update for a long time on website.  this is perhaps a known issue with network.  it simply does not update as fast as one wish.

to fix the internal router at a constant IP address with the main router using DHCP (which I can not change unless I asked the ISP to request bridge mode, something I do not want to do as there are other devices directly on ISP modem wi-fi), I found out if I let DHCP Iocal IP address start and stop at same address, basically allowing only one address. it would fix it.

the disadvantage of that is no other device can connect to main router.  

on the other hand, most of the time DHCP configures same local ip address for frequently or constantly present devices. so it is not a big problem.  while it is called dynamic, it is usually quite static.  The only time I see it dynamic is when I manually set it to allow ip address in a very narrow range, then it really tries hard to find an open address to assign to internal router for example.

redxps630

11 Legend

 • 

15.7K Posts

 • 

80.9K Points

May 26th, 2026 03:06

Router vs. Access Point: A router acts as a dispatcher, connecting your network to the broader internet. An access point is simply an extension cord for your Wi-Fi, turning a wired internet connection into a wireless one in areas where the router's signal can't reach.

jason533

1 Rookie

 • 

3 Posts

 • 

11 Points

May 26th, 2026 06:43

Based on the forum post, the user successfully gained remote access by enabling Remote Management on the internal router via a local connection, setting up Port Forwarding (using port 8443) on the main ISP router, and restricting access to a single trusted IP address for safety.

However, because older routers use legacy security protocols that modern browsers (like Chrome or Edge) reject with connection errors, the actual workaround to log in was using a contemporary, older PC and browser (such as a 2010 Mac running an older version of Safari) that still accepts the dated security certificates. Additionally, to keep the internal router's IP address from shifting, the user locked down the main router's DHCP pool to only permit that single IP address.

redxps630

11 Legend

 • 

15.7K Posts

 • 

80.9K Points

May 26th, 2026 11:51

Not dhcp but remote management rule: only one remote ip

tried on another older router. Cannot reproduce success atp.

Tesla1856

10 Wizard

 • 

17.6K Posts

 • 

70.4K Points

May 26th, 2026 20:55

@redxps630

1. to fix the internal router at a constant IP address with the main router using DHCP (which I can not change unless I asked the ISP to request bridge mode,

2. something I do not want to do as there are other devices directly on ISP modem wi-fi),

1. Yes, Bridge-Mode your Residential Gateway so it turns-into "Just a Modem" and then you will have full control at your own Router.

Or, just tell them you don't want a Residential Gateway (Modem and Router combo unit) and you want a "plain modem". That's what Spectrum provides to me (for free).

2. You would just put those devices on your personal router's WiFi.

One other thing as I read all this ... you should be able to access your internal gear (on safe side of router) without any additional port-forwards or pin-holes. This is all on your-side of firewall.

(edited)

redxps630

11 Legend

 • 

15.7K Posts

 • 

80.9K Points

May 26th, 2026 22:20

I used to have pure modem from isp and connect w personal router but these relatively recent gateway work well plus I can change password remotely and monitor devices connected, not complete junk.  My position now is don’t fix it when it works so far. My personal router is far older than the built in router of isp gateway (a new word).

having said that isp router is user unfriendly. Desktop and mobile version of WiFi have different features that are not mutually inclusive and mobile app gets a much faster response than desktop ver.  I can restart router only on mobile not when log in desktop.  maybe there is a desktop ISP app I have not yet found.  btw this app vs direct internet log in access is confusing.

my new question now is how come remote access using https://WAN address:port number needs an ancient security protocol tolerant old browser while the the link itself does not say the age of equipment at all.  How do ppl remotely control modern router?  I am guessing it needs an account log in.  If that is true, the old direct link access is out of fashion and rejected by browser on modern pc and mobile phone.  I might need to use an old retired iPhone 5 of 2010 era to test remote access.  This also shows a seemingly very outdated hardware like old iMac or phone may still be handy for old fashioned communication sort of like old nuclear bunker running on analog communication in doom days when modern digital AI are wiped out

(edited)

Tesla1856

10 Wizard

 • 

17.6K Posts

 • 

70.4K Points

May 27th, 2026 00:25

@redxps630​ ,

 

1. my new question now is how come remote access using https://WAN address:port number needs an ancient security protocol tolerant old browser while the the link itself does not say the age of equipment at all.  

2. How do ppl remotely control modern router?  I am guessing it needs an account log in.  If that is true, the old direct link access is out of fashion and rejected by browser on modern pc and mobile phone.  

3. I might need to use an old retired iPhone 5 of 2010 era to test remote access.  This also shows a seemingly very outdated hardware like old iMac or phone may still be handy for old fashioned communication sort of like old nuclear bunker running on analog communication in doom days when modern digital AI are wiped out

1. Unknown.

2. The usual way, but I've never remote-managed a network with 2 routers.

One thing I did once (after seeing the anonymous hammering in the router logs) was to keep remote-management turned off. If I had to, we would coordinate a TeamViewer/AnyDesk session with staff and I could admin Router from their desktop with local-IP and strong-password.

Also, it was on the other side of town, so I could just drive over there. But changing router-settings? ... hardly ever a need. Routers and Access-Points ran for years un-touched. 

Now-days, small networks can be cloud-admin like TP-Link Omada. Now there is some cool Remote Management. I figure companies like Ubiquiti have similar now. 

3. Prepping is fine, but if it gets this bad then I think you will have other priorities. 

(edited)

Was this post helpful?

View All

No Events found!

Top