Make webinterface from Huawei E3372 accessible



  • I've connected a Huawei E3372 4G stick to my pfSense Firewall for emergencies when my regular internet connection is not working. After an usb_modeswitch the usb stick appears as usb network interface and can be used in pfSense. But the problem ist that I didn't find a way to redirect the webinterface from the usb stick. (http://192.168.8.1/html/home.html) I need the webinterface to set the PIN code and read the SMS etc.

    I've tried adding the website in HAProxy as a Backend and tried various health check settings, but the website was always reported as down. So I tried if the website is accessible using curl and that worked. (http://192.168.8.1 returns )

    I've also tried to forward a port using NAT to the IP 192.168.8.1 with various settings but that also didn't work. (In the packet filter log I also found no logs that something was blocked)

    Is there something else that blocks the connection from the HAProxy process or the NAT rule to this interface or what could be the problem here?



  • In haproxy, have you tried the 'basic' health-check? When using the 'http' health-check what does the stats LastChk report? Have you set method, version and Host header.? https://github.com/PiBa-NL/pfsense-haproxy-package-doc/wiki/haproxy_troubleshooting



  • Or make sure outbound-nat is natting traffic to the pfSense ip on that 192.168.8.X interface.



  • @PiBa:

    Or make sure outbound-nat is natting traffic to the pfSense ip on that 192.168.8.X interface.

    Basic check in HAProxy is ok, but HTTP returns error "Layer 7 invalid response". (I tried with options, head and get)
    The outbound rules are generated automatically, but I also tried to add a rule for 127.0.0.1. That also didn't work.
    The only packets that are blocked are the UPNP packets that are sent from the Huawei stick.

    What else could be the problem?



  • When having it set to 'basic' it does work as intended?

    With 'http' is more than invalid response? Some code going with it?
    Tried setting the version&host header?

    Regarding outbound-nat, haproxy would probably not be needed if using that, but make sure that traffic to the modem is natted with the proper 192.168.8.x pfsense-ip, check with tcpdump on console/ssh what source ip is being send in the request from a client, and add manual rules if needed going for a hybrid setup instead of automatic only.



  • @PiBa:

    When having it set to 'basic' it does work as intended?

    With 'http' is more than invalid response? Some code going with it?
    Tried setting the version&host header?

    Regarding outbound-nat, haproxy would probably not be needed if using that, but make sure that traffic to the modem is natted with the proper 192.168.8.x pfsense-ip, check with tcpdump on console/ssh what source ip is being send in the request from a client, and add manual rules if needed going for a hybrid setup instead of automatic only.

    I did some more tests. I've attached the usb stick to my computer and tested the website with the Chrome "Advanced rest client" and I also got a lot of timeouts. The problem also seams to appear when using two separate browsers. The first time it worked on both browsers, but after a few refreshes the browser also got a timeout. Any ideas what could be the problem? I think the webserver only allows a limited amout of connections.



  • So without pfsense and without haproxy it still doesn't work properly.. I'm not sure what i could tell, i have not used the Huawei E3372 myself. If the 'webserver' on it is buggy then pfsense and haproxy wont 'fix' it. Well in haproxy you could set a maximum number of simultaneous connections on the server, but i doubt that will help you much if its working pretty badly as i understand.?.
    Still good to know that at least some problems are originating in the usb stick itself though.. That means we dont have to troubleshoot why it has (some) problems as well when accessed through pfsense/haproxy..

    Regarding accessing the webpage on the stick through pfSense / HAProxy, if that is still of interest to you, please do test/answer the points mentioned in my previous reply.



  • @PiBa:

    So without pfsense and without haproxy it still doesn't work properly.. I'm not sure what i could tell, i have not used the Huawei E3372 myself. If the 'webserver' on it is buggy then pfsense and haproxy wont 'fix' it. Well in haproxy you could set a maximum number of simultaneous connections on the server, but i doubt that will help you much if its working pretty badly as i understand.?.
    Still good to know that at least some problems are originating in the usb stick itself though.. That means we dont have to troubleshoot why it has (some) problems as well when accessed through pfsense/haproxy..

    Regarding accessing the webpage on the stick through pfSense / HAProxy, if that is still of interest to you, please do test/answer the points mentioned in my previous reply.

    I now found a much simpler solution to access the webinterface. I can simply access the webinterface from any computer using this URL:  http://192.168.8.1/html/home.html
    Because pfSense is the default gateway and routes the traffic I can simply access the webinterface this way.