Previous Thread
I haven't seen this problem, but for troubleshooting I'd connect a usb drive so you can store some debug info. Do the reset configure the router until your internet connection works,then login to the router via ssh and run:
nvram show > /jffs/nvrambefore_reboot.txt
iptables -L /jffs/iptablebefore_reboot.txt
then reboot:
nvram show > /jffs/nvramafter_reboot.txt
iptables -L /jffs/iptableafter_reboot.txt
If you had a drive connected all the time, then make sure these problems don't come from any script located on the drive.
P.S. I use SSH-RSA keys my self and this works with WINSCP, Putty, SSH Client, but If you created the key with puttygen, then you need to export it correctly to be usable with linux ssh clients
HI all
I have tested dd-wrt build 15758-vpn-kong and I have seen som trouble/bug/my fult, don't know. ASUS RT-N16
When I have config all BY HAND and do a rebot router then I don't have wan-access from lan-side, but I can se IP up in right corner of webgui. Only way to fix that is that I have to setup all by hand again and don't rebot router.
This build seems faster then 15778-mega, I want to use it.
Se more explain and pictures here: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=84358
@Kong have you seen this before? same with 15778-mega build. 
btw: SSHd, WinScp with RSA-key doesen't seems to work, but from putty.
Best Regards
kt_haddock
Member
- member since: 02/28/2010
- rank: 5 of 28504
- 1 articles authored
- 27 forum threads started
- 1023 comments
December 18, 2010 2:06 PM
December 19, 2010 4:08 AM
updated: December 19, 2010 4:22 AM
HI kong
I have tested with 15758-vpn build. I don't get your test with usb memory to work.
I have by hand put all settings and where all went wrong is when I put my firewall
rules to wan-ftp access, admin-comands, with security "limit 3/minute --limit-burst 3"
after that do a rebot router. In this point I have no lan-connection but I can
ping ex:google.com from win7 cmd. From SSHd putty is tried this: iptables -vnL|more
and I can't find all bunch of rules there.
I don't have any script located on the drive only using USB-drive to ftp and samba.
WinScp are working, needed to make new connection.
Seems that wlo.1 are not working can't se any ssid and can't connect, using it to my android.
Best Regards
kt_haddock
Member
- member since: 02/28/2010
- rank: 5 of 28504
- 1 articles authored
- 27 forum threads started
- 1023 comments
December 19, 2010 5:51 AM
Yes those firewal rules don't look good, this either comes from a broken rule or some iptable deletion.
December 19, 2010 7:12 AM
HI
I have only set:
Local-ip to 192.168.2.1 and GW to 192.168.2.1 Netmask to: 255.255.255.0
The only rule in my set up is FTP wan access with protection.
wanf=`nvram get wan_iface`
iptables -I INPUT 2 -i $wanf -p tcp --dport 21 -j logdrop
iptables -I INPUT 2 -i $wanf -p tcp -m state --state NEW --dport 21 -m limit --limit 3/minute --limit-burst 3 -j logaccept
When this happend I can se a huge cpu load ~3.0 and It take awhile to complet.
All other are web-gui setted configs. I don't using otrw!
Best Regards
kt_haddock
Member
- member since: 02/28/2010
- rank: 5 of 28504
- 1 articles authored
- 27 forum threads started
- 1023 comments
December 19, 2010 6:32 PM
And you added this rule by pressing "Save Firewall"?
What output do you get when you run command:
nvram show | grep rc_
December 20, 2010 7:16 AM
updated: December 20, 2010 7:47 AM
Hi
When I save rules i use to use "run comand" and then save "save firewall" but I think I only need "save fire wall". I have tested with 15778-mega.
Out put from: nvram show | grep rc_
root@NOD-E36-01:~# nvram show | grep rc_
rc_startup=
rc_firewall=wanf=`nvram get wan_iface`
size: 28350 bytes (4418 left)
rc_shutdown=
rc_custom=
rc_startup=
rc_firewall=wanf=`nvram get wan_iface`
size: 28540 bytes (4228 left)
rc_shutdown=
rc_custom=
I have realy fiddling around with this and I't sems that PPTP-server is our guilty guy.
When It's configured and on then this problem occur. Turning pptp off then function is back.
I know Sash have done alot of work when he implemented web-gui to Openvpn.
So wat can we do next?
I have more result in a txt file but I don't want to show it here, I cand send you that.
Best Regards
kt_haddock
Member
- member since: 02/28/2010
- rank: 5 of 28504
- 1 articles authored
- 27 forum threads started
- 1023 comments
December 20, 2010 8:16 AM
Okay PPPTP has been updated recently as well as openvpn. You can send me a private message(pm).
I think it would be helpfule to see the contents of /tmp/.ipt before and after activating pptp. This should contain the faulty rule.
December 21, 2010 12:42 PM
updated: December 22, 2010 6:09 AM
Hi
Now I have tested 15778-mega and have some TXT files from /tmp/.ipt
I have done alot more testing and I'm just now running it with no problem, 15943-mega
turned web gui off. Either http(s) are working. Haven't tried SSH and Telnet-admin.
PPTP-server is working only from LAN-side, seems that when I turn "Web GUI Administration" all trouble starts. I have tested 15943-mega and same behavior there.
------ DIR-655
|
[ISP] => swithch gs105 -|
|
------ Asus RT-N16
@Kong do you have Skype or email så I can send my txt files, 6st of them ?
Skype=kt_haddock
Best regards
kt_haddock
December 23, 2010 4:02 AM
updated: December 25, 2010 4:07 AM
Isn't this problem ?
iptables -t nat -A POSTROUTING -s 192.168.2.0/255.255.255.0 -d 192.168.2.0/255.255.255.0 -o br0 -j MASQUERADE
Edit: In my win7, network I can se alot of other computers and aswell mine, in workgroup and they are assign to my wifi network. In Upnp I can also se klients assign to my wan ip range, not mine but in same range.
This is realy stange and someone must have seen this behavior. Pics on FTP
Merry X-mas to you all !
Loop back ?
regards
kt_haddock
December 26, 2010 6:31 AM
updated: December 27, 2010 5:05 AM
@Kong Seems that I have found the bug/feature ! :)
Is't suppose to be trouble when I set GW same as LAN-IP
I have removed it and I have to see if it remains.
I have done MORE testing and when I use IP-192.168.1.1 Mask-255.255.255.0 GW-192.168.1.1
instead of IP-192.168.2.1 Mask-255.255.255.0 Gw-192.168.2.1
all thing seems to work.
December 31, 2010 4:14 AM
updated: January 5, 2011 8:16 AM
HI
@Kong
This happend again, when I reboot router, no internet to LAN-side.
It dosen't help to remove GW-IP from Network Setup. I can se this in tmp/ipk.
-A PREROUTING -i vlan2 -p tcp -m tcp -d ***.**.120.53 --dport 37678 -j DNAT --to-destination 192.168.1.165:37678
-A PREROUTING -i vlan2 -p udp -m udp -d ***.***.120.53 --dport 37678 -j DNAT --to-destination 192.168.1.165:37678
-A FORWARD -p tcp -m tcp -d 192.168.1.165 --dport 37678 -j ACCEPT
-A FORWARD -p udp -m udp -d 192.168.1.165 --dport 37678 -j ACCEPT
I don't have any assign to 192.168.1.165 and I have my IP-range to 192.168.2.1
All thing went good if I don't Rebot after config only use save and apply settings. In new install I have to put all my iptables in commands and apply setting then it seems to work as it should. Using this iptables:
wanf=`get_wanface`
iptables -I INPUT 2 -i $wanf -p udp --dport 68 -j logaccept
iptables -I INPUT 2 -i $wanf -p tcp --dport 21 -j logdrop
iptables -I INPUT 2 -i $wanf -p tcp -m state --state NEW --dport 21 -m limit --limit 3/minute --limit-burst 3 -j logaccept
iptables -t nat -A POSTROUTING -o br0 -s 192.168.2.0/24 -d 192.168.2.0/24 -j MASQUERADE
So the conclusion is, don't use "reboot router" after you have configur router.
Regards
kt_haddock
@Happy new year !
January 4, 2011 8:43 AM
@Kong
Do you have this rule in your temp/ipt ?
-A POSTROUTING -o br0 -s 192.168.1.0/24 -d 192.168.1.0/24 -j MASQUERADE
January 6, 2011 11:54 AM
updated: January 6, 2011 5:25 PM
@Kong
Okey It seems all trouble I get with this FW comes from a faulty rule.
I have Static Leases to my printer and regarding DD-WRT wiki says that
Static DHCP should be used in conjuction with Port Forwarding. So I forwarded port 0 to 0 to my static lan printer ip. When I removed that all seems to work, cross my fingers. Well I let the future tells if it's right.
Regards
kt_haddock
Add Your Reply
Sponsored Links
Copyright © 2012
Capable Networks LLC.. All Rights Reserved.
RSS |
Privacy Policy |
Advertise With Us |
Terms of Use |
About Us |
Contact Us |
Site Map
Our Capable Community Network:
DVR playground |
Explore3DTV |
MediaSmart Home |
MotoDash |
My Open Router |
Pogoplugged |
DijitCommunity |
Robo Community |
Sansa Community |
TechLore |
TiVo Community |
TouchSmartDevZone
MyOpenRouter.com is not affiliated with NETGEAR®. NETGEAR is a registered trademark of NETGEAR, Inc. in the United States and/or other countries. Other brand names mentioned herein are for identification purposes only and may be trademarks of their respective holder(s). © 2011 NETGEAR, Inc. All rights reserved.
