After about a week or two of running (WRT54GS), my router will suddenly decide to stop forwarding incoming connection requests. The only way I can get it to accept connections again is to reboot (bringing the firewall down and then up again doesn't work).
My firewall rules (it's all the standard rules. I've only added the forwarding rules using webIF):
# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
DROP all -- anywhere anywhere state INVALID
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
DROP tcp -- anywhere anywhere tcp option=!2 flags:SYN/SYN
input_rule all -- anywhere anywhere
input_wan all -- anywhere anywhere
LAN_ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT gre -- anywhere anywhere
REJECT tcp -- anywhere anywhere reject-with tcp-reset
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain FORWARD (policy DROP)
target prot opt source destination
DROP all -- anywhere anywhere state INVALID
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
forwarding_rule all -- anywhere anywhere
forwarding_wan all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy DROP)
target prot opt source destination
DROP all -- anywhere anywhere state INVALID
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
output_rule all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
REJECT tcp -- anywhere anywhere reject-with tcp-reset
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain LAN_ACCEPT (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain forwarding_rule (1 references)
target prot opt source destination
Chain forwarding_wan (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere 192.168.0.10 tcp dpt:22
ACCEPT udp -- anywhere 192.168.0.10 udp dpt:22
ACCEPT tcp -- anywhere 192.168.0.10 tcp dpt:8440
ACCEPT udp -- anywhere 192.168.0.10 udp dpt:8440
ACCEPT tcp -- anywhere 192.168.0.10 tcp dpt:80
ACCEPT udp -- anywhere 192.168.0.10 udp dpt:80
ACCEPT tcp -- anywhere 192.168.0.10 tcp dpt:80
ACCEPT udp -- anywhere 192.168.0.10 udp dpt:80
ACCEPT tcp -- anywhere 192.168.0.10
ACCEPT udp -- anywhere 192.168.0.10
ACCEPT tcp -- anywhere 192.168.0.10 tcp dpt:2112
ACCEPT udp -- anywhere 192.168.0.10 udp dpt:2112
Chain input_rule (1 references)
target prot opt source destination
Chain input_wan (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:22
Chain output_rule (1 references)
target prot opt source destinationThere's a bit of oddness going on, because WebIF shows port 2222 being forwarded to 192.168.0.10:22 (and it works), but iptables doesn't show that. It also doesn't show the range 14933-14944, which is also forwarded.
Basically everything works until about a week and a half later, when all port forwarding stops except for port 22, which connects to the router proper (so at least I can ssh into the router and reboot it that way).
Any ideas on this?