Topic: Update on Linksys WRT1900AC support

The content of this topic has been archived between 16 Sep 2014 and 7 May 2018. Unfortunately there are posts – most likely complete pages – missing.

Page 47 of 598

Post #1151

carlos.quiron

12 Oct 2014, 05:57

Chadster766 wrote:

LIVADITISD wrote:
could you possibly help us step by step to do this
jow wrote:
You cannot copy those blocks to custom rules as custom rules are meant for raw iptables commands. Paste those blocks into /etc/config/firewall using ssh
I recommend upgrading to OpenWRT McWRT v1.0.5 because it includes many core package updates that are used for this.

This is great news. Installing 1.0.5...
Thanks again for everyone who work on that project.

Post #1152

skdubg

12 Oct 2014, 06:22

thanks for release 1.0.5

good luck, dev team

Post #1153

mmilburn

12 Oct 2014, 06:29

Notes from the dev meeting: https://github.com/Chadster766/McWRT/wiki/Dev-Meeting
Useful if you want to know the state of affairs for drivers.

If you have the slightest interest in doing any dev work DIG IN. We can get you up to speed.

To reiterate: there is no technical problem that prevents this device from achieving official OpenWRT support, all the pieces are there, it just requires effort.

Post #1154

skdubg

12 Oct 2014, 06:41

Hi mmilburn,

i follow Chadster766 github since many days to get latest infos about this project.
but sorry, i'm not possible to help the team

have you ever contacted "Victek" from spain? (http://victek.is-a-geek.com/index.html)
he could be help you - he is working on Tomato RAF for this device

(Last edited by skdubg on 12 Oct 2014, 06:41)

Post #1155

mmilburn

12 Oct 2014, 06:48

That's Ok.

I used Victek's pictures to hook up my serial interface. I've never had any direct contact with him though. You bring up a good point. It might be useful for him to know that we're working on open drivers.

skdubg wrote:

Hi mmilburn,
i follow Chadster766 github since many days to get latest infos about this project.
but sorry, i'm not possible to help the team
have you ever contacted "Victek" from spain? (http://victek.is-a-geek.com/index.html)
he could be help you - he is working on Tomato RAF for this device

Post #1156

fcs001fcs

12 Oct 2014, 07:36

Thanks for the new release 1.0.5; will try it out today.

Thanks to Chadster766 and all the other Devs for all their hard work on the project.

Just a minor note, when I downloaded the new release I noticed it had the exact same file name as the last release. I suggest that the release number and maybe the date be added to the file name for clarity. Just food for thought.

Post #1157

tbgeo

12 Oct 2014, 11:13

I wrote a month ago saying that the firmware seemed great but had no control over wifi (The router just ignored the settings).
Today I tried your latest version, which seems pretty straightforward.
I changed the SSID and password, *And Disabled Both Wifi networks* purposefully, to see if I could.
No.
I'm writing this on the one of the disabled Wifi networks.
On a minor note, I *was* able to use my wireless connection (My iPhone) to log into the router, and presumably change anything I wanted. It did not ask for a special port, it didn't ask for anything, just a name (root) and a password.
The status page reassures me the wifi networks are disabled, and the status cannot be shown.
Obviously I was able to change the SSID's and the passwords, I just cannot turn any wifi connection off.
It did tell me my iPhone was a client, but I don't think it really knew that it was a wireless client.

Post #1158

MacMaster144

12 Oct 2014, 15:23

I updated my WRT1900AC to v1.0.5 and the Services tab at the top of the page seems to be missing.
All i see is "Status | System | Network | Logout"
The only thing i use that is in the Services tab is MiniDLNA and its installed and running.

EDIT: I just noticed that @Gufus has already added this problem to the GitHub Issues page

(Last edited by MacMaster144 on 12 Oct 2014, 15:55)

Post #1159

gufus

12 Oct 2014, 15:53

MacMaster144 wrote:

I updated my WRT1900AC to v1.0.5 and the Services tab at the top of the page seems to be missing.
All i see is "Status | System | Network | Logout"
The only thing i use that is in the Services tab is MiniDLNA and its installed and running.

FYI
https://github.com/Chadster766/McWRT/issues/48

Post #1160

MacMaster144

12 Oct 2014, 15:56

gufus wrote:

MacMaster144 wrote:
I updated my WRT1900AC to v1.0.5 and the Services tab at the top of the page seems to be missing.
All i see is "Status | System | Network | Logout"
The only thing i use that is in the Services tab is MiniDLNA and its installed and running.
FYI
https://github.com/Chadster766/McWRT/issues/48

I saw and commented on the issue. I hope this is an easy fix

Post #1161

fcs001fcs

12 Oct 2014, 16:04

MacMaster144 wrote:

gufus wrote:
MacMaster144 wrote:
I updated my WRT1900AC to v1.0.5 and the Services tab at the top of the page seems to be missing.
All i see is "Status | System | Network | Logout"
The only thing i use that is in the Services tab is MiniDLNA and its installed and running.
FYI
https://github.com/Chadster766/McWRT/issues/48
I saw and commented on the issue. I hope this is an easy fix

Same for me but if you go to System/Software/Available Packages/ and find under L "Luci-App-XXXX" (XXXX) being the services you are missing and want displayed they will be installed in Luci on reboot if you install them.

Post #1162

MacMaster144

12 Oct 2014, 16:10

fcs001fcs wrote:

MacMaster144 wrote:
gufus wrote:
FYI
https://github.com/Chadster766/McWRT/issues/48
I saw and commented on the issue. I hope this is an easy fix
Same for me but if you go to System/Software/Available Packages/ and find under L "Luci-App-XXXX" (XXXX) being the services you are missing and want displayed they will be installed in Luci on reboot if you install them.

It Worked! Thanks!
I can now see the Services tab and it includes MiniDLNA

(Last edited by MacMaster144 on 12 Oct 2014, 16:11)

Post #1163

fcs001fcs

12 Oct 2014, 16:14

WAN LED Indication

With the new 1.0.5 release the WAN LED (Internet) is now the correct white color for me (was Amber on prior Rev) but when I stop the WAN connection (via LUCI) it stays on even though I no longer have WAN access (internet access).

I am using PPPOE through a FritzBox 7340 VDSL2 that I just use as a bridge. The WRT1900AC has the password and login for my ISP account and makes the connection. I use the FritzBox as a VDSL2 modem/bridge.

Not a big issue but just wanted to inform the Devs.

Post #1164

ShawnG1972

12 Oct 2014, 19:43

Thanks for the new update. Keep up the good work.
I could be imagining things, but the connection seems stronger. I ran a speedtest at the opposite end of my house where normally I get a maximum 10Mbps DL, after the update I was getting 20Mbps. With that sort of test, I do realize that it can depend on a lot of other factors too. But, so far, it's performing well.

One issue, I am getting a "SSL connection error" message coming up on occasion. It does flip screens and lets me open the webpage. But, thought I would let you know. Not sure if it's related to the update or something that I am doing that messed it up. But, I don't remember it doing this before the update.

Thanks.

Post #1165

yanfox

12 Oct 2014, 22:57

Hi,

thanks for the good work

Just updated to 1.0.5 and a problem subsist, when I open a port to my NAS everything is OK but fail2ban that block my routeur @IP when there's a multiple login error attempt.

I tried from another site and it's the same, why my NAS sees the routeur @IP and not the "attackant" one ?

Thanks

Post #1166

mmilburn

13 Oct 2014, 01:32

Try replacing "did_obtain_wan_ip" in /usr/sbin/wan_monitor with this. I added the middle while loop. I originally assumed a downed interface would not return an ip address. The script will be removed in the future anyway, the appropriate way to control this stuff is through hotplug.

did_obtain_wan_ip() {
        local wanif wanipaddr
        wan_white off
        wan_amber on
        while [ ! network_find_wan wanif ]
        do
                log_message "Waiting for netifd to register wan interface"
                scan_interfaces
                sleep 1
        done
        while [ ! network_is_up "$wanif" ]
        do
                log_message "Interface $wanif is not up"
                sleep 5
        done
        while [ ! network_get_ipaddr wanipaddr "$wanif" ]
        do
                log_message "Obtaining IP address on if: $wanif"
                sleep 1
        done
        return true
}

fcs001fcs wrote:

WAN LED Indication
With the new 1.0.5 release the WAN LED (Internet) is now the correct white color for me (was Amber on prior Rev) but when I stop the WAN connection (via LUCI) it stays on even though I no longer have WAN access (internet access).
I am using PPPOE through a FritzBox 7340 VDSL2 that I just use as a bridge. The WRT1900AC has the password and login for my ISP account and makes the connection. I use the FritzBox as a VDSL2 modem/bridge.
Not a big issue but just wanted to inform the Devs.

Post #1167

carlos.quiron

13 Oct 2014, 09:33

yanfox wrote:

Hi,
thanks for the good work
Just updated to 1.0.5 and a problem subsist, when I open a port to my NAS everything is OK but fail2ban that block my routeur @IP when there's a multiple login error attempt.
I tried from another site and it's the same, why my NAS sees the routeur @IP and not the "attackant" one ?
Thanks

It seems to be the same problem as mine and is related to NAT.
When you open a port in "Firewall - Port Forwards" and someone outside try to access your NAS the router replaces the destination IP address of the request (the public IP of the router) and the port by IP and port of your NAS. So far so good. But the router is also replace the public source IP of who made the request for the private IP of your router (source NAT). the incoming requests to the NAS arrive as if they were ordered by the router. If there is someone trying to get into your NAS inadvertently and tries repeatedly username and password, the NAS will mistakenly think that was the router that made the request and probably block the access. I Still don't know if it's a configuration issue or if it is bug. I have to test better, but remotely is not a good idea . if someone knows how to please tell us.

Post #1168

jow

13 Oct 2014, 10:41

That behaviour only applies to NAT-reflected requests, not to request made from the external interface.

Post #1169

carlos.quiron

13 Oct 2014, 12:01

jow wrote:

That behaviour only applies to NAT-reflected requests, not to request made from the external interface.

But I have the same behaviour from outside requests. At this moment I'm remotely connected to my home server via ssh, and my ssh server says that remote IP of this connection is the private IP from the router.

Post #1170

jow

13 Oct 2014, 12:07

Attach the output of "iptables-save" please.

Post #1171

carlos.quiron

13 Oct 2014, 13:30

jow wrote:

Attach the output of "iptables-save" please.

Here is the output of "iptables-save" :

root@OpenWrt:/etc/config# iptables-save
# Generated by iptables-save v1.4.10 on Mon Oct 13 12:27:43 2014
*raw
:PREROUTING ACCEPT [30541:9076224]
:OUTPUT ACCEPT [17629:3592206]
:notrack - [0:0]
-A PREROUTING -j notrack
COMMIT
# Completed on Mon Oct 13 12:27:43 2014
# Generated by iptables-save v1.4.10 on Mon Oct 13 12:27:43 2014
*nat
:PREROUTING ACCEPT [798:68973]
:INPUT ACCEPT [497:51685]
:OUTPUT ACCEPT [1127:86449]
:POSTROUTING ACCEPT [681:44942]
:MINIUPNPD - [0:0]
:delegate_postrouting - [0:0]
:delegate_prerouting - [0:0]
:postrouting_lan_rule - [0:0]
:postrouting_rule - [0:0]
:postrouting_wan_rule - [0:0]
:prerouting_lan_rule - [0:0]
:prerouting_rule - [0:0]
:prerouting_wan_rule - [0:0]
:zone_lan_postrouting - [0:0]
:zone_lan_prerouting - [0:0]
:zone_wan_postrouting - [0:0]
:zone_wan_prerouting - [0:0]
-A PREROUTING -j delegate_prerouting
-A POSTROUTING -j delegate_postrouting
-A MINIUPNPD -p tcp -m tcp --dport 13579 -j DNAT --to-destination 192.168.0.55:13579
-A MINIUPNPD -p tcp -m tcp --dport 10101 -j DNAT --to-destination 192.168.0.55:10101
-A MINIUPNPD -p tcp -m tcp --dport 8082 -j DNAT --to-destination 192.168.0.82:8082
-A MINIUPNPD -p udp -m udp --dport 2660 -j DNAT --to-destination 192.168.0.1:2660
-A MINIUPNPD -p tcp -m tcp --dport 2660 -j DNAT --to-destination 192.168.0.1:2660
-A delegate_postrouting -m comment --comment "user chain for postrouting" -j postrouting_rule
-A delegate_postrouting -o br-lan -j zone_lan_postrouting
-A delegate_postrouting -o pppoe-wan -j zone_wan_postrouting
-A delegate_postrouting -o pppoe-wan -j zone_wan_postrouting
-A delegate_prerouting -m comment --comment "user chain for prerouting" -j prerouting_rule
-A delegate_prerouting -i br-lan -j zone_lan_prerouting
-A delegate_prerouting -i pppoe-wan -j zone_wan_prerouting
-A delegate_prerouting -i pppoe-wan -j zone_wan_prerouting
-A zone_lan_postrouting -m comment --comment "user chain for postrouting" -j postrouting_lan_rule
-A zone_lan_postrouting -s 192.168.0.0/24 -d 192.168.0.1/32 -p tcp -m tcp --dport 22 -m comment --comment "SSH (reflection)" -j SNAT --to-source 192.168.0.254
-A zone_lan_postrouting -s 192.168.0.0/24 -d 192.168.0.1/32 -p tcp -m tcp --dport 8000 -m comment --comment "Forward8000 (reflection)" -j SNAT --to-source 192.168.0.254
-A zone_lan_postrouting -s 192.168.0.0/24 -d 192.168.0.1/32 -p udp -m udp --dport 8000 -m comment --comment "Forward8000 (reflection)" -j SNAT --to-source 192.168.0.254
-A zone_lan_postrouting -s 192.168.0.0/24 -d 192.168.0.55/32 -p tcp -m tcp --dport 10101 -m comment --comment "Forward10101 (reflection)" -j SNAT --to-source 192.168.0.254
-A zone_lan_postrouting -s 192.168.0.0/24 -d 192.168.0.55/32 -p udp -m udp --dport 10101 -m comment --comment "Forward10101 (reflection)" -j SNAT --to-source 192.168.0.254
-A zone_lan_postrouting -j MASQUERADE
-A zone_lan_prerouting -m comment --comment "user chain for prerouting" -j prerouting_lan_rule
-A zone_lan_prerouting -s 192.168.0.0/24 -d 85.246.135.65/32 -p tcp -m tcp --dport 22 -m comment --comment "SSH (reflection)" -j DNAT --to-destination 192.168.0.1:22
-A zone_lan_prerouting -s 192.168.0.0/24 -d 85.246.135.65/32 -p tcp -m tcp --dport 8000 -m comment --comment "Forward8000 (reflection)" -j DNAT --to-destination 192.168.0.1:8000
-A zone_lan_prerouting -s 192.168.0.0/24 -d 85.246.135.65/32 -p udp -m udp --dport 8000 -m comment --comment "Forward8000 (reflection)" -j DNAT --to-destination 192.168.0.1:8000
-A zone_lan_prerouting -s 192.168.0.0/24 -d 85.246.135.65/32 -p tcp -m tcp --dport 10101 -m comment --comment "Forward10101 (reflection)" -j DNAT --to-destination 192.168.0.55:10101
-A zone_lan_prerouting -s 192.168.0.0/24 -d 85.246.135.65/32 -p udp -m udp --dport 10101 -m comment --comment "Forward10101 (reflection)" -j DNAT --to-destination 192.168.0.55:10101
-A zone_wan_postrouting -m comment --comment "user chain for postrouting" -j postrouting_wan_rule
-A zone_wan_postrouting -j MASQUERADE
-A zone_wan_prerouting -j MINIUPNPD
-A zone_wan_prerouting -m comment --comment "user chain for prerouting" -j prerouting_wan_rule
-A zone_wan_prerouting -p tcp -m tcp --dport 22 -m comment --comment "SSH" -j DNAT --to-destination 192.168.0.1:22
-A zone_wan_prerouting -p tcp -m tcp --dport 8000 -m comment --comment "Forward8000" -j DNAT --to-destination 192.168.0.1:8000
-A zone_wan_prerouting -p udp -m udp --dport 8000 -m comment --comment "Forward8000" -j DNAT --to-destination 192.168.0.1:8000
-A zone_wan_prerouting -p tcp -m tcp --dport 10101 -m comment --comment "Forward10101" -j DNAT --to-destination 192.168.0.55:10101
-A zone_wan_prerouting -p udp -m udp --dport 10101 -m comment --comment "Forward10101" -j DNAT --to-destination 192.168.0.55:10101
COMMIT
# Completed on Mon Oct 13 12:27:43 2014
# Generated by iptables-save v1.4.10 on Mon Oct 13 12:27:43 2014
*mangle
:PREROUTING ACCEPT [30574:9077544]
:INPUT ACCEPT [16464:2269105]
:FORWARD ACCEPT [13991:6789979]
:OUTPUT ACCEPT [17695:3602678]
:POSTROUTING ACCEPT [31698:10395489]
:fwmark - [0:0]
:mssfix - [0:0]
:qos_Default - [0:0]
:qos_Default_ct - [0:0]
-A PREROUTING -j fwmark
-A FORWARD -j mssfix
-A mssfix -o pppoe-wan -p tcp -m tcp --tcp-flags SYN,RST SYN -m limit --limit 10/sec -m comment --comment "wan (mtu_fix logging)" -j LOG --log-prefix "MSSFIX(wan): "
-A mssfix -o pppoe-wan -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "wan (mtu_fix)" -j TCPMSS --clamp-mss-to-pmtu
-A mssfix -o pppoe-wan -p tcp -m tcp --tcp-flags SYN,RST SYN -m limit --limit 10/sec -m comment --comment "wan (mtu_fix logging)" -j LOG --log-prefix "MSSFIX(wan): "
-A mssfix -o pppoe-wan -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "wan (mtu_fix)" -j TCPMSS --clamp-mss-to-pmtu
-A qos_Default -j CONNMARK --restore-mark --nfmask 0xff --ctmask 0xff
-A qos_Default -m mark --mark 0x0/0xff -j qos_Default_ct
-A qos_Default -m mark --mark 0x1/0xff -m length --length 400:65535 -j MARK --set-xmark 0x0/0xff
-A qos_Default -m mark --mark 0x2/0xff -m length --length 800:65535 -j MARK --set-xmark 0x0/0xff
-A qos_Default -p udp -m mark --mark 0x0/0xff -m length --length 0:500 -j MARK --set-xmark 0x2/0xff
-A qos_Default -p icmp -j MARK --set-xmark 0x1/0xff
-A qos_Default -p tcp -m mark --mark 0x0/0xff -m tcp --sport 1024:65535 --dport 1024:65535 -j MARK --set-xmark 0x4/0xff
-A qos_Default -p udp -m mark --mark 0x0/0xff -m udp --sport 1024:65535 --dport 1024:65535 -j MARK --set-xmark 0x4/0xff
-A qos_Default -p tcp -m length --length 0:128 -m mark ! --mark 0x4/0xff -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG SYN -j MARK --set-xmark 0x1/0xff
-A qos_Default -p tcp -m length --length 0:128 -m mark ! --mark 0x4/0xff -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG ACK -j MARK --set-xmark 0x1/0xff
-A qos_Default_ct -p tcp -m mark --mark 0x0/0xff -m tcp -m multiport --ports 22,53 -j MARK --set-xmark 0x1/0xff
-A qos_Default_ct -p udp -m mark --mark 0x0/0xff -m udp -m multiport --ports 22,53 -j MARK --set-xmark 0x1/0xff
-A qos_Default_ct -p tcp -m mark --mark 0x0/0xff -m tcp -m multiport --ports 20,21,25,80,110,443,993,995 -j MARK --set-xmark 0x3/0xff
-A qos_Default_ct -p tcp -m mark --mark 0x0/0xff -m tcp -m multiport --ports 5190 -j MARK --set-xmark 0x2/0xff
-A qos_Default_ct -p udp -m mark --mark 0x0/0xff -m udp -m multiport --ports 5190 -j MARK --set-xmark 0x2/0xff
-A qos_Default_ct -j CONNMARK --save-mark --nfmask 0xff --ctmask 0xff
COMMIT
# Completed on Mon Oct 13 12:27:43 2014
# Generated by iptables-save v1.4.10 on Mon Oct 13 12:27:43 2014
*filter
:INPUT ACCEPT [69:2484]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:MINIUPNPD - [0:0]
:delegate_forward - [0:0]
:delegate_input - [0:0]
:delegate_output - [0:0]
:forwarding_lan_rule - [0:0]
:forwarding_rule - [0:0]
:forwarding_wan_rule - [0:0]
:input_lan_rule - [0:0]
:input_rule - [0:0]
:input_wan_rule - [0:0]
:output_lan_rule - [0:0]
:output_rule - [0:0]
:output_wan_rule - [0:0]
:reject - [0:0]
:syn_flood - [0:0]
:zone_lan_dest_ACCEPT - [0:0]
:zone_lan_forward - [0:0]
:zone_lan_input - [0:0]
:zone_lan_output - [0:0]
:zone_lan_src_ACCEPT - [0:0]
:zone_wan_dest_ACCEPT - [0:0]
:zone_wan_forward - [0:0]
:zone_wan_input - [0:0]
:zone_wan_output - [0:0]
:zone_wan_src_REJECT - [0:0]
-A INPUT -j delegate_input
-A FORWARD -j delegate_forward
-A OUTPUT -j delegate_output
-A MINIUPNPD -d 192.168.0.55/32 -p tcp -m tcp --dport 13579 -j ACCEPT
-A MINIUPNPD -d 192.168.0.55/32 -p tcp -m tcp --dport 10101 -j ACCEPT
-A MINIUPNPD -d 192.168.0.82/32 -p tcp -m tcp --dport 8082 -j ACCEPT
-A MINIUPNPD -d 192.168.0.1/32 -p udp -m udp --dport 2660 -j ACCEPT
-A MINIUPNPD -d 192.168.0.1/32 -p tcp -m tcp --dport 2660 -j ACCEPT
-A delegate_forward -m comment --comment "user chain for forwarding" -j forwarding_rule
-A delegate_forward -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A delegate_forward -m conntrack --ctstate INVALID -j DROP
-A delegate_forward -i br-lan -j zone_lan_forward
-A delegate_forward -i pppoe-wan -j zone_wan_forward
-A delegate_forward -i pppoe-wan -j zone_wan_forward
-A delegate_forward -j reject
-A delegate_input -i lo -j ACCEPT
-A delegate_input -m comment --comment "user chain for input" -j input_rule
-A delegate_input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A delegate_input -m conntrack --ctstate INVALID -j DROP
-A delegate_input -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j syn_flood
-A delegate_input -i br-lan -j zone_lan_input
-A delegate_input -i pppoe-wan -j zone_wan_input
-A delegate_input -i pppoe-wan -j zone_wan_input
-A delegate_output -o lo -j ACCEPT
-A delegate_output -m comment --comment "user chain for output" -j output_rule
-A delegate_output -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A delegate_output -m conntrack --ctstate INVALID -j DROP
-A delegate_output -o br-lan -j zone_lan_output
-A delegate_output -o pppoe-wan -j zone_wan_output
-A delegate_output -o pppoe-wan -j zone_wan_output
-A reject -p tcp -j REJECT --reject-with tcp-reset
-A reject -j REJECT --reject-with icmp-port-unreachable
-A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -j RETURN
-A syn_flood -j DROP
-A zone_lan_dest_ACCEPT -o br-lan -j ACCEPT
-A zone_lan_forward -m comment --comment "user chain for forwarding" -j forwarding_lan_rule
-A zone_lan_forward -s 192.168.0.0/24 -d 192.168.0.1/32 -p tcp -m tcp --dport 22 -m comment --comment "SSH (reflection)" -j zone_lan_dest_ACCEPT
-A zone_lan_forward -s 192.168.0.0/24 -d 192.168.0.1/32 -p tcp -m tcp --dport 8000 -m comment --comment "Forward8000 (reflection)" -j zone_lan_dest_ACCEPT
-A zone_lan_forward -s 192.168.0.0/24 -d 192.168.0.1/32 -p udp -m udp --dport 8000 -m comment --comment "Forward8000 (reflection)" -j zone_lan_dest_ACCEPT
-A zone_lan_forward -s 192.168.0.0/24 -d 192.168.0.55/32 -p tcp -m tcp --dport 10101 -m comment --comment "Forward10101 (reflection)" -j zone_lan_dest_ACCEPT
-A zone_lan_forward -s 192.168.0.0/24 -d 192.168.0.55/32 -p udp -m udp --dport 10101 -m comment --comment "Forward10101 (reflection)" -j zone_lan_dest_ACCEPT
-A zone_lan_forward -m comment --comment "forwarding lan -> wan" -j zone_wan_dest_ACCEPT
-A zone_lan_forward -j zone_lan_src_ACCEPT
-A zone_lan_input -m comment --comment "user chain for input" -j input_lan_rule
-A zone_lan_input -j zone_lan_src_ACCEPT
-A zone_lan_output -m comment --comment "user chain for output" -j output_lan_rule
-A zone_lan_output -j zone_lan_dest_ACCEPT
-A zone_lan_src_ACCEPT -i br-lan -j ACCEPT
-A zone_wan_dest_ACCEPT -o pppoe-wan -j ACCEPT
-A zone_wan_dest_ACCEPT -o pppoe-wan -j ACCEPT
-A zone_wan_forward -j MINIUPNPD
-A zone_wan_forward -m comment --comment "user chain for forwarding" -j forwarding_wan_rule
-A zone_wan_forward -d 192.168.0.1/32 -p tcp -m tcp --dport 22 -m comment --comment "SSH" -j ACCEPT
-A zone_wan_forward -d 192.168.0.1/32 -p tcp -m tcp --dport 8000 -m comment --comment "Forward8000" -j ACCEPT
-A zone_wan_forward -d 192.168.0.1/32 -p udp -m udp --dport 8000 -m comment --comment "Forward8000" -j ACCEPT
-A zone_wan_forward -d 192.168.0.55/32 -p tcp -m tcp --dport 10101 -m comment --comment "Forward10101" -j ACCEPT
-A zone_wan_forward -d 192.168.0.55/32 -p udp -m udp --dport 10101 -m comment --comment "Forward10101" -j ACCEPT
-A zone_wan_forward -j zone_wan_src_REJECT
-A zone_wan_input -m comment --comment "user chain for input" -j input_wan_rule
-A zone_wan_input -p udp -m udp --dport 68 -m comment --comment "Allow-DHCP-Renew" -j ACCEPT
-A zone_wan_input -p icmp -m icmp --icmp-type 8 -m comment --comment "Allow-Ping" -j ACCEPT
-A zone_wan_input -p tcp -m tcp --dport 22 -m comment --comment "SSH" -j ACCEPT
-A zone_wan_input -j zone_wan_src_REJECT
-A zone_wan_output -m comment --comment "user chain for output" -j output_wan_rule
-A zone_wan_output -j zone_wan_dest_ACCEPT
-A zone_wan_src_REJECT -m limit --limit 10/sec -j LOG --log-prefix "REJECT(src wan)"
-A zone_wan_src_REJECT -i pppoe-wan -j reject
-A zone_wan_src_REJECT -i pppoe-wan -j reject
COMMIT
# Completed on Mon Oct 13 12:27:43 2014

Post #1172

a1978641

13 Oct 2014, 17:41

I've been having a strange issue since 1.01 (the first one I used), I'm on 1.05 now. Every few hours, I lose connection (ethernet) for 10-20 seconds, and then it reconnects. Is there an easy way to figure out what's going on, maybe a log from the GUI? What should I do right after it happens?

I don't have the issue if I use ethernet directly into my modem. I have Charter business, so I can't look in the modem at all because they keep it locked down. I don't think it's a problem like that though, because I don't get disconnects on the stock firmware or directly to the modem.

My LAN uptime is over 24 hours, but my WAN uptime is about half an hour (when I lost connection)

Edit: By the way, I have 'Use broadcast flag (Required for certain ISPs, e.g. Charter with DOCSIS 3) enabled.

(Last edited by a1978641 on 13 Oct 2014, 17:55)

Post #1173

jow

13 Oct 2014, 17:46

carlos.quiron wrote:

Here is the output of "iptables-save" : [...]

Did you enable Masquerading on the lan zone by accident? Disable it if it is enabled and you should see the normal behaviour.

Post #1174

jdthomas4181

13 Oct 2014, 17:50

i just updated my wrt1900ac to the 1.0.5 release, im only getting 16 megbit from the 5ghz wireless, can someone run a test to see if they are recieving the same results?

Post #1175

Chadster766

13 Oct 2014, 17:52

a1978641 wrote:

I've been having a strange issue since 1.01 (the first one I used), I'm on 1.05 now. Every few hours, I lose connection (ethernet) for 10-20 seconds, and then it reconnects. Is there an easy way to figure out what's going on, maybe a log from the GUI? What should I do right after it happens?
I don't have the issue if I use ethernet directly into my modem. I have Charter business, so I can't look in the modem at all because they keep it locked down. I don't think it's a problem like that though, because I don't get disconnects on the stock firmware or directly to the modem.

If have a password set on the router than you can login via Putty SSH. This will give you a command line into the router where you can do much detailed troubleshooting.

I recommend that you Google the issue you are having to find out more tips and techniques.

Sorry, posts 1176 to 1175 are missing from our archive.

Page 47 of 598