Topic: ALL5003 (RT5350) no ssh trough Lan (Wlan works) with trunk build

The content of this topic has been archived on 15 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Page 1 of 1

Post #1

baztuk

15 Jul 2014, 21:07

Hello,
I'm currently trying to build up some customizable (cheap) IP-Cameras based on the Allnet ALL5003 (RT5350 OpenWrt Hardware list / ALL5003 porduct page ). The module comes with an preinstalled OpenWRT (Barrier Breaker R36370), but without the modules needed for the cameras (kmod-video-core, kmod-video-uvc etc).
Everything else works very well with the preinstalled OpenWRT (shh via Lan/Wlan, USB-Storage, etc)

Since the preinstalled OpenWRT version is too old to install the missing packages via opkg ( kernel dependencies not being satisfied ) I tried to build a new firmware with the modules for the IP camera. This worked quite well and i could access the camera via WLAN over mjpg-streamer, but now i can't get (ssh , luci , mjpg-streamer) into the module via LAN. However I still can ping it via LAN.

I used the same network settings i could find in the preinstalled Version, disabled the Firewall, DHCP server, tried different builds without any luck to fix the problem.
By accident i compiled a version for the ALL5002 ( Rt3352) and flashed it and the shh via LAN worked, but the USB did not work.

Can anybody tell me, what I'm doing wrong ?
Where can i find the difference between the preinstalled or ALL5002 firmware that makes their LAN work?

(Last edited by baztuk on 19 Jul 2014, 16:21)

Post #2

qasdfdsaq

17 Jul 2014, 22:29

Post your /etc/config/firewall and /etc/config/network

Post #3

baztuk

18 Jul 2014, 13:20

Here is the network config:

 config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fde9:2502:4b49::/48'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '0'

config interface 'lan'
        option ifname 'eth0'
        option type 'bridge'
        option proto 'static'
        option ipaddr '192.168.2.3'
        option netmask '255.255.255.0'
        option ip6assign '64'
                                            
config interface 'wwan'               
        option proto 'dhcp'

and the firewall config

 config defaults
        option syn_flood '1'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'

config zone
        option name 'lan'
        option network 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        option network 'wan wwan'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule                                     
        option name 'Allow-DHCP-Renew'          
        option src 'wan'                        
        option proto 'udp'                      
        option dest_port '68'                   
        option target 'ACCEPT'                  
        option family 'ipv4'                    
                                                
config rule                                     
        option name 'Allow-Ping'                
        option src 'wan'                        
        option proto 'icmp'                     
        option icmp_type 'echo-request'         
        option family 'ipv4'                    
        option target 'ACCEPT'                  
                                                           
config rule                                                
        option name 'Allow-DHCPv6'                         
        option src 'wan'                                   
        option proto 'udp'                                      
        option src_ip 'fe80::/10'
        option src_port '547'  
        option dest_ip 'fe80::/10'
        option dest_port '546' 
        option family 'ipv6'   
        option target 'ACCEPT' 
                               
config rule                    
        option name 'Allow-ICMPv6-Input'
        option src 'wan'       
        option proto 'icmp'    
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'       
        option family 'ipv6'          
        option target 'ACCEPT'        
                                      
config rule                     
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'                        
        option dest '*'                         
        option proto 'icmp'                     
        list icmp_type 'echo-request'           
        list icmp_type 'echo-reply'             
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'         
        list icmp_type 'time-exceeded'          
        list icmp_type 'bad-header'             
        list icmp_type 'unknown-header-type'    
        option limit '1000/sec'                 
        option family 'ipv6'                    
        option target 'ACCEPT'                  
                                                
config rule                                     
        option name 'Enforce-ULA-Border-Src'    
        option src '*'                          
        option dest 'wan'                       
        option proto 'all'                      
        option src_ip 'fc00::/7'                
        option family 'ipv6'                    
        option target 'REJECT'                  
                                                
config rule                                     
        option name 'Enforce-ULA-Border-Dest'   
        option src '*'
        option dest 'wan'                       
        option proto 'all'                      
        option dest_ip 'fc00::/7'
        option family 'ipv6'                               
        option target 'REJECT'                            
                                                           
config include                                             
        option path '/etc/firewall.user'  

config include 'miniupnpd'                      
        option type 'script'                    
        option path '/usr/share/miniupnpd/firewall.include
        option family 'any'                               
        option reload '1'

This config is the same on the preinstalled OpenWRT (36370), where shh over Lan is working and the Version I built from the newer trunk.

Post #4

qasdfdsaq

18 Jul 2014, 14:46

Wait, you can't access SSH or Luci from the LAN, but you can from the WAN? Or from neither?

If neither, how do you configure and start the video streamer with no access to the device?

In any case have you tried Telnet?

Post #5

baztuk

19 Jul 2014, 16:31

I can access the device via the RS232 console and enable WIFI and the MJPG Streamer.
I can then access SSH, Luci, MJPGStreamer via WIFI.

When i connect the device directly or via a switch over LAN i only can ping it but nothing more.

I'm currently have not tried to connect via WAN

Post #6

qasdfdsaq

20 Jul 2014, 19:35

OK if you have console access then that's good.

Could you post your /etc/config/wireless as well? From what I can see it's fairly standard so wireless and LAN *should* work identically.

You could also try via the serial console /etc/init.d/uhttpd restart and /etc/init.d/dropbear restart
The simplest explanation (given it can be pinged) is probably that the daemons are not binding to the correct interfaces, netstat -a could help figuring that out too

Post #7

baztuk

21 Jul 2014, 14:13

Heres the etc/config/wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option hwmode '11ng'
        option macaddr '00:0f:c9:0b:ee:8d'
        option htmode 'HT20'
        list ht_capab 'GF'
        list ht_capab 'SHORT-GI-20'
        list ht_capab 'SHORT-GI-40'
        list ht_capab 'RX-STBC1'
        option disabled '0'
        option channel '1'
        option txpower '20'
        option country '00'

config wifi-iface
        option network 'wwan'
        option ssid 'xxx'
        option encryption 'psk2'
        option device 'radio0'
        option mode 'sta'
        option bssid '40:16:7E:2D:32:10'
        option key 'xxx'

I'm currently using the Wifi to connect to my router, so i can at least use it via the LAN of my PC.

When i turn off my router and connect my pc directly to the ALL via Lan and try ssh i get the following netstat -a result:

 root@OpenWrt:/# netstat -a
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       
tcp        0      0 0.0.0.0:netbios-ssn     0.0.0.0:*               LISTEN      
tcp        0      0 0.0.0.0:8080            0.0.0.0:*               LISTEN      
tcp        0      0 0.0.0.0:www             0.0.0.0:*               LISTEN      
tcp        0      0 0.0.0.0:ssh             0.0.0.0:*               LISTEN      
tcp        0      0 192.168.2.3:ssh         192.168.2.5:40812       SYN_RECV    
tcp        0      0 0.0.0.0:microsoft-ds    0.0.0.0:*               LISTEN      
tcp        0      0 :::netbios-ssn          :::*                    LISTEN      
tcp        0      0 :::8080                 :::*                    LISTEN      
tcp        0      0 :::ssh                  :::*                    LISTEN      
tcp        0      0 :::microsoft-ds         :::*                    LISTEN      
udp        0      0 0.0.0.0:58893           0.0.0.0:*                           
udp        0      0 0.0.0.0:43038           0.0.0.0:*                           
udp        0      0 0.0.0.0:60277           0.0.0.0:*                           
udp        0      0 192.168.1.3:ntp         10.0.0.1:ntp            ESTABLISHED 
udp        0      0 192.168.2.255:netbios-ns 0.0.0.0:*                           
udp        0      0 192.168.2.3:netbios-ns  0.0.0.0:*                           
udp        0      0 0.0.0.0:netbios-ns      0.0.0.0:*                           
udp        0      0 192.168.2.255:netbios-dgm 0.0.0.0:*                           
udp        0      0 192.168.2.3:netbios-dgm 0.0.0.0:*                           
udp        0      0 0.0.0.0:netbios-dgm     0.0.0.0:*                           
udp        0      0 0.0.0.0:57760           0.0.0.0:*                           
udp        0      0 0.0.0.0:l2f             0.0.0.0:*                           
udp        0      0 :::dhcpv6-server        :::*                                
raw        0      0 ::%4559988:58           :::*                    58          
raw        0      0 ::%4559988:58           :::*                    58          
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags       Type       State         I-Node Path
unix  2      [ ACC ]     STREAM     LISTENING       2563 /var/nmbd/unexpected
unix  2      [ ACC ]     STREAM     LISTENING        277 /var/run/ubus.sock
unix  2      [ ]         DGRAM                      2100 /var/run/wpa_supplicant/wlan0
unix  7      [ ]         DGRAM                      1506 /dev/log
unix  2      [ ]         DGRAM                      1778 
unix  3      [ ]         STREAM     CONNECTED       1508 
unix  2      [ ]         DGRAM                      2590 
unix  2      [ ]         DGRAM                      1580 
unix  3      [ ]         STREAM     CONNECTED       2431 
unix  2      [ ]         DGRAM                      1792 
unix  3      [ ]         STREAM     CONNECTED       1591 /var/run/ubus.sock
unix  3      [ ]         STREAM     CONNECTED       1546 
unix  3      [ ]         STREAM     CONNECTED        364 /var/run/ubus.sock
unix  2      [ ]         DGRAM                      1862 
unix  3      [ ]         STREAM     CONNECTED       2432 /var/run/ubus.sock
unix  3      [ ]         STREAM     CONNECTED       1547 /var/run/ubus.sock
unix  3      [ ]         STREAM     CONNECTED        363 
unix  3      [ ]         STREAM     CONNECTED       1509 /var/run/ubus.sock
unix  2      [ ]         DGRAM                      2915 
unix  3      [ ]         STREAM     CONNECTED       1590

I'm not familiar with netstat, but as far as i can see from the line: "tcp 0 0 192.168.2.3:ssh 192.168.2.5:40812 SYN_RECV " the ssh request is send from my pc (192.168.2.5) and received by the ALL5003 (192.168.2.3) but nothing happens after that.

Restarting uhttpd and dropbear did not change that.

Thanks for your help so far !!!

(Last edited by baztuk on 21 Jul 2014, 14:16)

Post #8

qasdfdsaq

27 Jul 2014, 23:49

Urgh. You could have pointed out earlier you're operating the wireless in client mode as a separate network!

Your firewall configuration appears to be not being applied properly, regardless. Please post the output of the following commands, when connected to the router via LAN:

ifconfig -a
route
iptables -L

The discussion might have continued from here.

Page 1 of 1