Menu
What's new
By:
Filters Better Search

Recent content by jim99

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

  1. J

    AiProtection Accepting Config but not blocking

    I'm trying to set AiProtection on my RT-AC86U router, running Asuswrt-Merlin vers 386.3_2. Web. Aps filter is "on" and I have selected all four check boxes, including "Streaming and Entertainment" (see attached screenshot). The router accepts the commands as applied. However, the target client...
  2. J

    Split Tunnel Weirdness

    I hope this will be the final update! I got into debugging shorewall, but as some of you out there know, shorewall is only a manager (with a freiendly face) of the minefield that is iptables. Something was happening when I reset shorewall that put iptables back to a good status. Further...
  3. J

    Split Tunnel Weirdness

    Its reproducable: I had to power off the router to put it in its final position and to tidy the wires. It came up with no pings to the server, and no access to the virtual hosts. I restarted shorewalll, and bingo, off we go! Well, I learned something, but I'm not sure what :)
  4. J

    Split Tunnel Weirdness

    OK, you are going to be displeased....I started this morning by ssh-ing into the server and ensuring I had the commands right to shut the firewall down and bring it back up...I wanted to get it down and up with as short a window as possible, for obvious reasons. If you are familiar with Linux...
  5. J

    Split Tunnel Weirdness

    OK, so here's the plan for tomorrow. First, I will shut down the firewall in the server, and see if that changes anything. If it does, I will take firewall logs with the firewall on and off and debug from there. If as I suspect, doing so makes no change, I will reset the router back to factory...
  6. J

    Split Tunnel Weirdness

    Yes, the new router is as near a copy of the old one as I can make it, so I can just alternate between the two routers by swapping cables and the systems just come up as before the swap. Yes, the server has multiple interfaces: an outer interface 192.168.200.98 that connects to the Internet and...
  7. J

    Split Tunnel Weirdness

    Some answers...and even more puzzles: Ping from the server to the router: "#ping 192.168.200.2 PING 192.168.200.2 (192.168.200.2) 56(84) bytes of data. ^C --- 192.168.200.2 ping statistics --- 9 packets transmitted, 0 received, 100% packet loss, time 8000ms #" Hence ping from server to router...
  8. J

    Split Tunnel Weirdness

    further stuff: I checked my external routing: without a VPN running, the my address is xx.yy.143.80, and the default route out of the router is xx.yy.72.21, and from the router I can ping the DG, but not the internal address of the server
  9. J

    Split Tunnel Weirdness

    Yes, a typo, the router is at 192.168.200.2, the server is at 192.168.200.98. I put the Server in the DMZ as "something to try", but it made no difference either way. Its back out now. I've attached a couple more screen shots of the port forwarding table and log, which show the server is now out...
  10. J

    Split Tunnel Weirdness

    Your mastery of understatement is impressive! "Strange" is the most mild adjective I've used! :) The router's LAN IP is 192.168.200.98/24, so a standard RFC1918 private address. There is nothing particularly odd about the internal network, it's only my home network...single flat LAN, all...
  11. J

    Split Tunnel Weirdness

    Pings were already enabled (I use Uptime Robot to alert me if things fail, and it uses ping); There was nothing in AIProtection that was switched on, and there was nothing in the logs; With all VPN clients off, I can see traffic from my internal client's address arriving on the server's internal...
  12. J

    Split Tunnel Weirdness

    And just to add to the fun, the above results tie in with the inability to ping from the router to the public address of the server (Network tools>Network Analysis>Ping)
  13. J

    Split Tunnel Weirdness

    yes, Public IP = WAN IP. Some things I've been thionking about and playing with: A Cisco SPA112 VoIP controller and a HikVision NVR, on alternate ports on the router, with different internal IP addresses, work fine; The default web page on the NethServer host works when addressed by IP address...
  14. J

    Split Tunnel Weirdness

    OK, I thought I'd answered your question, but in case I hadn't, I did some further testing: If I run through my old router, and nslookup the three websites the NethServer hosts, I get the correct public IP address. If I run through the Asus router, and nslookup the three websites the NethServer...
  15. J

    Split Tunnel Weirdness

    Yet more info: I increased log sensitivity, and got this: Oct 30 20:14:27 dnsmasq[2127]: using nameserver 149.154.159.92#53 Oct 30 20:14:27 dnsmasq[2127]: using nameserver 162.252.172.57#53 Oct 30 20:14:27 dnsmasq[2127]: using nameserver 212.23.6.100#53 Oct 30 20:14:27 dnsmasq[2127]: using...
See more
Top