Menu
What's new
By:
Filters Better Search

Release Asuswrt-Merlin 3004.388.6 is now available

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

I have just made a discovery which may be of interest to you depending on how you configure your router. If you can't be bothered to read my waffle, the TL;DR is that the per client Block Internet Access feature is unreliable.

Contrary to my current signature, the discovery I made is with my RT-AX56U running 3004.388.6. The unit has been configured from scratch following a WPS button reset. I administer the router from a RPi which is given a specific IP address via an entry in the DHCP table and is the only unit able to access the router as there is also an entry in the Access restriction list on the Adminstration -> System page for that IP address.

As part of the router's setup I deny the admin RPi internet access by clicking on its entry in the Client status list and setting the Block Internet Access to ON. I also do this for a CCTV unit connected to the router which I don't want phoning home (it gets its time from the router using the NTP interception feature in Merlin's f/w). Devices in the list which are blocked from the internet show up in the Client status list with a little no-entry symbol on the right.

When I logged into the router today I mistyped the repeater's name and to my surprise it went to DDG and came back with a page of results. Eh? I thought. This should fail, eventually timing out and is how I test that internet access has been blocked. I don't need to block the RPi from the internet but it's much harder to check that the CCTV is being blocked so I do it by inference.

I went to the Client status list and there were no no-entry symbols showing i.e. not for the RPi and not for the CCTV. I clicked on the RPi in the list and, sure enough, the Block Internet Access was set to OFF. I set it to ON, clicked Apply and its no-entry symbol was showing again but now so too was the symbol for the CCTV!?! I tried accessing the internet from the RPi and this time it failed, timing-out.

I have been configuring my router this way for a number of years and never seen this kind of anomaly before. I'll be moving back the 86 Pro shortly as maybe the 56 is more EOL than the last drop from Asus suggests :oops:
 
Tvbaas said:
Reading through the forum a lot of people had some kind of issue when using USB sticks, most of them turned over to a USB SSD drive which do seem to work more reliable. I also experienced issues with USB sticks, they died to soon or encountering all kind of vage and slowing down issues.
So I purchased a USB SSD drive and could not be happier since.
Click to expand...
Right now my uptime is over 10 days. So something from last wipe to most recent wipe must have changed for the better, despite using the same scripts and gear.
But true, the lifespan of a USB stick vs a SSD drive may differ a lot. But I made sure my USB stick wasn't of the cheapest, low quality stuff to be good enough for this.
If something starts to happen again, then I consider buying a SSD.
 
I've been having problems the last few days. Not sure if it's related to 3004.388.6 on my RT-AX88U, I wouldn't think so, but i'm starting to wonder. I have a server with Home Assistant OS running multiple services on subdomains, all managed by Nginx Proxy Manager. I have forwarded 80 and 443 to the server, and it has all been working great for years. I saw the note about SSL in the changelog, but I ignored it as it didn't seem relevant, I use NPM on the server to handle the certificates. I've tried to reconfigure NPM from scratch, and checked that my IP is refreshed at Cloudflare. I even tried to run only one service at port 80 without SSL, but it just isn't reachable. They're all reachable if i just enter the local IP address with port number in the browser. If i enter the public IP address, nothing, like the port forwarding isn't working.

EDIT: Turned out to be a issue with my ISP, asked them to give me a semi fixed IP and viola, problem solved.
 
Last edited:
sluzza said:
I have just made a discovery which may be of interest to you depending on how you configure your router. If you can't be bothered to read my waffle, the TL;DR is that the per client Block Internet Access feature is unreliable.

Contrary to my current signature, the discovery I made is with my RT-AX56U running 3004.388.6. The unit has been configured from scratch following a WPS button reset. I administer the router from a RPi which is given a specific IP address via an entry in the DHCP table and is the only unit able to access the router as there is also an entry in the Access restriction list on the Adminstration -> System page for that IP address.

As part of the router's setup I deny the admin RPi internet access by clicking on its entry in the Client status list and setting the Block Internet Access to ON. I also do this for a CCTV unit connected to the router which I don't want phoning home (it gets its time from the router using the NTP interception feature in Merlin's f/w). Devices in the list which are blocked from the internet show up in the Client status list with a little no-entry symbol on the right.

When I logged into the router today I mistyped the repeater's name and to my surprise it went to DDG and came back with a page of results. Eh? I thought. This should fail, eventually timing out and is how I test that internet access has been blocked. I don't need to block the RPi from the internet but it's much harder to check that the CCTV is being blocked so I do it by inference.

I went to the Client status list and there were no no-entry symbols showing i.e. not for the RPi and not for the CCTV. I clicked on the RPi in the list and, sure enough, the Block Internet Access was set to OFF. I set it to ON, clicked Apply and its no-entry symbol was showing again but now so too was the symbol for the CCTV!?! I tried accessing the internet from the RPi and this time it failed, timing-out.

I have been configuring my router this way for a number of years and never seen this kind of anomaly before. I'll be moving back the 86 Pro shortly as maybe the 56 is more EOL than the last drop from Asus suggests :oops:
Click to expand...
Exactly the same issue on the RT-AX86U Pro (running 3004.388.6).
 
RMinNJ said:
What is block internet access based on..the device mac address, name or IP?
Click to expand...
If you're using the on/off button in the client list it's blocked by the client's MAC address (an iptables rule in the FORWARD chain).
 
Doesn't answer the question. I'd be inclined to answer "IP address" but that's just a guess. I've yet to "mess with" that.
 
ColinTaylor said:
If you're using the on/off button in the client list it's blocked by the client's MAC address (an iptables rule in the FORWARD chain).
Click to expand...
Yes, I use the on/off switch but I only drive using the GUI so an iptables rule makes sense. I just which I could identify when it got undone but it's not something I keep checking.
 
sluzza said:
Yes, I use the on/off switch but I only drive using the GUI so an iptables rule makes sense. I just which I could identify when it got undone but it's not something I keep checking.
Click to expand...
Yes, it still doesn't explain why your router would have lost those settings. Normally that would only happen if you did a factory reset or reloaded an old settings file.
 
If it was by ip address and the client got a new one assigned I could see the setting getting lost..so figure it must be by Mac address or name to make sense. You could try assigning a static ip to the device and see the setting sticks.
 
ColinTaylor said:
Yes, it still doesn't explain why your router would have lost those settings. Normally that would only happen if you did a factory reset or reloaded an old settings file.
Click to expand...
That's the strangest thing about it. The settings weren't quite lost, just not applied, and it took reapplying the RPi's block to reinstate the one on the CCTV. I can't do any more atm (the family would go mad) but I think you've nailed it there: reloading a config file doesn't automatically apply the internet block setting and it has to be done for at least one client before the others are applied too. I'll experiment some more when I can.
 
RMinNJ said:
If it was by ip address and the client got a new one assigned I could see the setting getting lost..so figure it must be by Mac address or name to make sense. You could try assigning a static ip to the device and see the setting sticks.
Click to expand...
Thanks. That's something else I can try if it turns out the config file load isn't the problem.
 
AX58U hangs second time on me in few weeks after update to 388.6, so bad does not even respond to ping. Never had anything similar on previous versions in ~2 years.
 
FYI,
@RMerlin
This latest release (3004.388.6) breaks my GT-AX6000 !

All of 2.4 GHz wireless, guest networks, and AIMesh.

Upgraded from 3004.388.4
Upgrade appeared to go fine (no warnings or errors during)
But I slowly realized my 2.4 G network wasn't working. Don't have that much on 2.4 so it was not immediately obvious.

Rolled back to 388.4 and all function restored.
 
Just noticed something weird in the wireless log, the IP of one of the wireless device is completely out of whack. I've checked the DHCP lease table, the IP was actually 192.168.100.71 for the device with the same mac address instead. Any idea, explanation?



x1x1.png


My router is GT-AX11000 and on firmware: 3004.388.6
 
emwgee said:
Just noticed something weird in the wireless log, the IP of one of the wireless device is completely out of whack. I've checked the DHCP lease table, the IP was actually 192.168.100.71 for the device with the same mac address instead. Any idea, explanation?



View attachment 56654

My router is GT-AX11000 and on firmware: 3004.388.6
Click to expand...

That's very much like the IP address my desktop computer assigns itself when it can't get to DHCP for some reason...here's a low-tech explanation I found on the internet:

askleo.com

Why Can't I Connect with a 169.254 IP Address?

When your computer can't get an IP address any other way, it assigns itself a 169.254 IP address. It's a sure sign of a problem.
askleo.com askleo.com
 
Last edited:
You must log in or register to reply here.

Similar threads

RMerlin
  • Locked
Beta Asuswrt-Merlin 3004.388.6 Beta is now available
12 13 14
Replies
279
Views
36K
RMerlin
RMerlin
RMerlin
  • Locked
Beta Asuswrt-Merlin 3004.388.7 beta is now available
5 6 7
Replies
123
Views
12K
RMerlin
RMerlin
RMerlin
Release Asuswrt-Merlin 386.13 / 386.13_2 is now available for AC models
2 3
Replies
52
Views
9K
bibikalka
B
RMerlin
  • Locked
Release Asuswrt-Merlin 386.12_6 is now available for AC models
7 8 9
Replies
168
Views
15K
RMerlin
RMerlin
RMerlin
  • Locked
Beta Asuswrt-Merlin 386.13 beta is now available for AC models
2
Replies
32
Views
5K
RMerlin
RMerlin
Similar threads
Thread starter Title Forum Replies Date
RMerlin Release Asuswrt-Merlin 3004.388.7 is now available Asuswrt-Merlin 179
RMerlin Beta Asuswrt-Merlin 3004.388.7 beta is now available Asuswrt-Merlin 123
C Asuswrt-Merlin 3004.388.6 Memory Leak Asuswrt-Merlin 13
RMerlin Beta Asuswrt-Merlin 3004.388.6_x test builds (dnsmasq 2.90) Asuswrt-Merlin 102
RMerlin Beta Asuswrt-Merlin 3004.388.6 Beta is now available Asuswrt-Merlin 279
RMerlin Release Asuswrt-Merlin 3004.388.5 is now available Asuswrt-Merlin 260
RMerlin Beta Asuswrt-Merlin 3004.388.5-beta is now available Asuswrt-Merlin 58
A Solved Guest Network "Pro" for Asuswrt-Merlin 3004.388.x NOT SUPPORTED Asuswrt-Merlin 5
B Asuswrt-Merlin 3004.388.4_0 Rt-AX68U Link Aggregation Asuswrt-Merlin 4
RMerlin Release Asuswrt-Merlin 3004.388.4 is now available Asuswrt-Merlin 692

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 767 (members: 26, guests: 741)
Top