Asuswrt-Merlin 378.50 is out

[Martineau]

@RMerlin
first of all thanks for the great fw .
I wondered whether it would be possible to add a scheduled USB3 HDD spindown to the next update , or is it already possible ..
I meant that the hard drive could spindown at 2200 in the evening and would wake up in the morning 0600.
thanks in advance

Not sure if this will work.....

Include in init-start

/usr/sbin/cru a HDDxDown "0 22 * * * scsi-stop /dev/sdx"
/usr/sbin/cru a HDDxUp   "0 6  * * * scsi-start /dev/sdx"

but clearly the success of this will depend on the firmware ability of the physical /dev/sdx device actually supporting/honouring a spin-down/up command, but you can test this from a SSH/TELNET prompt.

 

[pepemosca]

The "Ping" and another network tools are not working for me either.
Also, from the SSH, I get

admin@RT-AC66R:/tmp# wget http://curl.haxx.se/ca/cacert.pem
wget: bad address 'curl.haxx.se'

admin@RT-AC66R:/tmp# ping www.google.com
ping: bad address 'www.google.com'

And I cannot install "entware-setup.sh".
I get:

wget: bad address 'entware.wl500g.info'
sh: can't open './entware_install.sh'

And the time is not set correctly. I have "December 1".

In the other hand, I do have Internet on my computer. No problem there.

I'm using the router in "Repeater Mode".
I have a RT-AC66R
I did a "Factore Restore" and formatted my jffs.

 

[w3iv1]

scheduled usb3 spindown

Not sure if this will work.....

Include in init-start

/usr/sbin/cru a HDDxDown "0 22 * * * scsi-stop /dev/sdx"
/usr/sbin/cru a HDDxUp   "0 6  * * * scsi-start /dev/sdx"

but clearly the success of this will depend on the firmware ability of the physical /dev/sdx device actually supporting/honouring a spin-down/up command, but you can test this from a SSH/TELNET prompt.

thanks for quick response,i will try it later today.

 

[pepemosca]

Could it be the problem that if I type on SSH:

sudo vi /etc/resolv.conf

Says:

nameserver 127.0.0.1

Considering that I'm in "Repeater Mode"... that's an issue.

So the first solution I came with was to set on http://192.168.1.123/Advanced_LAN_Content.asp
the DNS from Google (or my ISP).

But when I check on http://192.168.1.123/Main_LogStatus_Content.asp
Says:

Feb 14 12:57:36 dnsmasq[541]: using nameserver 8.8.8.8#53
Feb 14 12:57:36 dnsmasq[541]: using nameserver 8.8.8.4#53
Feb 14 12:57:36 dnsmasq[541]: using nameserver 192.168.1.1#53

So... Help? Thanks!

 

[dfran1]

RT-AC87R

Read the System Log for any hint as to what is going on. We'd also need more information such as what type of WAN connection you actually have.

Try changing DHCP mode from "Aggressive" to "Normal" on the WAN page.

I have charter ISP (yah I know they suck, no other option) 30 down and 5 up
a cisco DCP3010 cable modem.

I tried to put that setting on normal and after reboot I still could not get anywhere, that would be about ~6:00 in log that I PM'd you.

I had to go to the WAN and hit apply for it to work.

on another note, my ios device lost WAN before the reboot (and I just put this firmware on last night), it said connected to the wifi but was getting nowhere, that should be in the log.

Thank you for your time and patience, I know stuff is out of your control also.

 

[CiscoX]

I don't get that rule at all when enabling Time Scheduling. Something else in your configuration must be generating these, since they specifically refer to port 80, while parental control is strictly time-based, so the only rules created will refer to the client's MAC.

@RMerlin

Yeah that's strange. But if I remove the two clients I have added in my Parental Control - Time Scheduling then the rules disappear form Port Forwarding.
Then I enable one of the clients and hit Apply, then the rule come back in the Port Forwarding.

If you take a look at the interface demo for AC3200
You can see that the rule is there also and at that demo it's only one client enable at Parental Control - Time Scheduling

http://ec2-54-202-251-7.us-west-2.compute.amazonaws.com:8080/Main_IPTStatus_Content.asp

 

[ndtemple417]

fixed

i too have been expierencing lower speeds on the rt 68u verified it was the router by hooking up just my modem any suggestions

fyi i was able to fix my speed issue by changing the wan setting for dhcp query frequency to normal mode and applying strange

 

[Sohee]

rt-ac87u on 378.50.

nat loopback worked well.

before,

Feb 10 02:00:09 rc_service: rc 1731:notify_rc restart_wrs

, after
nat loopback didn't work.

so i change my firewall setting. and apply.

Feb 15 00:27:39 rc_service: httpd 19893:notify_rc restart_firewall
Feb 15 00:27:39 start_nat_rules: apply the nat_rules(/tmp/nat_rules_vlan2_vlan2)!

,after
nat loopback works well.

sorry for my bad english;;

 

[michap]

NAT loopback problem ?

Just got an AC87U, and updated it to 378.50 (Merlin).

It seems that there is still some NAT-loopback problems in this firmware - as far as I can tell anyway.
During today I have lost access to my security-cameras a couple of times now, when accessing them using my external DDNS-name from within my local area network. Going to the "Virtual server/Port forwarding" screen and pressing "Apply" seems to help (as do a reboot of the router) for a while, but I am still not certain for how long.

During the time when I have no access from within my local area network, I am still able to access the cameras using 4G connection on my phone.

Is this the so-called "NAT-loopback" problem ? Are there any temporary solutions to the problem (that does not affect the speed of the router), until it gets fixed in the firmware ?

Thanks

 

[Avenged]

For the life of me I can't solve my issues. AC66u running 378.50. WiFi keeps cutting out about every 15 minutes. If i turn off and on my router it kicks back on for another 15 minutes or so and I have to repeat the process. I've been searching and trying to fix it with suggestions from other threads, but I'm having no luck. Thanks for any help in advance.

 

[RMerlin]

@RMerlin
i do factory default, setting up only PPPoE. Lan IP is default 192.168.1.1, and after reboot internet not work.

No idea then, sorry. I don't have any other report of PPPoE issues so far.

 

[RMerlin]

The "Ping" and another network tools are not working for me either.
Also, from the SSH, I get

admin@RT-AC66R:/tmp# wget http://curl.haxx.se/ca/cacert.pem
wget: bad address 'curl.haxx.se'

admin@RT-AC66R:/tmp# ping www.google.com
ping: bad address 'www.google.com'

And I cannot install "entware-setup.sh".
I get:

wget: bad address 'entware.wl500g.info'
sh: can't open './entware_install.sh'

And the time is not set correctly. I have "December 1".

In the other hand, I do have Internet on my computer. No problem there.

I'm using the router in "Repeater Mode".
I have a RT-AC66R
I did a "Factore Restore" and formatted my jffs.

When in repeater mode, the router has no direct Internet access. You need to be in router mode for that.

 

[RMerlin]

RT-AC87R


I have charter ISP (yah I know they suck, no other option) 30 down and 5 up
a cisco DCP3010 cable modem.

Charter is already the ISP that forced me to implement the DHCP frequency mode. They have a very aggressive MAC blacklisting policy that's borderline paranoid and silly. If you send too many DHCP requests within a minute, they blacklist your MAC for several minutes, which will prevent you from getting any DHCP lease from them. So with Charter it's important to have the DHCP mode set to "Normal" rather than "Aggressive". Once done, you might want to unplug the WAN cable for a few minutes to allow your MAC to be unblocked at their end.

Make sure as well you don't have anything else that might be requesting a DHCP lease from them (another router, or the modem not being bridged).

 

[RMerlin]

@RMerlin

Yeah that's strange. But if I remove the two clients I have added in my Parental Control - Time Scheduling then the rules disappear form Port Forwarding.
Then I enable one of the clients and hit Apply, then the rule come back in the Port Forwarding.

If you take a look at the interface demo for AC3200
You can see that the rule is there also and at that demo it's only one client enable at Parental Control - Time Scheduling

http://ec2-54-202-251-7.us-west-2.compute.amazonaws.com:8080/Main_IPTStatus_Content.asp

Keep in mind that demo UI is entirely static. So, what you see there is a static page taht was pre-generated.

My only guess is you have another feature configured on your router that relates to that IP. It's not Parental Control's time scheduler since that feature only uses a MAC, not an IP.

 

[RMerlin]

Just got an AC87U, and updated it to 378.50 (Merlin).

It seems that there is still some NAT-loopback problems in this firmware - as far as I can tell anyway.
During today I have lost access to my security-cameras a couple of times now, when accessing them using my external DDNS-name from within my local area network. Going to the "Virtual server/Port forwarding" screen and pressing "Apply" seems to help (as do a reboot of the router) for a while, but I am still not certain for how long.

During the time when I have no access from within my local area network, I am still able to access the cameras using 4G connection on my phone.

Is this the so-called "NAT-loopback" problem ? Are there any temporary solutions to the problem (that does not affect the speed of the router), until it gets fixed in the firmware ?

Thanks

The issue partly lies in the DPI engine, which is closed-source. Nothing that can be done until Asus fully resolves these issues. You can try restarting the firewall like suggested in a previous post, that might help regaining it. Otherwise, make sure that every features related to the DPI engine is disabled. That means disable anything related to AiProtect, AiQoS, and the Traffic Analyzer.

 

[michap]

The issue partly lies in the DPI engine, which is closed-source. Nothing that can be done until Asus fully resolves these issues. You can try restarting the firewall like suggested in a previous post, that might help regaining it. Otherwise, make sure that every features related to the DPI engine is disabled. That means disable anything related to AiProtect, AiQoS, and the Traffic Analyzer.

Thanks... Nice to have confirmation of the issue as a known problem.
I have had none of the mentioned AiProtection, Adaptive QoS enabled. And Traffic Analyzer is not present in the version I am using... Yet still I experienced the problem.

 

[Avenged]

Did you Factory Default your router after upgrade?
You can try also :Turn the router on while pressing the WPS button and keep press the button 10 sec until power led begin to flash, that will clear the Nvram
Reconfig from the beginning

P.S: This trick to erase Nvram work for AC68 , i dont know for AC66

Good luck

Yep. I tried that several times. Tried changing from aggressive to normal. I have it set on channel 6 at 20. Trying unplugging my modem and router for 30 minutes.

 

[CiscoX]

Keep in mind that demo UI is entirely static. So, what you see there is a static page taht was pre-generated.

My only guess is you have another feature configured on your router that relates to that IP. It's not Parental Control's time scheduler since that feature only uses a MAC, not an IP.

@RMerlin

Ok thanks.
But i did you some research and i dig up the nat_rules_eth0_eth0 under the /tmp/ folder.

Do you see something strange here?:

*nat
REROUTING ACCEPT [0:0]
OSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:VSERVER - [0:0]
:LOCALSRV - [0:0]
:VUPNP - [0:0]
NSFILTER - [0:0]
CREDIRECT - [0:0]
-A PREROUTING -d AAA.AAA.AAA.AAA -j VSERVER
-A PREROUTING -i br0 -m mac --mac-source BB:BB:BB:BB:BB:BB -j PCREDIRECT
-A PCREDIRECT -i br0 ! -d 192.168.1.1/255.255.255.0 -p tcp --dport 80 -m mac --mac-source BB:BB:BB:BB:BB:BB -j DNAT --to-destination 192.168.1.1:18099
-A VSERVER -j VUPNP
-A POSTROUTING -o eth0 ! -s AAA.AAA.AAA.AAA -j MASQUERADE
-A POSTROUTING -o br0 -s 192.168.1.0/24 -d 192.168.1.0/24 -j MASQUERADE
COMMIT

The adress AAA.AAA.AAA.AAA is my ISP IP.
The MAC BB:BB:BB:BB:BB:BB is the client i added in Parental Controls - AiProtection - Time Scheduling

And when i remove the client from Parental Controls
the nat_rules_eth0_eth0 file look like this

*nat
REROUTING ACCEPT [0:0]
OSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:VSERVER - [0:0]
:LOCALSRV - [0:0]
:VUPNP - [0:0]
NSFILTER - [0:0]
CREDIRECT - [0:0]
-A PREROUTING -d AAA.AAA.AAA.AAA -j VSERVER
-A VSERVER -j VUPNP
-A POSTROUTING -o eth0 ! -s AAA.AAA.AAA.AAA -j MASQUERADE
-A POSTROUTING -o br0 -s 192.168.1.0/24 -d 192.168.1.0/24 -j MASQUERADE
COMMIT

 

[vdemarco]

For the life of me I can't solve my issues. AC66u running 378.50. WiFi keeps cutting out about every 15 minutes. If i turn off and on my router it kicks back on for another 15 minutes or so and I have to repeat the process. I've been searching and trying to fix it with suggestions from other threads, but I'm having no luck. Thanks for any help in advance.

Works great on my AC66u. Did you do a reset and reconfigure the router??
(Reconfigure from scratch or use the save setting script that somebody posted here)

 

[john9527]

@RMerlin

Ok thanks.
But i did you some research and i dig up the nat_rules_eth0_eth0 under the /tmp/ folder.

Do you see something strange here?:
The adress AAA.AAA.AAA.AAA is my ISP IP.
The MAC BB:BB:BB:BB:BB:BB is the client i added in Parental Controls - AiProtection - Time Scheduling

And when i remove the client from Parental Controls
the nat_rules_eth0_eth0 file look like this

I took a peek at the code and those rules are being set by Parental Controls, one per client that you add (the rules in the forward list are actually different, you just can't see the detail in that view).

Here's the comment that goes with setting that rule....

// MAC address in list and not in time period -> Redirect to blocking page.

It looks like the rule should be removed when the client is in the time period that access is allowed.