Certain WAN Connection Failures...

Discussion in 'Asuswrt-Merlin' started by reb00tz, Oct 21, 2017.

  reb00tz

    reb00tz

    Jan 31, 2013
    Hi everyone,

    I have a problem: curl works just fine on my RT-AC87U, but the same fails on my desktop (NAT behind the RT-AC87U). This is just one of the few IP addresses I have discovered.

    iptables shows no noticeable issues (i.e. DROPs); in fact, I turned off all Asus firewall options for troubleshooting. I even tried logging to no avail (w.r.t. first 2 lines of iptables.txt) - there does not even appear to be any packets hitting the logging rule!

    The funny thing is, it works if I factory reset the router, then restore configuration and reload JFFS... And it persists through several reboots... But some time later, the issue resurfaces.

    If I use OpenVPN and VPN into the box (either from externally or via WiFi) it works? P.S. even when it works through the VPN, neither first two iptables rules capture anything (packet count still zero)!

    I have attached several files:
    iptables.txt - iptables rules
    iptables.nat.txt - NAT iptable rules - WireShark capture from desktop (remove .pdf extension)

    RT-AC87U running Asus-Merlin 380.68_4
    Desktop: wired, running Windows 10 Pro 64-bit Build 1703, no firewall (for testing)

    Can anyone suggest anything else to troubleshoot?


    Attached Files:

  reb00tz

    reb00tz

    Jan 31, 2013
    Any experts, @RMerlin: Any clues on how I could troubleshoot this?
    I have checked: iptables and ebtables... What else am I missing?
  thelonelycoder

    thelonelycoder

    Jan 23, 2014
    Without looking at your attachements, I believe I've found your fundamental problem:
    DO NOT RESTORE from a settings file, that defeats the purpose of a factory reset.
    Always manually configure the router after a factory default reset.

    Do that now and your problems will likely be a thing of the past.
  reb00tz

    reb00tz

    Jan 31, 2013
    Thanks for the reply, @thelonelycoder.

    A 'clean' start was the first thing I tried.

    Anyway, I finally found the cause: when I turn on QoS. Furthermore, I also need to enable 'accelerated processing' at the 'LAN>Switch' settings (CTF), otherwise there's an issue...

    Any ideas on how I could help provide logs for troubleshooting? As mentioned, with QoS on, et. al., no traffic logging shows up, meaning traffic somehow bypasses iptables (if that is even possible)...

