Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

Certain WAN Connection Failures...

Discussion in 'Asuswrt-Merlin' started by reb00tz, Oct 21, 2017.

  1. reb00tz

    reb00tz New Around Here

    Joined:
    Jan 31, 2013
    Messages:
    5
    Hi everyone,

    I have a problem: curl 52.76.235.20 works just fine on my RT-AC87U, but the same fails on my desktop (NAT behind the RT-AC87U). This is just one of the few IP addresses I have discovered.

    iptables shows no noticeable issues (i.e. DROPs); in fact, I turned off all Asus firewall options for troubleshooting. I even tried logging to no avail (w.r.t. first 2 lines of iptables.txt) - there does not even appear to be any packets hitting the logging rule!

    The funny thing is, it works if I factory reset the router, then restore configuration and reload JFFS... And it persists through several reboots... But some time later, the issue resurfaces.

    If I use OpenVPN and VPN into the box (either from externally or via WiFi) it works? P.S. even when it works through the VPN, neither first two iptables rules capture anything (packet count still zero)!

    I have attached several files:
    iptables.txt - iptables rules
    iptables.nat.txt - NAT iptable rules
    52.76.235.20.pcap - WireShark capture from desktop (remove .pdf extension)

    Details:
    RT-AC87U running Asus-Merlin 380.68_4
    Desktop: wired, running Windows 10 Pro 64-bit Build 1703, no firewall (for testing)

    Can anyone suggest anything else to troubleshoot?

    Thanks!
     

    Attached Files:

  2. reb00tz

    reb00tz New Around Here

    Joined:
    Jan 31, 2013
    Messages:
    5
    Any experts, @RMerlin: Any clues on how I could troubleshoot this?
    I have checked: iptables and ebtables... What else am I missing?
     
  3. thelonelycoder

    thelonelycoder Part of the Furniture

    Joined:
    Jan 23, 2014
    Messages:
    3,368
    Location:
    Switzerland
    Without looking at your attachements, I believe I've found your fundamental problem:
    DO NOT RESTORE from a settings file, that defeats the purpose of a factory reset.
    Always manually configure the router after a factory default reset.

    Do that now and your problems will likely be a thing of the past.
     
  4. reb00tz

    reb00tz New Around Here

    Joined:
    Jan 31, 2013
    Messages:
    5
    Thanks for the reply, @thelonelycoder.

    A 'clean' start was the first thing I tried.

    Anyway, I finally found the cause: when I turn on QoS. Furthermore, I also need to enable 'accelerated processing' at the 'LAN>Switch' settings (CTF), otherwise there's an issue...

    Any ideas on how I could help provide logs for troubleshooting? As mentioned, with QoS on, et. al., no traffic logging shows up, meaning traffic somehow bypasses iptables (if that is even possible)...
     

Share This Page