1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

Logging bug in RT-AC68U new firmware

Discussion in 'ASUSWRT - Official' started by H.Z., Nov 15, 2019.

Tags:
  1. H.Z.

    H.Z. Occasional Visitor

    Joined:
    Oct 26, 2017
    Messages:
    30
    Hm... it is a little bit complicated...
    I use the factory fw 3.0.0.4.384_45149 and I can't upgrade it, because of the bug in the logging rules.
    There are more subnets on my LAN (devices connected physically, wireless devices, docker containers/virtual machines).
    I need to log both accepted and dropped packets on the router. (Firewall - Logged packets type: Both)
    It works perfectly (so so) on this fw, but not on the later ones. :(
    Newer versions are logs not only packets from WAN interfaces (eth0, ppp0), but all local traffic between subnets which are out of the router's own subnet.
    So... when I try to communicate between a wireless device and a virtual machine this logging slows down the router.
    My setup (nearly)
    Router 172.25.1.1/24
    Server (host for VMs) 172.25.1.3/24
    Syslog server 192.168.1.2/24 (it is a virtual machine on the Server)
    Laptop: 172.25.10.1/24

    I'm using sshfs/NFS to access syslog server's directories from my laptop. With the currently used fw version it works fine. But every newer fw logs packets between the laptop and the syslog server and it slows down the router and the communication between these clients. (especially, if I try to read the router's kernel log on the syslog server)
    Is it possible to repair this to log only the packets which are really coming from outside?

    As far as I can remember, Merlin's fw contains this problem too, so I can't change to that.

    (the same: https://www.snbforums.com/threads/drastically-reduced-performance-with-newest-fw.56273/ - I've forgot it... :( )
     
  2. H.Z.

    H.Z. Occasional Visitor

    Joined:
    Oct 26, 2017
    Messages:
    30
    Now I've found an interesting thing: the logging of br0 interface's traffic is enabled in the earlier versions of the stock fw too, but there is an exception for routes which was set up manually.
    I set a route for 192.168.1.0/24, the default gw is 172.25.1.3
    The output of iptables-save contains a line "iptables -A FORWARD -s 172.25.0.0/16 -d 192.168.1.0/24 -j ACCEPT" BEFORE "iptables -A FORWARD -i br0 -o br0 -j logaccept".
    In Merlin's and the newer factory fw this line is placed AFTER the above command, and this causes unnecessary entries in the log.
    Where can I ask to correct this (if it is possible)?
     
  3. dosborne

    dosborne Senior Member

    Joined:
    May 11, 2019
    Messages:
    316
    Location:
    /dev/null
    For ASUS firmware changes, you need to contact ASUS. This is not the right place :)

    For rmerlin firmware you can got to the correct subforum and make a request.

    This sounds like something that could be "fixed" running a script at boot time (Merlin firmware required). If that sounds like an option for you, I'm pretty someone in the Merlin subforum can help you out.