What's new

[R7800] warnings with iptables

HELLO_wORLD

Senior Member
Hello to all,

Several R7800 users (maybe other models too) noticed some warnings when restarting the firewall.
It does not seem to affect the router functionality, but since a good chunk of people here, are working to make this router better, it would be nice to go to the bottom of these warnings and be able to fix it (in @Voxel firmwares or with a fix script...) to do better than NG.

So don’t panic, it is not critical.

It seems to happen only with some set of settings (and we suspect on all firmwares), but we need more data to pin down the origin (DLNA, Kwilt, EasyCloud, something else...)

I have all of that turned off, and I don’t have the problem.

The problem is identifiable using telnet or ssh with the command net-wall restart
And a result like this (multiple lines):
Code:
iptables: No chain/target/match by that name.
iptables: Bad rule (does a matching rule exist in that chain?).
It is mentioned in some other threads:
https://www.snbforums.com/threads/r...based-firewall-addon.63241/page-3#post-577276
https://www.snbforums.com/threads/doubts-about-r7800-firmware-ipv6-support.55215/#post-468417

The idea would be for the persons willing to participate to mention your router, your firmware (NG, @Voxel and version), and the output of the command net-wall restart
and any noticeable setting (EasyShare, Media Server on or off, EasyCloud on or off, Kwilt on or off...).
 

HELLO_wORLD

Senior Member
I will give the example:
  • Hardware Version R7800
  • Firmware Version V1.0.2.76.1SF
  • GUI Language Version V1.0.0.361
  • Operation Mode Router
  • DHCP Server On
  • ReadyShare Basic
  • MediaServer(DLNA) Disabled
  • kwilt Disabled
  • DHCP Server Disabled
  • UPnP Off
  • Traffic Meter Disabled
  • Router Analytics Data Collection(AWS) Disabled
And my output:
Code:
[email protected]:~$ net-wall restart
Starting Firewall...
Done!
 

nanocore

New Around Here
After change these settings warnings are gone for me, maybe can help others too


Code:
nvram set transmission_disable=1
nvram commit
nvram set nokwilt=1
nvram commit

net-wall restart    to check if you still get warnings
 
Last edited:

HELLO_wORLD

Senior Member
Thank you.

It seems that it it either transmission (mine is disabled too) or kwilt.
@R. Gerrits , do you have transmission or kwilt enabled?

After change these settings warnings are gone for me, maybe can help others too


Code:
nvram set transmission_disable=1
nvram commit
nvram set nokwilt=1
nvram commit

net-wall restart    to check if you still get warnings
 

R. Gerrits

Senior Member
  • Hardware Version = R7800
  • Firmware Version = V1.0.2.76.1SF
  • GUI Language Version = V1.0.0.361
  • Operation Mode = Router
  • DHCP Server = Enabled
  • Traffic Meter = Disabled
  • UPNP = Disabled
  • readycloud_enable=0
  • readycloud_use_lantry=1
  • readycloud_use_xcloud=1
  • nokwilt=1
  • transmission_disable=1
  • upnp_enableMedia=0
  • upnp_enable=0
  • upnp_enable_upnp=0
  • upnp_enable_tivo=yes (not something I set myself, need to see what this does)
  • upnp_enable_autoScan=0
So no for me it is not caused by Transmission or kwilt, as I completely removed those ages ago.

I'll try flashing Stock firmware with the Entware USB removed, and do a factory default.
I exported all nvram settings, so I can compare them with Stock
 

R. Gerrits

Senior Member
update:

restored stock -> issue still there
reset to factory defaults -> issue gone
flashed Voxel -> issue still gone
reconfigured most of the settings (except for entware) -> issue still gone

I did still had that unwanted rule for port 42443 in my iptables -L.
But now GUI again has "Media Server" in the ReadySHARE section.
I disabled Media Server in the "Media Server" and now the port 42443 is gone.
(which is strange, because in the old situation I also had nvram setting upnp_enableMedia=0 so if net-wall is using that parameter to determine whether or not to open 42443, then those rules shouldn't have been there.).

next steps will be re-enabling Entware in the same way I did before.
(set various nvram settings to disable cloud stuff, remove /opt & /hipplay, recreate /opt and mount --bind optware on /opt)
 

R. Gerrits

Senior Member
update:
Also re-enabled Entware and re-installed Kamoj add-on V5.
Still the issue is gone.

Only thing I can now still do is compare the nvram settings from before and after, and see if there is a difference that might have caused the issue.
 

HELLO_wORLD

Senior Member
Sometimes, nothing like a fresh clean install...
Clearly, you had nvram settings and/or rc/init setups that were messy.
Comparing nvram setups will be helpful.

The nvram-utils script I made could be evolved one day to restore settings we want to keep, not the usual way, but one by one « nvram set... ». That would allow to avoid this kind of problem, and also restore after firmware update requesting factory settings very quickly.

Very easy on the paper, but time consuming to realize...

update:
Also re-enabled Entware and re-installed Kamoj add-on V5.
Still the issue is gone.

Only thing I can now still do is compare the nvram settings from before and after, and see if there is a difference that might have caused the issue.
 

R. Gerrits

Senior Member
The nvram-utils script I made could be evolved one day to restore settings we want to keep, not the usual way, but one by one « nvram set... ». That would allow to avoid this kind of problem, and also restore after firmware update requesting factory settings very quickly.

Very easy on the paper, but time consuming to realize...
Indeed, I'm was already partially using this approach:
Putting in several pieces of the configuration by doing an nvram set for all the reservation#, forwarding# and device_list# that I had exported to an excel-sheet.

And in hindsight, I think I could have also done the same for dhcp_start, dhcp_end, sysDNS* and upnp_enable* settings.
But when it comes to the WLAN settings (wl_* and wla_*) then it becomes already way more complex to determine which of those you want to have restored after a factory reset.
And also OpenVPN server was something I did enable via the GUI.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top