rt-n66u problems with ATT uverse

[paranoidpanda]

At the beginning of last week I suddenly started having trouble keeping an internet connection with my rt-n66u. I have ATT uverse internet, so I have to use their gateway, but I'd rather have more control over network and faster wireless speeds, so I've had th asus router on a DMZ from the att router. Last week it started loosing the dmz ip lease after 10 minutes and never getting it back until a reboot of the asus which gave me another 10 minutes. What is going on here?

Here is my log, (note: I turned on the logging of rejected packets)

Jan  1 00:00:07 syslogd started: BusyBox v1.17.4
Jan  1 00:00:07 kernel: klogd started: BusyBox v1.17.4 (2014-02-12 19:05:29 CST)
Jan  1 00:00:07 kernel: start_kernel
Jan  1 00:00:07 kernel: Linux version 2.6.22.19 (root@asus) (gcc version 4.2.3) #1 Wed Feb 12 19:08:28 CST 2014
Jan  1 00:00:07 kernel: CPU revision is: 00019749
Jan  1 00:00:07 kernel: Determined physical RAM map:
Jan  1 00:00:07 kernel:  memory: 07fff000 @ 00000000 (usable)
Jan  1 00:00:07 kernel:  memory: 08000000 @ 87fff000 (usable)
Jan  1 00:00:07 kernel: Built 1 zonelists.  Total pages: 585216
Jan  1 00:00:07 kernel: Kernel command line: root=/dev/mtdblock2 noinitrd console=ttyS0,115200
Jan  1 00:00:07 kernel: Primary instruction cache 32kB, physically tagged, 4-way, linesize 32 bytes.
Jan  1 00:00:07 kernel: Primary data cache 32kB, 4-way, linesize 32 bytes.
Jan  1 00:00:07 syslog: module ledtrig-usbdev not found in modules.dep
Jan  1 00:00:07 syslog: module leds-usb not found in modules.dep
Jan  1 00:00:07 kernel: PID hash table entries: 2048 (order: 11, 8192 bytes)
Jan  1 00:00:07 kernel: CPU: BCM5300 rev 1 pkg 0 at 600 MHz
Jan  1 00:00:07 kernel: Using 300.000 MHz high precision timer.
Jan  1 00:00:07 kernel: Dentry cache hash table entries: 65536 (order: 6, 262144 bytes)
Jan  1 00:00:07 kernel: Inode-cache hash table entries: 32768 (order: 5, 131072 bytes)
Jan  1 00:00:07 kernel: Mount-cache hash table entries: 512
Jan  1 00:00:07 kernel: PCI: Initializing host
Jan  1 00:00:07 kernel: PCI: Reset RC
Jan  1 00:00:07 kernel: PCI: Initializing host
Jan  1 00:00:07 kernel: PCI: Reset RC
Jan  1 00:00:07 kernel: PCI: Fixing up bus 0
Jan  1 00:00:07 kernel: PCI/PCIe coreunit 0 is set to bus 1.
Jan  1 00:00:07 kernel: PCI: Fixing up bridge
Jan  1 00:00:07 kernel: PCI: Fixing up bridge
Jan  1 00:00:07 kernel: PCI: Enabling device 0000:01:00.1 (0004 -> 0006)
Jan  1 00:00:07 kernel: PCI: Fixing up bus 1
Jan  1 00:00:07 kernel: PCI/PCIe coreunit 1 is set to bus 2.
Jan  1 00:00:07 kernel: PCI: Fixing up bridge
Jan  1 00:00:07 kernel: PCI: Fixing up bridge
Jan  1 00:00:07 kernel: PCI: Enabling device 0000:02:00.1 (0004 -> 0006)
Jan  1 00:00:07 kernel: PCI: Fixing up bus 2
Jan  1 00:00:07 kernel: IP route cache hash table entries: 4096 (order: 2, 16384 bytes)
Jan  1 00:00:07 kernel: TCP established hash table entries: 16384 (order: 5, 131072 bytes)
Jan  1 00:00:07 kernel: TCP bind hash table entries: 16384 (order: 4, 65536 bytes)
Jan  1 00:00:07 kernel: highmem bounce pool size: 64 pages
Jan  1 00:00:07 kernel:  Amd/Fujitsu Extended Query Table at 0x0040
Jan  1 00:00:07 kernel: Physically mapped flash: CFI does not contain boot bank location. Assuming top.
Jan  1 00:00:07 kernel: number of CFI chips: 1
Jan  1 00:00:07 kernel: cfi_cmdset_0002: Disabling erase-suspend-program due to code brokenness.
Jan  1 00:00:07 kernel: Flash device: 0x2000000 at 0x1c000000
Jan  1 00:00:07 kernel: Creating 5 MTD partitions on "Physically mapped flash":
Jan  1 00:00:07 kernel: 0x00000000-0x00040000 : "pmon"
Jan  1 00:00:07 kernel: 0x00040000-0x01fe0000 : "linux"
Jan  1 00:00:07 kernel: 0x0016dae4-0x01940000 : "rootfs"
Jan  1 00:00:07 kernel: 0x01fe0000-0x02000000 : "nvram"
Jan  1 00:00:07 kernel: 0x01ee0000-0x01fe0000 : "jffs2"
Jan  1 00:00:07 kernel: Found an  serial flash with 0 0KB blocks; total size 0MB
Jan  1 00:00:07 kernel: sflash: found no supported devices
Jan  1 00:00:07 kernel: dev_nvram_init: _nvram_init
Jan  1 00:00:07 kernel: u32 classifier
Jan  1 00:00:07 kernel:     OLD policer on 
Jan  1 00:00:08 kernel: Netfilter messages via NETLINK v0.30.
Jan  1 00:00:08 kernel: nf_conntrack version 0.5.0 (2048 buckets, 16384 max)
Jan  1 00:00:08 kernel: ipt_time loading
Jan  1 00:00:08 kernel: ip_tables: (C) 2000-2006 Netfilter Core Team
Jan  1 00:00:08 kernel: net/ipv4/netfilter/tomato_ct.c [Feb 12 2014 19:07:51]
Jan  1 00:00:08 kernel: ip6_tables: (C) 2000-2006 Netfilter Core Team
Jan  1 00:00:08 kernel: VFS: Mounted root (squashfs filesystem) readonly.
Jan  1 00:00:08 kernel: Warning: unable to open an initial console.
Jan  1 00:00:08 kernel: ctf: module license 'Proprietary' taints kernel.
Jan  1 00:00:08 kernel: et_module_init: passivemode set to 0x0
Jan  1 00:00:08 kernel: et_module_init: et_txq_thresh set to 0x400
Jan  1 00:00:08 kernel: bcm_robo_enable_switch: EEE is disabled
Jan  1 00:00:08 kernel: eth0: Broadcom BCM47XX 10/100/1000 Mbps Ethernet Controller 6.30.163.2002 (r382208)
Jan  1 00:00:08 kernel: wl_module_init: passivemode set to 0x0
Jan  1 00:00:08 kernel: PCI: Enabling device 0000:01:01.0 (0000 -> 0002)
Jan  1 00:00:08 kernel: eth1: Broadcom BCM4331 802.11 Wireless Controller 6.30.163.2002 (r382208)
Jan  1 00:00:08 kernel: PCI: Enabling device 0000:02:01.0 (0000 -> 0002)
Jan  1 00:00:08 kernel: eth2: Broadcom BCM4331 802.11 Wireless Controller 6.30.163.2002 (r382208)
Jan  1 00:00:08 kernel: Algorithmics/MIPS FPU Emulator v1.5
Jan  1 00:00:08 kernel: SCSI subsystem initialized
Jan  1 00:00:08 kernel: ufsd: driver (8.6 U86_r187446_b122, LBD=ON, acl, ioctl, rwm, ws, sd) loaded at c0287000
Jan  1 00:00:08 kernel: NTFS (with native replay) support included
Jan  1 00:00:08 kernel: optimized: speed
Jan  1 00:00:08 kernel: Build_for__asus_n66u_2011-10-27_U86_r187446_b122
Jan  1 00:00:09 stop_nat_rules: apply the redirect_rules!
Jan  1 00:00:09 WAN Connection: ISP's DHCP did not function properly.
Jan  1 00:00:09 RT-N66U: start httpd
Jan  1 00:00:10 syslog: Generating SSL certificate...
Jan  1 00:00:10 kernel: scsi 0:0:0:0: Direct-Access     Multi    Flash Reader     1.00 PQ: 0 ANSI: 0
Jan  1 00:00:10 kernel: sd 0:0:0:0: [sda] Attached SCSI removable disk
Jan  1 00:00:10 kernel: sd 0:0:0:0: Attached scsi generic sg0 type 0
Jan  1 00:00:14 disk monitor: be idle
Jan  1 00:00:14 kernel: Attempt to kill tasklet from interrupt
Jan  1 00:00:15 start_nat_rules: apply the nat_rules(/tmp/nat_rules_eth0_eth0)!
Jan  1 00:00:15 kernel: nf_conntrack_rtsp v0.6.21 loading
Jan  1 00:00:15 kernel: nf_nat_rtsp v0.6.21 loading
Jan  1 00:00:15 rc_service: udhcpc 373:notify_rc stop_upnp
Jan  1 00:00:15 rc_service: udhcpc 373:notify_rc start_upnp
Jan  1 00:00:16 rc_service: udhcpc 373:notify_rc stop_ntpc
Jan  1 00:00:16 rc_service: udhcpc 373:notify_rc start_ntpc
Jan  1 00:00:16 rc_service: waitting "stop_ntpc" via udhcpc ...
Jan  1 00:00:19 WAN Connection: WAN was restored.
Jan  1 00:00:27 dhcp client: bound 99.59.40.55 via 99.59.40.1 during 600 seconds.
Jan  1 00:00:45 kernel: DROP  <4>DROP IN=eth0 OUT= MAC=01:00:5e:00:00:01:74:9d:dc:dd:45:59:08:00 <1>SRC=192.168.1.254 DST=224.0.0.1 <1>LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=23570 OPT (94040000) PROTO=2 
Jan  1 00:01:33 kernel: DROP  <4>DROP IN=eth0 OUT= MAC=60:a4:4c:27:06:04:74:9d:dc:dd:45:59:08:00 <1>SRC=17.158.52.69 DST=99.59.40.55 <1>LEN=1059 TOS=0x00 PREC=0x00 TTL=241 ID=14978 DF PROTO=TCP <1>SPT=443 DPT=52428 SEQ=1085093407 ACK=3344706852 WINDOW=65535 RES=0x00 ACK PSH URGP=0 
Jan  1 00:02:37 kernel: DROP  <4>DROP IN=eth0 OUT= MAC=60:a4:4c:27:06:04:74:9d:dc:dd:45:59:08:00 <1>SRC=17.158.52.69 DST=99.59.40.55 <1>LEN=1059 TOS=0x00 PREC=0x00 TTL=241 ID=14978 DF PROTO=TCP <1>SPT=443 DPT=52428 SEQ=1085093407 ACK=3344706852 WINDOW=65535 RES=0x00 ACK PSH URGP=0 
Jan  1 00:02:50 kernel: DROP  <4>DROP IN=eth0 OUT= MAC=01:00:5e:00:00:01:74:9d:dc:dd:45:59:08:00 <1>SRC=192.168.1.254 DST=224.0.0.1 <1>LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=3138 OPT (94040000) PROTO=2 
Jan  1 00:04:55 kernel: DROP  <4>DROP IN=eth0 OUT= MAC=01:00:5e:00:00:01:74:9d:dc:dd:45:59:08:00 <1>SRC=192.168.1.254 DST=224.0.0.1 <1>LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=9530 OPT (94040000) PROTO=2 
Jan  1 00:07:00 kernel: DROP  <4>DROP IN=eth0 OUT= MAC=01:00:5e:00:00:01:74:9d:dc:dd:45:59:08:00 <1>SRC=192.168.1.254 DST=224.0.0.1 <1>LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=42746 OPT (94040000) PROTO=2 
Jan  1 00:09:05 kernel: DROP  <4>DROP IN=eth0 OUT= MAC=01:00:5e:00:00:01:74:9d:dc:dd:45:59:08:00 <1>SRC=192.168.1.254 DST=224.0.0.1 <1>LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=37250 OPT (94040000) PROTO=2 
Jan  1 00:10:24 WAN Connection: ISP's DHCP did not function properly.
Jan  1 00:10:24 stop_nat_rules: apply the redirect_rules!

 

[jlake]

There's a lot of info on google about default lease time of 10 minutes of Att gateways. And info as to why firewall blocks. And a workaround.

Or maybe don't use DMZ. I have Att DSL gateway that allows me to change default DMZ lease time. Not sure if any uverse gateways allow that. I guess you could switch to cable and be done with it or put uverse gateway in to bridge mode.. There's always AP mode on asus.

Edit: if you find Att gateway that allows you to change DMZ lease time, then you can do scheduled reboot in middle of night

http://forums.smallnetbuilder.com/showthread.php?t=14662

 

[paranoidpanda]

No, the uverse gateway does not let me adjust the lease time unfortunately.

I don't like managing my network from the uverse gateway, so using AP mode would defeat that purpose of my asus.

I'm well aware of the 10 minute lease issue, but this firmware is supposed to have that covered. I even dumped the iptables and saw the entry for the 67 68 port mess that att does.

If I don't use DMZ, then every time I want to open a port, I have to open it in two places. Plus, then you have router behind router, and that leads to other issues occasionally I'd like to avoid.

Changing over to cable isn't really an option, in my area, it would cost an additional $300 a year to go with cable internet for my needs.

 

[jlake]

No, the uverse gateway does not let me adjust the lease time unfortunately.

I don't like managing my network from the uverse gateway, so using AP mode would defeat that purpose of my asus.

I'm well aware of the 10 minute lease issue, but this firmware is supposed to have that covered. I even dumped the iptables and saw the entry for the 67 68 port mess that att does.

If I don't use DMZ, then every time I want to open a port, I have to open it in two places. Plus, then you have router behind router, and that leads to other issues occasionally I'd like to avoid.

Changing over to cable isn't really an option, in my area, it would cost an additional $300 a year to go with cable internet for my needs.

I don't know then. The only workaround is what I've seen people use in past. Maybe things have changed. Maybe someone with uverse will see your post.

I've never used the change described in link below on DD-WRT (or Merlin) firmware because I never had to since I can change 10 minute lease time. Definitely unfortunate that Att does not allow you to do that on your uverse gateway.

http://www.seanhsmith.com/2010/12/02/att-u-verse-2wire-router-and-wrt54gl-with-dd-wrt-problems/

 

[jlake]

And if you use Merlin firmware, he has IPv6 firewall, so not sure what will happen to your ipv6 connection (if you use ipv6) when lease expires after 10 minutes.