Good day everyone,
This is my first post here and before getting into why I am here I would first like to thank RMerlin for his hard work. I have been using his firmware for quite some time and I’m sure it has saved me many headaches.
I have resolved most of my issues in the past and learned how to do things from just browsing this forum. Although this time I think the best thing to do is ask for help on this one. I am only a novice and rely on posts and guides put up by you dedicated people to help me accomplish and setup features on these routers.
First I will describe my current setup and hardware. My ISP is Bell and I have a Bell Home Hub 3000 which is configured for advanced DMZ. I have an Asus RT-AC5300 connected to this which I use as my default router. Everything was working fine with no issues until upgrading the firmware to 384.4_2.
I upgraded 380.69_2 to 384.4_2 on my Asus RT-AC5300. A factory reset was completed prior to upgrading to the new firmware and also cleared browser cache after, as stated in Asuswrt- Merlin 384 Changelog. Once complete I continued to setup to my desired needs. After rebooting I lost my connection to the internet and could not re-establish.
It took me quite some time to find out what was causing the issue. First I suspected the Bell Home Hub 3000 as I have had issues with it in the past and the firmware is quite buggy. Although this was not the issue and I decided to factory default the Asus again and sure enough I got my internet connect back instantly. I continued to configure again thinking maybe there was just some minor issue during the previous setup that I had missed or some glitch possibly. After inputting my settings again and rebooting I had the exact same issue (No Internet Connection with yellow triangle). I then decided to back up and remove some settings and that’s when I found the issue. It appears the user scripts I have been using previously to configure ports for my VPN connection was causing me to lose my connection. I removed both scripts and rebooted and all was good. I added them again and rebooted and my connection was lost again.
I eliminated one script (openvpn-event) which I use to bypass certain ports from going through my VPN and this script works just fine when I reboot but the other script (nat-start) which is used to forward ports for my VPN was the culprit. Although once the router was rebooted I could manually enter the commands from this script and my ports are confirmed open and I still have my internet connection.
My user scripts (Thanks to all who helped with this code on this forum)
nat-start script
openvpn-event script
Would anyone here have any idea as to why this script (nat-start) currently does not work after upgrading to the new firmware? If pointed in the right direction i can provide logs if needed or any other information required. Also, if anyone knows a better way to accomplish what the scripts above provide i would be interested in hearing how to do this.
Thanks in advance
This is my first post here and before getting into why I am here I would first like to thank RMerlin for his hard work. I have been using his firmware for quite some time and I’m sure it has saved me many headaches.
I have resolved most of my issues in the past and learned how to do things from just browsing this forum. Although this time I think the best thing to do is ask for help on this one. I am only a novice and rely on posts and guides put up by you dedicated people to help me accomplish and setup features on these routers.
First I will describe my current setup and hardware. My ISP is Bell and I have a Bell Home Hub 3000 which is configured for advanced DMZ. I have an Asus RT-AC5300 connected to this which I use as my default router. Everything was working fine with no issues until upgrading the firmware to 384.4_2.
I upgraded 380.69_2 to 384.4_2 on my Asus RT-AC5300. A factory reset was completed prior to upgrading to the new firmware and also cleared browser cache after, as stated in Asuswrt- Merlin 384 Changelog. Once complete I continued to setup to my desired needs. After rebooting I lost my connection to the internet and could not re-establish.
It took me quite some time to find out what was causing the issue. First I suspected the Bell Home Hub 3000 as I have had issues with it in the past and the firmware is quite buggy. Although this was not the issue and I decided to factory default the Asus again and sure enough I got my internet connect back instantly. I continued to configure again thinking maybe there was just some minor issue during the previous setup that I had missed or some glitch possibly. After inputting my settings again and rebooting I had the exact same issue (No Internet Connection with yellow triangle). I then decided to back up and remove some settings and that’s when I found the issue. It appears the user scripts I have been using previously to configure ports for my VPN connection was causing me to lose my connection. I removed both scripts and rebooted and all was good. I added them again and rebooted and my connection was lost again.
I eliminated one script (openvpn-event) which I use to bypass certain ports from going through my VPN and this script works just fine when I reboot but the other script (nat-start) which is used to forward ports for my VPN was the culprit. Although once the router was rebooted I could manually enter the commands from this script and my ports are confirmed open and I still have my internet connection.
My user scripts (Thanks to all who helped with this code on this forum)
nat-start script
Code:
#!/bin/sh
iptables -I FORWARD -i br0 -o tun11 -j ACCEPT
iptables -I FORWARD -i tun11 -o br0 -j ACCEPT
iptables -I FORWARD -i br0 -o vlan1 -j DROP
iptables -I INPUT -i tun11 -j REJECT
iptables -t nat -A POSTROUTING -o tun11 -j MASQUERADE
iptables -I FORWARD -i tun11 -p udp -d 192.168.1.100 --dport 41175 -j ACCEPT
iptables -I FORWARD -i tun11 -p tcp -d 192.168.1.100 --dport 41175 -j ACCEPT
iptables -t nat -I PREROUTING -i tun11 -p tcp --dport 41175 -j DNAT --to-destination 192.168.1.100
iptables -t nat -I PREROUTING -i tun11 -p udp --dport 41175 -j DNAT --to-destination 192.168.1.100
iptables -I FORWARD -i tun11 -p udp -d 192.168.1.150 --dport 41176 -j ACCEPT
iptables -I FORWARD -i tun11 -p tcp -d 192.168.1.150 --dport 41176 -j ACCEPT
iptables -t nat -I PREROUTING -i tun11 -p tcp --dport 41176 -j DNAT --to-destination 192.168.1.150
iptables -t nat -I PREROUTING -i tun11 -p udp --dport 41176 -j DNAT --to-destination 192.168.1.150
openvpn-event script
Code:
sleep 10
for i in /proc/sys/net/ipv4/conf/*/rp_filter ; do
echo 0 > $i
done
#
# Delete table 100 and flush any existing rules if they exist.
#
ip route flush table 100
#ip route del default table 100
#ip rule del fwmark 1 table 100
ip route flush cache
iptables -t mangle -F PREROUTING
#
# Copy all non-default and non-VPN related routes from the main table into table 100.
# Then configure table 100 to route all traffic out the WAN gateway and assign it mark "1"
#
# NOTE: Here I assume the OpenVPN tunnel is named "tun11".
#
#
ip route show table main | grep -Ev ^default | grep -Ev tun11 \
| while read ROUTE ; do
ip route add table 100 $ROUTE
done
ip route add default table 100 via $(nvram get wan_gateway)
ip rule add fwmark 1 table 100
ip route flush cache
#
# Define the routing policies for the traffic. The rules will be applied in the order that they
# are listed. In the end, packets with MARK set to "0" will pass through the VPN. If MARK is set
# to "1" it will bypass the VPN.
#
# Bypass VPN
iptables -t mangle -A PREROUTING -i br0 -p tcp --sport 80 --match iprange --src-range 192.168.1.100 -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -i br0 -p udp --sport 80 --match iprange --src-range 192.168.1.100 -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -i br0 -p tcp --sport 41000 --match iprange --src-range 192.168.1.100 -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -i br0 -p udp --sport 41000 --match iprange --src-range 192.168.1.100 -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -i br0 -p tcp --sport 8081 --match iprange --src-range 192.168.1.150 -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -i br0 -p tcp --sport 8112 --match iprange --src-range 192.168.1.150 -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -i br0 -p tcp --sport 51000 --match iprange --src-range 192.168.1.150 -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -i br0 -p udp --sport 51000 --match iprange --src-range 192.168.1.150 -j MARK --set-mark 1
Would anyone here have any idea as to why this script (nat-start) currently does not work after upgrading to the new firmware? If pointed in the right direction i can provide logs if needed or any other information required. Also, if anyone knows a better way to accomplish what the scripts above provide i would be interested in hearing how to do this.
Thanks in advance