1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

No port forwarding with Asus RT-N16 and Toastman Tomato!

Discussion in 'Tomato Firmware' started by Rick Houghton, Jan 31, 2013.

  1. Rick Houghton

    Rick Houghton Serious Server Member

    Hey:
    Long time lurker, first time poster having some trouble with Port Forwarding on the Asus RT-N16. I am using tomato-K26USB-1.28.7501.2MIPSR2Toastman-RT-VPN firmware and have installed per instructions and everything works except for port forwarding! All rules are in place but they have no effect. GRC shows all ports are blocked. When I re-connect the old router (Linksys WRT54G/GS/GL) which has Tomato Firmware v1.28.1816 on it, all port forwarding is restored to normal (i.e working) and GRC shows forwarded ports open again. I have tried with 2 different branches of the Toastman FW (same release) and I get the same results.

    I have seen a couple of other posts here about Asus routers with similar problems but no resolutions. Is this a bug in Toastman or is it Tomato? I really wanted to use this for the excellent QOS capabilities but with no port forwarding it is a no go. Can anybody please point me to an alternate build where the port forwarding works?
     
  2. Toastman

    Toastman Super Moderator Staff Member Member

    I'm mystified, because I use RT-N16's and port forward to all the AP's for remote diagnostic purposes. It has never ceased to work in any build.

    Call a priest?
     
  3. Rick Houghton

    Rick Houghton Serious Server Member

    Can you suggest another build to try?
     
  4. Rick Houghton

    Rick Houghton Serious Server Member

    Here is the screenshot of the Port Forwarding screen:
    [​IMG]

    And here is the output of iptables:

    Code:
    Chain INPUT (policy DROP 0 packets, 0 bytes)
    pkts bytes target    prot opt in    out    source              destination
     
        0    0 DROP      all  --  any    any    anywhere            anywhere
            state INVALID
      38  1788 ACCEPT    all  --  any    any    anywhere            anywhere
            state RELATED,ESTABLISHED
        8  522 ACCEPT    all  --  lo    any    anywhere            anywhere
     
        1    52 ACCEPT    all  --  br0    any    anywhere            anywhere
     
     
    Chain FORWARD (policy DROP 0 packets, 0 bytes)
    pkts bytes target    prot opt in    out    source              destination
     
        0    0 ACCEPT    all  --  br0    br0    anywhere            anywhere
     
        0    0 DROP      all  --  any    any    anywhere            anywhere
            state INVALID
        0    0 TCPMSS    tcp  --  any    any    anywhere            anywhere
            tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
        0    0 ACCEPT    all  --  any    any    anywhere            anywhere
            state RELATED,ESTABLISHED
        0    0 wanin      all  --  ppp0  any    anywhere            anywhere
     
        0    0 wanout    all  --  any    ppp0    anywhere            anywhere
     
        0    0 ACCEPT    all  --  br0    any    anywhere            anywhere
     
        0    0 upnp      all  --  ppp0  any    anywhere            anywhere
     
     
    Chain OUTPUT (policy ACCEPT 61 packets, 3708 bytes)
    pkts bytes target    prot opt in    out    source              destination
     
     
    Chain upnp (1 references)
    pkts bytes target    prot opt in    out    source              destination
     
     
    Chain wanin (1 references)
    pkts bytes target    prot opt in    out    source              destination
     
     
    Chain wanout (1 references)
    pkts bytes target    prot opt in    out    source              destination
    Output of: iptables -t nat -L WANPREROUTING -vn

    Code:
    Chain WANPREROUTING (0 references)
    pkts bytes target    prot opt in    out    source              destination
    Output of iptables --table nat --list -v -n:

    Code:
    Chain PREROUTING (policy ACCEPT 1 packets, 190 bytes)
    pkts bytes target    prot opt in    out    source              destination
     
        0    0 DROP      all  --  ppp0  *      0.0.0.0/0            192.168.1.0/
    24
        0    0 upnp      all  --  ppp0  *      0.0.0.0/0            0.0.0.0/0
     
     
    Chain POSTROUTING (policy ACCEPT 8 packets, 522 bytes)
    pkts bytes target    prot opt in    out    source              destination
     
        0    0 MASQUERADE  all  --  *      ppp0    0.0.0.0/0            0.0.0.0/0
     
        0    0 SNAT      all  --  *      br0    192.168.1.0/24      192.168.1.0/
    24      to:192.168.1.23
     
    Chain OUTPUT (policy ACCEPT 8 packets, 522 bytes)
    pkts bytes target    prot opt in    out    source              destination
     
     
    Chain WANPREROUTING (0 references)
    pkts bytes target    prot opt in    out    source              destination
     
     
    Chain upnp (1 references)
    pkts bytes target    prot opt in    out    source              destination
     
  5. rhester72

    rhester72 Network Guru Member

    Have you turned on CTF by any chance?

    Rodney
     
  6. Rick Houghton

    Rick Houghton Serious Server Member

    What is CTF?
     
  7. koitsu

    koitsu Network Guru Member

    The problem is with your configuration/setup somehow. As I've stated in other threads, the port forwarding works just fine.

    Please disclose all details of your network configuration (physical and software) and every single setting you've changed in all menus within the router from stock defaults. You obviously don't need to disclose passwords or anything, but every single other changed setting we need to know.

    If you haven't done a full/thorough NVRAM reset (this is not the same thing as "After flashing, erase all data in NVRAM memory" when doing an Upgrade) after you went from Firmware X or Stock Firmware to tomato-K26USB-1.28.7501.2MIPSR2Toastman-RT-VPN, please do so and manually reconfigure the router (do not have the backup/restore config option).

    Also, if you're swapping routers connected to DSL bridges or cable modems, please be sure to power cycle or soft reboot the DSL bridge/router or modem. I cannot stress this enough. Many of these devices -- even present-day, such as the Motorola SB6121 -- cache ARP indefinitely. The end result is often behaviour that is quite wonky -- I've seen them act very strangely in some cases (outbound packets working, but inbound packets not, even though from an IP stack perspective this makes no sense). These devices operate on both layer 2 and layer 3, and are black-box so nobody knows exactly what their deal is.

    Finally, please use another "port testing" service other than GRC, just to rule out any problems on their side. I do not tend to recommend Steve Gibson's, well, anything, since a lot of it is snake oil (overdramatised nonsense mixed with some truths). Alternate services:

    http://www.canyouseeme.org/
    http://www.yougetsignal.com/tools/open-ports/
    http://www.mynetworktest.com/ports.php
    http://www.whatsmyip.org/port-scanner/
     
  8. Rick Houghton

    Rick Houghton Serious Server Member

    Thanks for posting Koitsu, but why does the output from Telnet seem to indicate that there are no iptables forwarding rules being applied to NVRAM by the firmware? Does that not seem to point to a bug?
     
  9. Toastman

    Toastman Super Moderator Staff Member Member

    Just for reference:

    This is the output of one of my RT-N16's iptables -t nat -L WANPREROUTING -vn
    port forwarding to AP's in the building.

    (output from Tools/System box)

    Port forwarding has always worked perfectly for me on any build by any modder. It can be broken by

    Chain WANPREROUTING (1 references)
    pkts bytes target prot opt in out source destination
    13 592 DNAT icmp -- * * 0.0.0.0/0 0.0.0.0/0 to:192.168.1.2
    0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8011 to:192.168.1.11:80
    0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8012 to:192.168.1.12:80
    0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8013 to:192.168.1.13:80
    0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8014 to:192.168.1.14:80
    0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8015 to:192.168.1.15:80
    0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8016 to:192.168.1.16:80
    0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8017 to:192.168.1.17:80
    0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8018 to:192.168.1.18:80
    0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8019 to:192.168.1.19:80
    0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8020 to:192.168.1.20:80
    0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8021 to:192.168.1.21:80
    8 4365 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8022 to:192.168.1.22:80
    0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8023 to:192.168.1.23:80
    0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8024 to:192.168.1.24:80
    0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8025 to:192.168.1.25:80
    0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8026 to:192.168.1.26:80
    0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8027 to:192.168.1.27:80
    0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8028 to:192.168.1.28:80
    0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8000 to:192.168.0.1:80
    1 40 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8002 to:192.168.1.2:80
    0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8003 to:192.168.1.3:80
    0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8001 to:192.168.1.1:80
    0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8028 to:192.168.1.29:80
    0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8030 to:192.168.1.30:80

    Koitsu, you are much more polite than I about the GRC bullsh**. :D
     
  10. Rick Houghton

    Rick Houghton Serious Server Member

    And mine is:
    Chain WANPREROUTING (0 references)
    pkts bytes target prot opt in out source destination

    Looks like a bug to me! I am going to try a Shibby release and see if it makes any difference.

    Edit:
    But you know, I don't have a "Tools/System box". What version are you using?
     
  11. koitsu

    koitsu Network Guru Member

    The NVRAM variable for the port forwards is named portforward. nvram get portforward should return something. Can you provide that content?

    Can you also provide contents of /etc/iptables (i.e. cat /etc/iptables)?

    I also need to see the full output from dmesg. If the generated iptables rules can't load, there is usually an error spit out that reads something like "Error while loading rules. See /etc/iptables.error file."
     
  12. Rick Houghton

    Rick Houghton Serious Server Member

    Interestingly nvram get portforward returns:
    Code:
    1<3<<20:22<<192.168.1.4<>1<3<<25<25<192.168.1.4<>1<1<<80<80<192.168.1.4<>1<3<<11
    0<<192.168.1.4<>1<1<<143<<192.168.1.4<>1<1<<389<<192.168.1.4<>1<1<<443<<192.168.
    1.4<>1<1<<465<<192.168.1.4<>1<1<<587<<192.168.1.4<>1<1<<636<<192.168.1.4<>1<1<<9
    93<<192.168.1.4<>1<1<<995<<192.168.1.4<>1<1<<7025<<192.168.1.4<>1<1<<7071<<192.1
    68.1.4<>1<1<<7306<<192.168.1.4<>1<1<<7307<<192.168.1.4<>1<1<<7780<<192.168.1.4<>
    1<3<<8080<<192.168.1.4<>1<3<<10000<<192.168.1.4<>1<1<<10024<<192.168.1.4<>1<1<<1
    0025<<192.168.1.4<>1<3<<60000:65535<<192.168.1.4<>
    So back to my original hypothesis; NVRAM isn't writing the iptables.

    iptables:
    Code:
    :PREROUTING ACCEPT [0:0]
    :OUTPUT ACCEPT [0:0]
    COMMIT
    *nat
    :PREROUTING ACCEPT [0:0]
    :POSTROUTING ACCEPT [0:0]
    :OUTPUT ACCEPT [0:0]
    :WANPREROUTING - [0:0]
    -A PREROUTING -i ppp0 -d 192.168.1.23/255.255.255.0 -j DROP
    :upnp - [0:0]
    -A PREROUTING -i ppp0 -j upnp
    -A POSTROUTING  -o ppp0 -j MASQUERADE
    -A POSTROUTING -o br0 -s 192.168.1.23/255.255.255.0 -d 192.168.1.23/255.255.255.
    COMMIT
    *filter
    :INPUT DROP [0:0]
    :OUTPUT ACCEPT [0:0]
    -A INPUT -m state --state INVALID -j DROP
    -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
    -A INPUT -i lo -j ACCEPT
    -A INPUT -i br0 -j ACCEPT
    :FORWARD DROP [0:0]
    -A FORWARD -i br0 -o br0 -j ACCEPT
    -A FORWARD -m state --state INVALID -j DROP
    -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
    :wanin - [0:0]
    :wanout - [0:0]
    -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
    -A FORWARD -i ppp0 -j wanin
    -A FORWARD -o ppp0 -j wanout
    -A FORWARD -i br0 -j ACCEPT
    :upnp - [0:0]
    -A FORWARD -i ppp0 -j upnp
    COMMIT

    Code:
    root@unknown:/tmp/etc# cat iptables.error
    cat: can't open 'iptables.error': No such file or directory
    My system info:
    Code:
    Model    Asus RT-N16
    Chipset    Broadcom BCM4716 chip rev 1 pkg 10
    CPU Freq    480 MHz
    Flash RAM Size    32 MB
     
    Time    Not Available
    Uptime    00:36:14
    CPU Load (1 / 5 / 15 mins)    0.00 / 0.02 / 0.00
    CPU Usage    0.33%
    Total / Free Memory    124.05
    Thanks for all your help BTW!!
     
  13. koitsu

    koitsu Network Guru Member

    Can you provide output from dmesg please.
     
  14. Rick Houghton

    Rick Houghton Serious Server Member

    Here it is:

    Code:
    Linux version 2.6.22.19 (root@tomato) (gcc version 4.2.4) #34 Thu Jan 24 08:49:01 CET 2013
    CPU revision is: 00019740
    Determined physical RAM map:
    memory: 07fff000 @ 00000000 (usable)
    On node 0 totalpages: 32767
      Normal zone: 255 pages used for memmap
      Normal zone: 0 pages reserved
      Normal zone: 32512 pages, LIFO batch:7
    Built 1 zonelists.  Total pages: 32512
    Kernel command line: root=/dev/mtdblock2 noinitrd console=ttyS0,115200
    Primary instruction cache 32kB, physically tagged, 4-way, linesize 32 bytes.
    Primary data cache 32kB, 4-way, linesize 32 bytes.
    Synthesized TLB refill handler (20 instructions).
    Synthesized TLB load handler fastpath (32 instructions).
    Synthesized TLB store handler fastpath (32 instructions).
    Synthesized TLB modify handler fastpath (31 instructions).
    PID hash table entries: 512 (order: 9, 2048 bytes)
    CPU: BCM4716 rev 1 pkg 10 at 480 MHz
    Using 240.000 MHz high precision timer.
    console [ttyS0] enabled
    Dentry cache hash table entries: 16384 (order: 4, 65536 bytes)
    Inode-cache hash table entries: 8192 (order: 3, 32768 bytes)
    Memory: 126576k/131068k available (33k kernel code, 4340k reserved, 2893k data, 116k init, 0k highmem)
    Calibrating delay loop... 239.20 BogoMIPS (lpj=1196032)
    Mount-cache hash table entries: 512
    NET: Registered protocol family 16
    usbcore: registered new interface driver usbfs
    usbcore: registered new interface driver hub
    usbcore: registered new device driver usb
    PCI: Using membase 8000000
    PCI: Initializing host
    PCI: Reset RC
    PCI: Fixing up bus 0
    PCI: Fixing up bridge
    PCI: Setting latency timer of device 0000:01:00.0 to 64
    PCI: Fixing up bridge
    PCI: Setting latency timer of device 0000:01:00.1 to 64
    PCI: Enabling device 0000:01:00.1 (0004 -> 0006)
    PCI: Fixing up bus 1
    NET: Registered protocol family 2
    Time: MIPS clocksource has been installed.
    IP route cache hash table entries: 1024 (order: 0, 4096 bytes)
    TCP established hash table entries: 4096 (order: 3, 32768 bytes)
    TCP bind hash table entries: 4096 (order: 2, 16384 bytes)
    TCP: Hash tables configured (established 4096 bind 4096)
    TCP reno registered
    squashfs: version 3.0 (2006/03/15) Phillip Lougher
    io scheduler noop registered (default)
    HDLC line discipline: version $Revision: 4.8 $, maxframe=4096
    N_HDLC line discipline registered.
    Serial: 8250/16550 driver $Revision: 1.90 $ 2 ports, IRQ sharing disabled
    serial8250: ttyS0 at MMIO 0xb8000300 (irq = 8) is a 16550A
    PPP generic driver version 2.4.2
    MPPE/MPPC encryption/compression module registered
    NET: Registered protocol family 24
    PPPoL2TP kernel driver, V0.18.3
    PPTP driver version 0.8.5
    Physically mapped flash: Found 1 x16 devices at 0x0 in 8-bit bank
    Amd/Fujitsu Extended Query Table at 0x0040
    Physically mapped flash: CFI does not contain boot bank location. Assuming top.
    number of CFI chips: 1
    cfi_cmdset_0002: Disabling erase-suspend-program due to code brokenness.
    Flash device: 0x2000000 at 0x1c000000
    Creating 5 MTD partitions on "Physically mapped flash":
    0x00000000-0x00040000 : "pmon"
    0x00040000-0x01fe0000 : "linux"
    0x00134c00-0x00940000 : "rootfs"
    0x00940000-0x01fe0000 : "jffs2"
    0x01fe0000-0x02000000 : "nvram"
    Found a 0MB  serial flash
    sflash: found no supported devices
    usbcore: registered new interface driver hiddev
    usbcore: registered new interface driver usbhid
    drivers/hid/usbhid/hid-core.c: v2.6:USB HID core driver
    u32 classifier
        OLD policer on 
    Netfilter messages via NETLINK v0.30.
    nf_conntrack version 0.5.0 (1024 buckets, 8192 max)
    ip_tables: (C) 2000-2006 Netfilter Core Team
    ipt_account 0.1.21 : Piotr Gasidlo <quaker@barbara.eu.org>, http://www.barbara.eu.org/~quaker/ipt_account/
    net/ipv4/netfilter/tomato_ct.c [Jan 21 2013 15:45:45]
    NET: Registered protocol family 1
    NET: Registered protocol family 10
    ip6_tables: (C) 2000-2006 Netfilter Core Team
    NET: Registered protocol family 17
    802.1Q VLAN Support v1.8 Ben Greear <greearb@candelatech.com>
    All bugs added by David S. Miller <davem@redhat.com>
    VFS: Mounted root (squashfs filesystem) readonly.
    Freeing unused kernel memory: 116k freed
    Warning: unable to open an initial console.
    emf: module license 'Proprietary' taints kernel.
    PCI: Setting latency timer of device 0000:00:02.0 to 64
    eth0: Broadcom BCM47XX 10/100/1000 Mbps Ethernet Controller 5.10.147.0
    PCI: Setting latency timer of device 0000:00:01.0 to 64
    eth1: Broadcom BCM4329 802.11 Wireless Controller 5.10.147.0
    Algorithmics/MIPS FPU Emulator v1.5
    SCSI subsystem initialized
    Initializing USB Mass Storage driver...
    usbcore: registered new interface driver usb-storage
    USB Mass Storage support registered.
    ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver
    PCI: Setting latency timer of device 0000:00:04.1 to 64
    ehci_hcd 0000:00:04.1: EHCI Host Controller
    ehci_hcd 0000:00:04.1: new USB bus registered, assigned bus number 1
    ehci_hcd 0000:00:04.1: irq 5, io mem 0x18004000
    ehci_hcd 0000:00:04.1: USB 0.0 started, EHCI 1.00
    usb usb1: configuration #1 chosen from 1 choice
    hub 1-0:1.0: USB hub found
    hub 1-0:1.0: 2 ports detected
    vlan1: add 33:33:00:00:00:01 mcast address to master interface
    vlan1: add 01:00:5e:00:00:01 mcast address to master interface
    vlan1: dev_set_allmulti(master, 1)
    vlan1: dev_set_promiscuity(master, 1)
    device eth0 entered promiscuous mode
    device vlan1 entered promiscuous mode
    device eth1 entered promiscuous mode
    br0: port 2(eth1) entering forwarding state
    br0: port 1(vlan1) entering forwarding state
    vlan2: Setting MAC address to  10 bf 48 e6 c0 97.
    vlan2: add 33:33:00:00:00:01 mcast address to master interface
    vlan2: add 01:00:5e:00:00:01 mcast address to master interface
    IMQ starting with 2 devices...
    IMQ driver loaded successfully.
        Hooking IMQ after NAT on PREROUTING.
        Hooking IMQ before NAT on POSTROUTING. 
     
  15. koitsu

    koitsu Network Guru Member

    Also, I already see a problem:

    Code:
    *nat
    :PREROUTING ACCEPT [0:0]
    :POSTROUTING ACCEPT [0:0]
    :OUTPUT ACCEPT [0:0]
    :WANPREROUTING - [0:0]
    -A PREROUTING -i ppp0 -d 192.168.1.23/255.255.255.0 -j DROP
    
    You should bare minimum have the above nat table, WANPREROUTING chain rule, in your list. But you apparently don't even have that.

    It's like iptables isn't working at all for you. I wonder if it's because the ppp0 interface isn't available at the time iptables.restore is issued.

    It looks like you're using PPPoE. Is this true? Can you please provide a screenshot of your Basic -> Network page?
     
  16. koitsu

    koitsu Network Guru Member

    Apologies, I guess dmesg on Linux doesn't give me what I want. I need the contents of /var/log/messages.
     
  17. Rick Houghton

    Rick Houghton Serious Server Member

    [​IMG]

    Output of
    Code:
    Jan  1 01:24:24 unknown daemon.info pppd[3360]: Plugin rp-pppoe.so loaded.
    Jan  1 01:24:24 unknown daemon.info pppd[3360]: RP-PPPoE plugin version 3.10 compiled against pppd 2.4.5
    Jan  1 01:24:24 unknown daemon.notice pppd[3361]: pppd 2.4.5 started by root, uid 0
    Jan  1 01:24:24 unknown user.info redial[3362]: Started. Time: 10
    Jan  1 01:24:44 unknown user.info redial[3362]: WAN down. Reconnecting...
    Jan  1 01:24:44 unknown daemon.warn dnsmasq[3309]: no servers found in /etc/resolv.dnsmasq, will retry
    Jan  1 01:24:44 unknown daemon.info dnsmasq[3309]: exiting on receipt of SIGTERM
    Jan  1 01:24:44 unknown user.debug init[1]: 182: pptp peerdns disabled
    Jan  1 01:24:44 unknown daemon.info dnsmasq[3370]: started, version 2.61 cachesize 1500
    Jan  1 01:24:44 unknown daemon.info dnsmasq[3370]: compile time options: IPv6 GNU-getopt no-RTC no-DBus no-i18n no-IDN
    Jan  1 01:24:44 unknown daemon.info dnsmasq[3370]: asynchronous logging enabled, queue limit is 5 messages
    Jan  1 01:24:44 unknown daemon.info dnsmasq-dhcp[3370]: DHCP, IP range 192.168.1.2 -- 192.168.1.51, lease time 1d
    Jan  1 01:24:44 unknown daemon.info dnsmasq[3370]: reading /etc/resolv.dnsmasq
    Jan  1 01:24:44 unknown daemon.info dnsmasq[3370]: using nameserver 8.8.8.8#53
    Jan  1 01:24:44 unknown daemon.info dnsmasq[3370]: using nameserver 69.93.127.10#53
    Jan  1 01:24:44 unknown daemon.info dnsmasq[3370]: read /etc/hosts - 2 addresses
    Jan  1 01:24:44 unknown daemon.info dnsmasq[3370]: read /etc/dnsmasq/hosts/hosts - 3 addresses
    Jan  1 01:24:44 unknown daemon.info dnsmasq-dhcp[3370]: read /etc/dnsmasq/dhcp/dhcp-hosts
    Jan  1 01:24:50 unknown user.debug kernel: vlan2: del 33:33:00:00:00:01 mcast address from vlan interface
    Jan  1 01:24:50 unknown user.debug kernel: vlan2: del 33:33:00:00:00:01 mcast address from master interface
    Jan  1 01:24:50 unknown user.debug kernel: vlan2: del 01:00:5e:00:00:01 mcast address from vlan interface
    Jan  1 01:24:50 unknown user.debug kernel: vlan2: del 01:00:5e:00:00:01 mcast address from master interface
    Jan  1 01:24:50 unknown user.warn kernel: vlan2: Setting MAC address to  10 bf 48 e6 c0 97.
    Jan  1 01:24:50 unknown user.debug kernel: vlan2: add 01:00:5e:00:00:01 mcast address to master interface
    Jan  1 01:24:50 unknown user.debug kernel: vlan2: add 33:33:00:00:00:01 mcast address to master interface
    Jan  1 01:24:51 unknown daemon.info pppd[3421]: Plugin rp-pppoe.so loaded.
    Jan  1 01:24:51 unknown daemon.info pppd[3421]: RP-PPPoE plugin version 3.10 compiled against pppd 2.4.5
    Jan  1 01:24:51 unknown user.info redial[3423]: Started. Time: 10
    Jan  1 01:24:51 unknown daemon.notice pppd[3422]: pppd 2.4.5 started by root, uid 0
    Jan  1 01:25:11 unknown user.info redial[3423]: WAN down. Reconnecting...
    Jan  1 01:25:11 unknown daemon.warn dnsmasq[3370]: no servers found in /etc/resolv.dnsmasq, will retry
    Jan  1 01:25:11 unknown daemon.info dnsmasq[3370]: exiting on receipt of SIGTERM
    Jan  1 01:25:11 unknown user.debug init[1]: 182: pptp peerdns disabled
    Jan  1 01:25:11 unknown daemon.info dnsmasq[3431]: started, version 2.61 cachesize 1500 (
    EDIT:
    Just tested it with the ASUS Firmware Version 3.0.04.260 and it works!
    Code:
    ASUSWRT RT-N16_3.0.0.4 Tue Nov  6 13:20:12 UTC 2012
    admin@RT-N16:/tmp/home/root# iptables --table nat --list -v -n
    Chain PREROUTING (policy ACCEPT 67 packets, 4028 bytes)
    pkts bytes target    prot opt in    out    source              destination
        0    0 DNAT      tcp  --  *      *      0.0.0.0/0          !192.168.1.0/24      tcp dpt:80 to:192.168.1.1:18017
        0    0 DNAT      udp  --  *      *      0.0.0.0/0            0.0.0.0/0          udp dpt:53 to:192.168.1.1:18018
     
    Chain POSTROUTING (policy ACCEPT 15 packets, 3140 bytes)
    pkts bytes target    prot opt in    out    source              destination
     
    Chain OUTPUT (policy ACCEPT 15 packets, 3140 bytes)
    pkts bytes target    prot opt in    out    source              destination
     
    Chain VSERVER (0 references)
    pkts bytes target    prot opt in    out    source              destination
     
    Chain VUPNP (0 references)
    pkts bytes target    prot opt in    out    source              destination
    This so sucks!! I am wondering if I should return this model for something different since both Shibby & Toastman firmware exhibit the same symptoms!
     
  18. Rick Houghton

    Rick Houghton Serious Server Member

    For what it's worth DMESG from the ASUS FW:

    Code:
    Linux version 2.6.22.19 (root@asus) (gcc version 4.2.4) #1 Tue Nov 6 21:44:58 CST 2012
    CPU revision is: 00019740
    Determined physical RAM map:
    memory: 07fff000 @ 00000000 (usable)
    On node 0 totalpages: 32767
      Normal zone: 255 pages used for memmap
      Normal zone: 0 pages reserved
      Normal zone: 32512 pages, LIFO batch:7
      HighMem zone: 0 pages used for memmap
    Built 1 zonelists.  Total pages: 32512
    Kernel command line: root=/dev/mtdblock2 noinitrd console=ttyS0,115200
    Primary instruction cache 32kB, physically tagged, 4-way, linesize 32 bytes.
    Primary data cache 32kB, 4-way, linesize 32 bytes.
    Synthesized TLB refill handler (20 instructions).
    Synthesized TLB load handler fastpath (32 instructions).
    Synthesized TLB store handler fastpath (32 instructions).
    Synthesized TLB modify handler fastpath (31 instructions).
    PID hash table entries: 512 (order: 9, 2048 bytes)
    CPU: BCM4716 rev 1 pkg 10 at 480 MHz
    Using 240.000 MHz high precision timer.
    console [ttyS0] enabled
    Dentry cache hash table entries: 16384 (order: 4, 65536 bytes)
    Inode-cache hash table entries: 8192 (order: 3, 32768 bytes)
    Memory: 126264k/131068k available (2439k kernel code, 4668k reserved, 492k data, 160k init, 0k highmem)
    Calibrating delay loop... 239.20 BogoMIPS (lpj=1196032)
    Mount-cache hash table entries: 512
    NET: Registered protocol family 16
    PCI: Using membase 8000000
    PCI: Initializing host
    PCI: Reset RC
    PCI: no core
    PCI: Fixing up bus 0
    PCI/PCIe coreunit 0 is set to bus 1.
    PCI: Fixing up bridge
    PCI: Setting latency timer of device 0000:01:00.0 to 64
    PCI: Fixing up bridge
    PCI: Setting latency timer of device 0000:01:00.1 to 64
    PCI: Enabling device 0000:01:00.1 (0004 -> 0006)
    PCI: Fixing up bus 1
    NET: Registered protocol family 2
    Time: MIPS clocksource has been installed.
    IP route cache hash table entries: 1024 (order: 0, 4096 bytes)
    TCP established hash table entries: 4096 (order: 3, 32768 bytes)
    TCP bind hash table entries: 4096 (order: 2, 16384 bytes)
    TCP: Hash tables configured (established 4096 bind 4096)
    TCP reno registered
    squashfs: version 3.2-r2 (2007/01/15) Phillip Lougher
    io scheduler noop registered (default)
    HDLC line discipline: version $Revision: 4.8 $, maxframe=4096
    N_HDLC line discipline registered.
    Serial: 8250/16550 driver $Revision: 1.90 $ 4 ports, IRQ sharing disabled
    serial8250: ttyS0 at MMIO 0xb8000300 (irq = 8) is a 16550A
    PPP generic driver version 2.4.2
    MPPE/MPPC encryption/compression module registered
    NET: Registered protocol family 24
    PPPoL2TP kernel driver, V0.18.3
    PPTP driver version 0.8.5
    Physically mapped flash: Found 1 x16 devices at 0x0 in 8-bit bank
    Amd/Fujitsu Extended Query Table at 0x0040
    Physically mapped flash: CFI does not contain boot bank location. Assuming top.
    number of CFI chips: 1
    cfi_cmdset_0002: Disabling erase-suspend-program due to code brokenness.
    Flash device: 0x2000000 at 0x1c000000
    Creating 5 MTD partitions on "Physically mapped flash":
    0x00000000-0x00040000 : "pmon"
    0x00040000-0x01fe0000 : "linux"
    0x00167b9c-0x016c0000 : "rootfs"
    0x01fe0000-0x02000000 : "nvram"
    0x01f40000-0x01fe0000 : "jffs2"
    Found an  serial flash with 0 0KB blocks; total size 0MB
    sflash: found no supported devices
    dev_nvram_init: _nvram_init
    _nvram_init: allocat header: 2165768192, size= 32768
    sdhci: Secure Digital Host Controller Interface driver
    sdhci: Copyright(c) Pierre Ossman
    u32 classifier
        OLD policer on
    Netfilter messages via NETLINK v0.30.
    nf_conntrack version 0.5.0 (1024 buckets, 8192 max)
    ipt_time loading
    ip_tables: (C) 2000-2006 Netfilter Core Team
    net/ipv4/netfilter/tomato_ct.c [Nov  6 2012 21:44:21]
    NET: Registered protocol family 1
    NET: Registered protocol family 10
    ip6_tables: (C) 2000-2006 Netfilter Core Team
    NET: Registered protocol family 17
    802.1Q VLAN Support v1.8 Ben Greear <greearb@candelatech.com>
    All bugs added by David S. Miller <davem@redhat.com>
    VFS: Mounted root (squashfs filesystem) readonly.
    Freeing unused kernel memory: 160k freed
    Warning: unable to open an initial console.
    ctf: module license 'Proprietary' taints kernel.
    et_module_init: passivemode set to 0x0
    PCI: Setting latency timer of device 0000:00:02.0 to 64
    eth0: Broadcom BCM47XX 10/100/1000 Mbps Ethernet Controller 5.100.138.20
    wl_module_init: passivemode set to 0x0
    PCI: Setting latency timer of device 0000:00:01.0 to 64
    eth1: Broadcom BCM4329 802.11 Wireless Controller 5.100.138.20
    Algorithmics/MIPS FPU Emulator v1.5
    usbcore: registered new interface driver usbfs
    usbcore: registered new interface driver hub
    usbcore: registered new device driver usb
    SCSI subsystem initialized
    Initializing USB Mass Storage driver...
    usbcore: registered new interface driver usb-storage
    USB Mass Storage support registered.
    ufsd: driver (8.6 U86_r187446_b122, LBD=ON, acl, ioctl, rwm, ws, sd) loaded at c01f4000
    NTFS (with native replay) support included
    optimized: speed
    Build_for__asus_n66u_2011-10-27_U86_r187446_b122
     
    ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver
    PCI: Setting latency timer of device 0000:00:04.1 to 64
    ehci_hcd 0000:00:04.1: EHCI Host Controller
    ehci_hcd 0000:00:04.1: new USB bus registered, assigned bus number 1
    ehci_hcd 0000:00:04.1: EHCI Fastpath: New EHCI driver starting
    ehci_hcd 0000:00:04.1: irq 5, io mem 0x18004000
    ehci_hcd 0000:00:04.1: USB 0.0 started, EHCI 1.00
    usb usb1: configuration #1 chosen from 1 choice
    hub 1-0:1.0: USB hub found
    hub 1-0:1.0: 2 ports detected
    ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) Driver
    PCI: Setting latency timer of device 0000:00:04.0 to 64
    ohci_hcd 0000:00:04.0: OHCI Host Controller
    ohci_hcd 0000:00:04.0: new USB bus registered, assigned bus number 2
    ohci_hcd 0000:00:04.0: irq 5, io mem 0x18009000
    usb usb2: configuration #1 chosen from 1 choice
    hub 2-0:1.0: USB hub found
    hub 2-0:1.0: 2 ports detected
    usbcore: registered new interface driver usblp
    drivers/usb/class/usblp.c: v0.13: USB Printer Device Class driver
    usbcore: registered new interface driver asix
    usbcore: registered new interface driver cdc_ether
    usbcore: registered new interface driver net1080
    usbcore: registered new interface driver rndis_host
    usbcore: registered new interface driver zaurus
    br0: starting userspace STP failed, staring kernel STP
    vlan1: add 33:33:00:00:00:01 mcast address to master interface
    vlan1: add 01:00:5e:00:00:01 mcast address to master interface
    vlan1: dev_set_promiscuity(master, 1)
    device eth0 entered promiscuous mode
    device vlan1 entered promiscuous mode
    device eth1 entered promiscuous mode
    br0: port 2(eth1) entering listening state
    br0: port 1(vlan1) entering listening state
    br0: port 2(eth1) entering learning state
    br0: port 1(vlan1) entering learning state
    br0: topology change detected, propagating
    br0: port 2(eth1) entering forwarding state
    br0: topology change detected, propagating
    br0: port 1(vlan1) entering forwarding state
    admin@RT-N16:/tmp/home/root#
     
  19. koitsu

    koitsu Network Guru Member

    Again, I can assure you the RT-N16 (meaning the model) has nothing to do with the issue. I use an Asus RT-N16 myself (with port forwarding), and Toastman uses many them as well. Proof:

    Code:
    $ telnet gw
    Trying 192.168.1.1...
    Connected to gw.home.lan.
    Escape character is '^]'.
    gw login: root
    Password:
     
    [B]Tomato v1.28.0501 MIPSR2Toastman-RT-N K26 USB Ext[/B]
    root@gw:/tmp/home/root# [B]iptables -t nat -L -n -v[/B]
    Chain PREROUTING (policy ACCEPT 36445 packets, 2654K bytes)
    pkts bytes target    prot opt in    out    source              destination
        0    0 DROP      all  --  vlan2  *      0.0.0.0/0            192.168.1.0/24
    [B] 526K  34M WANPREROUTING  all  --  *      *      0.0.0.0/0            67.180.84.87[/B]
    39580 3039K upnp      all  --  *      *      0.0.0.0/0            67.180.84.87
     
    Chain POSTROUTING (policy ACCEPT 7243 packets, 1221K bytes)
    pkts bytes target    prot opt in    out    source              destination
    173K  12M MASQUERADE  all  --  *      vlan2  0.0.0.0/0            0.0.0.0/0
      489 32059 SNAT      all  --  *      br0    192.168.1.0/24      192.168.1.0/24      to:192.168.1.1
     
    Chain OUTPUT (policy ACCEPT 5129 packets, 1047K bytes)
    pkts bytes target    prot opt in    out    source              destination
     
    [B]Chain WANPREROUTING (1 references)[/B]
    [B] pkts bytes target    prot opt in    out    source              destination[/B]
    [B] 486K  31M DNAT      icmp --  *      *      0.0.0.0/0            0.0.0.0/0          to:192.168.1.1[/B]
    [B]    5  304 DNAT      tcp  --  *      *      0.0.0.0/0            0.0.0.0/0          tcp dpt:113 to:192.168.1.51[/B]
    [B]    1    64 DNAT      tcp  --  *      *      0.0.0.0/0            0.0.0.0/0          tcp dpt:6502 to:192.168.1.51:22[/B]
     
    Chain upnp (1 references)
    pkts bytes target    prot opt in    out    source              destination
    3201  260K DNAT      udp  --  *      *      0.0.0.0/0            0.0.0.0/0          udp dpt:12345 to:192.168.1.50:12345
    2119  117K DNAT      tcp  --  *      *      0.0.0.0/0            0.0.0.0/0          tcp dpt:12345 to:192.168.1.50:12345
    
    The firmware shown here looks like a Shibby firmware, is it not? Toastman firmwares don't have a "LAN" section that looks like that.

    I need you to stick with tomato-K26USB-1.28.7501.2MIPSR2Toastman-RT-VPN and stop changing firmwares. You can't expect people to help you troubleshoot the issue if you keep swapping between 3 firmwares. I know it's frustrating that you don't have working port forwards, but you can't expect people to help if you keep changing stuff.

    You also did not address this: If you haven't done a full/thorough NVRAM reset (this is not the same thing as "After flashing, erase all data in NVRAM memory" when doing an Upgrade) after you went from Firmware X or Stock Firmware to tomato-K26USB-1.28.7501.2MIPSR2Toastman-RT-VPN, please do so and manually reconfigure the router (do not have the backup/restore config option).

    The log provided in this post is not the full /var/log/messages, OR, the log rotated due to filesize. Please reboot the router while running tomato-K26USB-1.28.7501.2MIPSR2Toastman-RT-VPN and provide the following things after the WAN comes up + Internet access is working:

    1. Contents of /var/log/messages
    2. Contents of /etc/iptables (and /etc/iptables.error if it exists)
    3. Output from nvram get portforward
    4. Output from ifconfig -a
    5. Output from iptables -t nat -L -v -n
    6. Output from iptables -L -n -v
    7. A list of all the settings you change in the router, sans port forwards (those are implied by some of the above commands) and PPPoE.

    Please note that the commands I've provided above are different than the ones you've been using. Please do not hide or obfuscate any information in the output (some people like to do this with MAC addresses and so on; please don't -- there's no security concern, really).
     
  20. Rick Houghton

    Rick Houghton Serious Server Member

    Sorry, I guess I got ahead of myself! Here we go as per you instructions:

    Contents of /var/log/messages:
    Code:
    Dec 31 22:00:45 unknown syslog.info syslogd started: BusyBox v1.18.5
    Dec 31 22:00:45 unknown user.notice kernel: klogd started: BusyBox v1.18.5 (2013-01-11 14:02:49 ICT)
    Dec 31 22:00:45 unknown user.notice kernel: Linux version 2.6.22.19 (root@tomato) (gcc version 4.2.4) #22 Fri Jan 11 1
    Dec 31 22:00:45 unknown user.warn kernel: CPU revision is: 00019740
    Dec 31 22:00:45 unknown user.warn kernel: Determined physical RAM map:
    Dec 31 22:00:45 unknown user.warn kernel:  memory: 07fff000 @ 00000000 (usable)
    Dec 31 22:00:45 unknown user.debug kernel: Entering add_active_range(0, 0, 32767) 0 entries of 256 used
    Dec 31 22:00:45 unknown user.info kernel: Zone PFN ranges:
    Dec 31 22:00:45 unknown user.warn kernel:  Normal          0 ->    32767
    Dec 31 22:00:45 unknown user.warn kernel:  HighMem    32767 ->    32767
    Dec 31 22:00:45 unknown user.info kernel: early_node_map[1] active PFN ranges
    Dec 31 22:00:45 unknown user.warn kernel:    0:        0 ->    32767
    Dec 31 22:00:45 unknown user.debug kernel: On node 0 totalpages: 32767
    Dec 31 22:00:45 unknown user.debug kernel:  Normal zone: 0 pages used for memmap
    Dec 31 22:00:45 unknown user.debug kernel:  Normal zone: 0 pages reserved
    Dec 31 22:00:45 unknown user.debug kernel:  Normal zone: 32767 pages, LIFO batch:7
    Dec 31 22:00:45 unknown user.debug kernel:  HighMem zone: 0 pages used for memmap
    Dec 31 22:00:45 unknown user.warn kernel: Built 1 zonelists.  Total pages: 32767
    Dec 31 22:00:45 unknown user.notice kernel: Kernel command line: root=/dev/mtdblock2 noinitrd console=ttyS0,115200
    Dec 31 22:00:45 unknown user.warn kernel: Primary instruction cache 32kB, physically tagged, 4-way, linesize 32 bytes.
    Dec 31 22:00:45 unknown user.warn kernel: Primary data cache 32kB, 4-way, linesize 32 bytes.
    Dec 31 22:00:45 unknown user.info kernel: Synthesized TLB refill handler (20 instructions).
    Dec 31 22:00:45 unknown user.info kernel: Synthesized TLB load handler fastpath (32 instructions).
    Dec 31 22:00:45 unknown user.info kernel: Synthesized TLB store handler fastpath (32 instructions).
    Dec 31 22:00:45 unknown user.info kernel: Synthesized TLB modify handler fastpath (31 instructions).
    Dec 31 22:00:45 unknown user.warn kernel: PID hash table entries: 512 (order: 9, 2048 bytes)
    Dec 31 22:00:45 unknown user.warn kernel: CPU: BCM4716 rev 1 pkg 10 at 480 MHz
    Dec 31 22:00:45 unknown user.warn kernel: Using 240.000 MHz high precision timer.
    Dec 31 22:00:45 unknown user.info kernel: console [ttyS0] enabled
    Dec 31 22:00:45 unknown user.warn kernel: Dentry cache hash table entries: 16384 (order: 4, 65536 bytes)
    Dec 31 22:00:45 unknown user.warn kernel: Inode-cache hash table entries: 8192 (order: 3, 32768 bytes)
    Dec 31 22:00:45 unknown user.info kernel: Memory: 126748k/131068k available (33k kernel code, 4160k reserved, 2669k da
    Dec 31 22:00:45 unknown user.debug kernel: Calibrating delay loop... 239.20 BogoMIPS (lpj=1196032)
    Dec 31 22:00:45 unknown user.warn kernel: Mount-cache hash table entries: 512
    Contents of /etc/iptables:
    Code:
    :PREROUTING ACCEPT [0:0]
    :OUTPUT ACCEPT [0:0]
    COMMIT
    *nat
    :PREROUTING ACCEPT [0:0]
    :POSTROUTING ACCEPT [0:0]
    :OUTPUT ACCEPT [0:0]
    :WANPREROUTING - [0:0]
    -A PREROUTING -i ppp0 -d 192.168.1.23/255.255.255.0 -j DROP
    -A PREROUTING -d 206.248.137.132 -j WANPREROUTING
    -A WANPREROUTING -p icmp -j DNAT --to-destination 192.168.1.23
    -A WANPREROUTING -p tcp  --dport 20:22 -j DNAT --to-destination 192.168.1.4
    -A WANPREROUTING -p udp  --dport 20:22 -j DNAT --to-destination 192.168.1.4
    -A WANPREROUTING -p tcp  --dport 25 -j DNAT --to-destination 192.168.1.4:25
    -A WANPREROUTING -p udp  --dport 25 -j DNAT --to-destination 192.168.1.4:25
    -A WANPREROUTING -p tcp  --dport 80 -j DNAT --to-destination 192.168.1.4:80
    -A WANPREROUTING -p tcp  --dport 110 -j DNAT --to-destination 192.168.1.4
    -A WANPREROUTING -p udp  --dport 110 -j DNAT --to-destination 192.168.1.4
    -A WANPREROUTING -p tcp  --dport 143 -j DNAT --to-destination 192.168.1.4
    -A WANPREROUTING -p tcp  --dport 389 -j DNAT --to-destination 192.168.1.4
    -A WANPREROUTING -p tcp  --dport 443 -j DNAT --to-destination 192.168.1.4
    -A WANPREROUTING -p tcp  --dport 465 -j DNAT --to-destination 192.168.1.4
    -A WANPREROUTING -p tcp  --dport 587 -j DNAT --to-destination 192.168.1.4
    -A WANPREROUTING -p tcp  --dport 636 -j DNAT --to-destination 192.168.1.4
    -A WANPREROUTING -p tcp  --dport 993 -j DNAT --to-destination 192.168.1.4
    -A WANPREROUTING -p tcp  --dport 995 -j DNAT --to-destination 192.168.1.4
    -A WANPREROUTING -p tcp  --dport 7025 -j DNAT --to-destination 192.168.1.4
    -A WANPREROUTING -p tcp  --dport 7071 -j DNAT --to-destination 192.168.1.4
    -A WANPREROUTING -p tcp  --dport 7306 -j DNAT --to-destination 192.168.1.4
    -A WANPREROUTING -p tcp  --dport 7307 -j DNAT --to-destination 192.168.1.4
    -A WANPREROUTING -p tcp  --dport 7780 -j DNAT --to-destination 192.168.1.4
    -A WANPREROUTING -p tcp  --dport 8080 -j DNAT --to-destination 192.168.1.4
    -A WANPREROUTING -p udp  --dport 8080 -j DNAT --to-destination 192.168.1.4
    Output of nvram get portforward:
    Code:
    root@unknown:/tmp/etc# nvram get portforward
    1<3<<20:22<<192.168.1.4<>1<3<<25<25<192.168.1.4<>1<1<<80<80<192.168.1.4<>1<3<<110<<192.168.1.4<>1<1<<143<<192.168.1.4<>1<1<<389<<192.168.1.4<>1<1<<443<<192.168.1.4<>1<1<<465<<192.168.1.4<>1<1<<587<<192.168.1.4<>1<1<<636<<192.168.1.4<>1<1<<993<<192.16
    8.1.4<>1<1<<995<<192.168.1.4<>1<1<<7025<<192.168.1.4<>1<1<<7071<<192.168.1.4<>1<1<<7306<<192.168.1.4<>1<1<<7307<<192.168.1.4<>1<1<<7780<<192.168.1.4<>1<3<<8080<<192.168.1.4<>1<3<<10000<<192.168.1.4<>1<1<<10024<<192.168.1.4<>1<1<<10025<<192.168.1.4<>1
    <3<<60000:65535<<192.168.1.4<>
    root@unknown:/tmp/etc#
    Output of ifconfig -a:
    Code:
    root@unknown:/tmp/etc# ifconfig -a
    br0        Link encap:Ethernet  HWaddr 10:BF:48:E6:C0:96
              inet addr:192.168.1.23  Bcast:192.168.1.255  Mask:255.255.255.0
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:4214 errors:0 dropped:0 overruns:0 frame:0
              TX packets:3237 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0
              RX bytes:766257 (748.2 KiB)  TX bytes:2187367 (2.0 MiB)
     
    eth0      Link encap:Ethernet  HWaddr 10:BF:48:E6:C0:96
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:5056 errors:0 dropped:0 overruns:0 frame:0
              TX packets:3869 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000
              RX bytes:1133707 (1.0 MiB)  TX bytes:2298399 (2.1 MiB)
              Interrupt:4 Base address:0x2000
     
    eth1      Link encap:Ethernet  HWaddr 10:BF:48:E6:C0:98
              UP BROADCAST RUNNING ALLMULTI MULTICAST  MTU:1500  Metric:1
              RX packets:0 errors:0 dropped:0 overruns:0 frame:0
              TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000
              RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
              Interrupt:3 Base address:0x1000
     
    imq0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
              NOARP  MTU:1500  Metric:1
              RX packets:0 errors:0 dropped:0 overruns:0 frame:0
              TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:30
              RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
     
    imq1      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
              NOARP  MTU:1500  Metric:1
              RX packets:0 errors:0 dropped:0 overruns:0 frame:0
              TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:30
              RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
     
    imq2      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
              NOARP  MTU:1500  Metric:1
              RX packets:0 errors:0 dropped:0 overruns:0 frame:0
              TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:30
              RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
     
    lo        Link encap:Local Loopback
              inet addr:127.0.0.1  Mask:255.0.0.0
              inet6 addr: ::1/128 Scope:Host
              UP LOOPBACK RUNNING MULTICAST  MTU:16436  Metric:1
              RX packets:70 errors:0 dropped:0 overruns:0 frame:0
              TX packets:70 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0
              RX bytes:5232 (5.1 KiB)  TX bytes:5232 (5.1 KiB)
     
    ppp0      Link encap:Point-to-Point Protocol
              inet addr:206.248.137.132  P-t-P:206.248.154.104  Mask:255.255.255.255
              UP POINTOPOINT RUNNING MULTICAST  MTU:1492  Metric:1
              RX packets:636 errors:0 dropped:0 overruns:0 frame:0
              TX packets:611 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:3
              RX bytes:205901 (201.0 KiB)  TX bytes:81279 (79.3 KiB)
     
    vlan1      Link encap:Ethernet  HWaddr 10:BF:48:E6:C0:96
              UP BROADCAST RUNNING ALLMULTI MULTICAST  MTU:1500  Metric:1
              RX packets:4214 errors:0 dropped:0 overruns:0 frame:0
              TX packets:3237 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0
              RX bytes:783113 (764.7 KiB)  TX bytes:2200315 (2.0 MiB)
     
    vlan2      Link encap:Ethernet  HWaddr 10:BF:48:E6:C0:97
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:842 errors:0 dropped:0 overruns:0 frame:0
              TX packets:632 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0
              RX bytes:259586 (253.5 KiB)  TX bytes:98084 (95.7 KiB)
    Continued on next post...
     
  21. Rick Houghton

    Rick Houghton Serious Server Member

    Output of iptables -t nat -L -v -n:
    Code:
    root@unknown:/tmp/etc# iptables -t nat -L -v -n
    Chain PREROUTING (policy ACCEPT 740 packets, 94692 bytes)
    pkts bytes target    prot opt in    out    source              destination
        0    0 DROP      all  --  ppp0  *      0.0.0.0/0            192.168.1.0/24
      84 19910 WANPREROUTING  all  --  *      *      0.0.0.0/0            206.248.137.132
      44 17886 upnp      all  --  *      *      0.0.0.0/0            206.248.137.132
     
    Chain POSTROUTING (policy ACCEPT 45 packets, 6954 bytes)
    pkts bytes target    prot opt in    out    source              destination
      129  8605 MASQUERADE  all  --  *      ppp0    0.0.0.0/0            0.0.0.0/0
      18  3576 SNAT      all  --  *      br0    192.168.1.0/24      192.168.1.0/24      to:192.168.1.23
     
    Chain OUTPUT (policy ACCEPT 62 packets, 11019 bytes)
    pkts bytes target    prot opt in    out    source              destination
     
    Chain WANPREROUTING (1 references)
    pkts bytes target    prot opt in    out    source              destination
        0    0 DNAT      icmp --  *      *      0.0.0.0/0            0.0.0.0/0          to:192.168.1.23
        0    0 DNAT      tcp  --  *      *      0.0.0.0/0            0.0.0.0/0          tcp dpts:20:22 to:192.168.1.4
        0    0 DNAT      udp  --  *      *      0.0.0.0/0            0.0.0.0/0          udp dpts:20:22 to:192.168.1.4
        1    60 DNAT      tcp  --  *      *      0.0.0.0/0            0.0.0.0/0          tcp dpt:25 to:192.168.1.4:25
        0    0 DNAT      udp  --  *      *      0.0.0.0/0            0.0.0.0/0          udp dpt:25 to:192.168.1.4:25
        5  252 DNAT      tcp  --  *      *      0.0.0.0/0            0.0.0.0/0          tcp dpt:80 to:192.168.1.4:80
        0    0 DNAT      tcp  --  *      *      0.0.0.0/0            0.0.0.0/0          tcp dpt:110 to:192.168.1.4
        0    0 DNAT      udp  --  *      *      0.0.0.0/0            0.0.0.0/0          udp dpt:110 to:192.168.1.4
        0    0 DNAT      tcp  --  *      *      0.0.0.0/0            0.0.0.0/0          tcp dpt:143 to:192.168.1.4
        0    0 DNAT      tcp  --  *      *      0.0.0.0/0            0.0.0.0/0          tcp dpt:389 to:192.168.1.4
      31  1532 DNAT      tcp  --  *      *      0.0.0.0/0            0.0.0.0/0          tcp dpt:443 to:192.168.1.4
        0    0 DNAT      tcp  --  *      *      0.0.0.0/0            0.0.0.0/0          tcp dpt:465 to:192.168.1.4
        0    0 DNAT      tcp  --  *      *      0.0.0.0/0            0.0.0.0/0          tcp dpt:587 to:192.168.1.4
        0    0 DNAT      tcp  --  *      *      0.0.0.0/0            0.0.0.0/0          tcp dpt:636 to:192.168.1.4
        1    60 DNAT      tcp  --  *      *      0.0.0.0/0            0.0.0.0/0          tcp dpt:993 to:192.168.1.4
        0    0 DNAT      tcp  --  *      *      0.0.0.0/0            0.0.0.0/0          tcp dpt:995 to:192.168.1.4
        0    0 DNAT      tcp  --  *      *      0.0.0.0/0            0.0.0.0/0          tcp dpt:7025 to:192.168.1.4
        0    0 DNAT      tcp  --  *      *      0.0.0.0/0            0.0.0.0/0          tcp dpt:7071 to:192.168.1.4
        0    0 DNAT      tcp  --  *      *      0.0.0.0/0            0.0.0.0/0          tcp dpt:7306 to:192.168.1.4
        0    0 DNAT      tcp  --  *      *      0.0.0.0/0            0.0.0.0/0          tcp dpt:7307 to:192.168.1.4
        0    0 DNAT      tcp  --  *      *      0.0.0.0/0            0.0.0.0/0          tcp dpt:7780 to:192.168.1.4
        1    60 DNAT      tcp  --  *      *      0.0.0.0/0            0.0.0.0/0          tcp dpt:8080 to:192.168.1.4
        0    0 DNAT      udp  --  *      *      0.0.0.0/0            0.0.0.0/0          udp dpt:8080 to:192.168.1.4
        1    60 DNAT      tcp  --  *      *      0.0.0.0/0            0.0.0.0/0          tcp dpt:10000 to:192.168.1.4
        0    0 DNAT      udp  --  *      *      0.0.0.0/0            0.0.0.0/0          udp dpt:10000 to:192.168.1.4
        0    0 DNAT      tcp  --  *      *      0.0.0.0/0            0.0.0.0/0          tcp dpt:10024 to:192.168.1.4
        0    0 DNAT      tcp  --  *      *      0.0.0.0/0            0.0.0.0/0          tcp dpt:10025 to:192.168.1.4
        0    0 DNAT      tcp  --  *      *      0.0.0.0/0            0.0.0.0/0          tcp dpts:60000:65535 to:192.168.1.4
        0    0 DNAT      udp  --  *      *      0.0.0.0/0            0.0.0.0/0          udp dpts:60000:65535 to:192.168.1.4
     
    Chain upnp (1 references)
    pkts bytes target    prot opt in    out    source              destination
    Output of iptables -L -n -v:
    Code:
    root@unknown:/tmp/etc# iptables -L -n -v
    Chain INPUT (policy DROP 44 packets, 17886 bytes)
    pkts bytes target    prot opt in    out    source              destination
      21  1280 DROP      all  --  *      *      0.0.0.0/0            0.0.0.0/0          state INVALID
    1778  417K ACCEPT    all  --  *      *      0.0.0.0/0            0.0.0.0/0          state RELATED,ESTABLISHED
        2  118 ACCEPT    all  --  lo    *      0.0.0.0/0            0.0.0.0/0
      936  178K ACCEPT    all  --  br0    *      0.0.0.0/0            0.0.0.0/0
     
    Chain FORWARD (policy DROP 0 packets, 0 bytes)
    pkts bytes target    prot opt in    out    source              destination
      350 95124 ACCEPT    all  --  br0    br0    0.0.0.0/0            0.0.0.0/0
        3  120 DROP      all  --  *      *      0.0.0.0/0            0.0.0.0/0          state INVALID
      239 12460 TCPMSS    tcp  --  *      *      0.0.0.0/0            0.0.0.0/0          tcp flags:0x06/0x02 TCPMSS clamp to PMTU
      707  101K restrict  all  --  *      ppp0    0.0.0.0/0            0.0.0.0/0
    1177  343K ACCEPT    all  --  *      *      0.0.0.0/0            0.0.0.0/0          state RELATED,ESTABLISHED
      92  4632 wanin      all  --  ppp0  *      0.0.0.0/0            0.0.0.0/0
      151 12180 wanout    all  --  *      ppp0    0.0.0.0/0            0.0.0.0/0
      151 12180 ACCEPT    all  --  br0    *      0.0.0.0/0            0.0.0.0/0
        0    0 upnp      all  --  ppp0  *      0.0.0.0/0            0.0.0.0/0
     
    Chain OUTPUT (policy ACCEPT 2692 packets, 2077K bytes)
    pkts bytes target    prot opt in    out    source              destination
     
    Chain rdev00 (1 references)
    pkts bytes target    prot opt in    out    source              destination
        0    0 DROP      all  --  *      *      0.0.0.0/0            0.0.0.0/0          MAC A4:D1:D2:CD:88:76
        0    0 DROP      all  --  *      *      0.0.0.0/0            0.0.0.0/0          MAC 00:14:D1:5D:D7:A0
     
    Chain rdev01 (0 references)
    pkts bytes target    prot opt in    out    source              destination
        0    0 DROP      all  --  *      *      192.168.1.93        0.0.0.0/0
        0    0 DROP      all  --  *      *      0.0.0.0/0            0.0.0.0/0          MAC 00:14:D1:5D:D7:A0
        0    0 DROP      all  --  *      *      0.0.0.0/0            0.0.0.0/0          MAC 40:B3:95:92:AF:66
     
    Chain rdev02 (0 references)
    pkts bytes target    prot opt in    out    source              destination
        0    0 DROP      all  --  *      *      0.0.0.0/0            0.0.0.0/0          MAC A8:E3:EE:8D:FF:74
        0    0 DROP      all  --  *      *      0.0.0.0/0            0.0.0.0/0          MAC 00:13:02:3C:43:17
        0    0 DROP      all  --  *      *      0.0.0.0/0            0.0.0.0/0          MAC 78:D6:F0:9A:6F:80
        0    0 DROP      all  --  *      *      0.0.0.0/0            0.0.0.0/0          MAC F4:6D:04:6D:3E:6C
        0    0 DROP      all  --  *      *      0.0.0.0/0            0.0.0.0/0          MAC 7C:ED:8D:59:28:7C
     
    Chain restrict (1 references)
    pkts bytes target    prot opt in    out    source              destination
      707  101K rdev00    all  --  *      *      0.0.0.0/0            0.0.0.0/0
     
    Chain upnp (1 references)
    pkts bytes target    prot opt in    out    source              destination
     
    Chain wanin (1 references)
    pkts bytes target    prot opt in    out    source              destination
        0    0 ACCEPT    tcp  --  *      *      0.0.0.0/0            192.168.1.4        tcp dpts:20:22
        0    0 ACCEPT    udp  --  *      *      0.0.0.0/0            192.168.1.4        udp dpts:20:22
        5  300 ACCEPT    tcp  --  *      *      0.0.0.0/0            192.168.1.4        tcp dpt:25
        0    0 ACCEPT    udp  --  *      *      0.0.0.0/0            192.168.1.4        udp dpt:25
      14  696 ACCEPT    tcp  --  *      *      0.0.0.0/0            192.168.1.4        tcp dpt:80
        0    0 ACCEPT    tcp  --  *      *      0.0.0.0/0            192.168.1.4        tcp dpt:110
        0    0 ACCEPT    udp  --  *      *      0.0.0.0/0            192.168.1.4        udp dpt:110
        0    0 ACCEPT    tcp  --  *      *      0.0.0.0/0            192.168.1.4        tcp dpt:143
        0    0 ACCEPT    tcp  --  *      *      0.0.0.0/0            192.168.1.4        tcp dpt:389
      63  3036 ACCEPT    tcp  --  *      *      0.0.0.0/0            192.168.1.4        tcp dpt:443
        0    0 ACCEPT    tcp  --  *      *      0.0.0.0/0            192.168.1.4        tcp dpt:465
        0    0 ACCEPT    tcp  --  *      *      0.0.0.0/0            192.168.1.4        tcp dpt:587
        0    0 ACCEPT    tcp  --  *      *      0.0.0.0/0            192.168.1.4        tcp dpt:636
        6  360 ACCEPT    tcp  --  *      *      0.0.0.0/0            192.168.1.4        tcp dpt:993
        0    0 ACCEPT    tcp  --  *      *      0.0.0.0/0            192.168.1.4        tcp dpt:995
        0    0 ACCEPT    tcp  --  *      *      0.0.0.0/0            192.168.1.4        tcp dpt:7025
        0    0 ACCEPT    tcp  --  *      *      0.0.0.0/0            192.168.1.4        tcp dpt:7071
        0    0 ACCEPT    tcp  --  *      *      0.0.0.0/0            192.168.1.4        tcp dpt:7306
        0    0 ACCEPT    tcp  --  *      *      0.0.0.0/0            192.168.1.4        tcp dpt:7307
        0    0 ACCEPT    tcp  --  *      *      0.0.0.0/0            192.168.1.4        tcp dpt:7780
        2  120 ACCEPT    tcp  --  *      *      0.0.0.0/0            192.168.1.4        tcp dpt:8080
        0    0 ACCEPT    udp  --  *      *      0.0.0.0/0            192.168.1.4        udp dpt:8080
        2  120 ACCEPT    tcp  --  *      *      0.0.0.0/0            192.168.1.4        tcp dpt:10000
        0    0 ACCEPT    udp  --  *      *      0.0.0.0/0            192.168.1.4        udp dpt:10000
        0    0 ACCEPT    tcp  --  *      *      0.0.0.0/0            192.168.1.4        tcp dpt:10024
        0    0 ACCEPT    tcp  --  *      *      0.0.0.0/0            192.168.1.4        tcp dpt:10025
        0    0 ACCEPT    tcp  --  *      *      0.0.0.0/0            192.168.1.4        tcp dpts:60000:65535
        0    0 ACCEPT    udp  --  *      *      0.0.0.0/0            192.168.1.4        udp dpts:60000:65535
     
    Chain wanout (1 references)
    pkts bytes target    prot opt in    out    source              destination
    Phew! This is like an MCSE exam! What other info did you need?
     
  22. Rick Houghton

    Rick Houghton Serious Server Member

    My settings (ones not included from above) all other ones are stock. QOS is off.

    [​IMG]

    [​IMG]
     
  23. gfunkdave

    gfunkdave LI Guru Member

    Rick, you keep showing the uPNP port forwarding page. This is not what you want. Manual port forwarding is configured under Port Forwarding -> Basic.

    uPNP is a protocol that lets network devices automatically open a forwarded port.
     
  24. Rick Houghton

    Rick Houghton Serious Server Member

    Yeah I know, but Koitsu said he wanted to see my settings so I threw it in there. My basic port forward screen is a few posts back. I am ready to RMA this thing back to Newegg and try another model. For all the time this one has cost me it is starting to get ridiculous!
     
  25. koitsu

    koitsu Network Guru Member

    Thanks -- you got all the stuff I wanted. (Yeah, didn't need the UPnP page, but that's perfectly fine, I understand why you provided it!)

    Your port forwards are quite clearly in your iptables output. Look closely at your post, output from iptables -t nat -L -v -n. They are also in /etc/iptables, as well as relevant/related entries within iptables -L -v -n (which is the filter table, i.e. -t filter, in case you were wondering; don't specify -t and iptables defaults to showing the filter table only).

    Given what you've shown there, your port forwards should be working just fine. And you know what? They are, because I see the packet counters for the rules as non-zero, and I even verified from my own VPS/co-located box:

    Code:
    $ telnet 206.248.137.132 80
    Trying 206.248.137.132...
    Connected to 206.248.137.132.
    Escape character is '^]'.
    GET / HTTP/1.0
     
    HTTP/1.1 302 Found
    Date: Fri, 01 Feb 2013 03:06:00 GMT
    Location: https://192.168.1.4:443/
    Content-Length: 0
     
    Connection closed by foreign host.
    
    (I should note in this example, your webserver on 192.168.1.4 is returning a Location field that obviously won't work for Internet visitors. But that has absolutely nothing to do with the port forwarding, that has to do with your webserver on 192.168.1.4)

    So what's the problem again? :)

    P.S. -- I asked you not to edit out any of the information in your stuff, yet you did edit the screenshots to hide your IP address, which is pointless because it's shown quite clearly in your iptables output. Had you hid this information too I wouldn't have been able to verify from my co-location/VPS box that your forwards are working. Starting to understand why hiding this info is a bad idea when asking for help? :-/
     
  26. Rick Houghton

    Rick Houghton Serious Server Member

    Unfortunately, they don't work. After I got all the info for you I ran the Port Checker and it showed all ports blocked. I am running a mail server and I ssh'ed into the server and tried to ping out but it was blocked. I had to replace the router with the working Linksys as I can't have the server offline for long. It is weird that iptables shows the rules I agree. But the ports are still blocked by the RT-N16. When I run it with the ASUS fw they are not.

    EDIT: I figured it out!! I am an idiot... I had the old router at 192.168.1.24 and the new (test) RT-N16 at 192.168.1.23. The mail server's gateway was looking at 24!!! DoHH....

    Thank's, I think I need a drink now.
     
  27. koitsu

    koitsu Network Guru Member

    *laughs* I'll let you know if I'm ever in Canada so you can buy me a pint of Moosehead. Haha. :)
     
  28. Rick Houghton

    Rick Houghton Serious Server Member

    I'm buying! Thanks again for all your help!
     

Share This Page