1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Tomato RAF Releases

Discussion in 'Tomato Firmware' started by Victek, Dec 28, 2012.

  1. shibby20

    shibby20 Network Guru Member

    i`m talking aboud pppoe, not ppp3g.
    Many polish users using PPPoE connection type has problem when then are using rp-pppoe 3.11. WAN is connected and it disconnect by after few seconds and router can`t connect one more time. I made my latest tomato builds with rp-pppoe 3.10 and all is working correct. Well i decided to back this package to previous version.

    ppp3g is working correct on rp-pppoe 3.11... I haven`t pppoe connection type (using dhcp wan type) well i can`t check this myself, but it was not one or two case(s) but few.
     
  2. Victek

    Victek Network Guru Member

    It's a different scenario here shibby, a russian ISP using radius denies authentication in the syslog I saw from the user. There is no disconnection, it's an authentication error in this case only affecting to ONE user.
    Thanks!
     
  3. Victek

    Victek Network Guru Member

    dopbear (ssh, sftp,... connections) updated to release 2013.60.1 read changelog in the link, mainly I did to avoid CPU congestion and slowly reactions. The module was totally outdated since Feb 2012, ipv6, android, cache connections with bugs....
    http://goo.gl/UlPJiK

    We go... will be released in beta v1.2o
     
    Last edited: Oct 18, 2013
    MatteoV, nurofen and Elfew like this.
  4. Victek

    Victek Network Guru Member

    No rush nurofen ... It's a minor update that will be packed with some other kernel patches.

    A big step for us ... well, for me yes: https://home.regit.org/2013/09/using-tc-with-ipv6-and-ipv4/ reading and learning, it's recent, @RonV I think we are in the final step, this was the reason why the feature crashed QoS and BW limiter with a rude kernel kick in the a**.., we can't assign same priority for both (ipv4 & ipv6)...but we need it... what we should do? ... If you're thinking in nftables (the Hope for many people) forget it.. not supported by the kernel until two days ago when Pablo (the iptables maintainer) pulled the request to the kernel mainline ... http://en.wikipedia.org/wiki/Nftables .. yes, I know .. nftables using mangle ON and no bottleneck for CTF ...(sorry it looks as my memories...) ;)

    Sometimes I think we run too fast, sometimes too slow... LOL.
     
    Last edited: Oct 18, 2013
    Elfew and nurofen like this.
  5. Toxic

    Toxic Administrator Staff Member

    To all users

    I have had several complaints of individual users in this thread abusing the rules.

    if you cannot abide by these you are not welcome here and I will ban you.

    now read the rules:

    http://www.linksysinfo.org/index.php?help/terms
     
  6. krum09

    krum09 Networkin' Nut Member

    I am getting this in my log files running on AC66u IPV6, RAF Firmware v1.28.9013 MIPSR2-RAF-V1.2n5
    this keeps coming up, I don't have any problems; everything seems to run just fine; But I see lots of these messages
    RT-AC66U user.debug kernel: icmpv6_send: no reply to icmp error

    Chris
     
  7. RonV

    RonV Network Guru Member

    Welcome to the IPv6 test...I bet you have QOS rules turned on at the same time you have IPv6 configured. Victek has posted a comment here that if you use IPv6 that you should disable QOS, Bandwidth Limiter, and Access Restrictions.
     
  8. krum09

    krum09 Networkin' Nut Member

    Thanks RonV, I think I will disable IPV6, I need access restrictions for the Kids, QOS for them as well, they play lots of games.
    Thanks for the heads up.

    Chris
     
  9. RonV

    RonV Network Guru Member

    I guess for right now we need to accept that a separate list by IP type is the only solution for QOS. Maybe Odd number for IPv4 and Even number for IPv6 :) This could be hidden via the coding. I can't think of a situation when a person would want a QOS rules say for port 80 for IPv4 but not for IPv6 so that may work. But again I may be wrong with this line of thought.
     
  10. Victek

    Victek Network Guru Member

    Yes, I need more information about it... thanks!

    @krum09 .. this message could be that ICMP is disabled in firewall GUI, so you need to enable to answer icmp requests.
     
  11. Elfew

    Elfew Addicted to LI Member

    Working IPv6 is the first step... after that Victek could continue with other features - IPv6 in QoS, BW limiter etc.
     
  12. Moogle Stiltzkin

    Moogle Stiltzkin Networkin' Nut Member

    Hi,

    I'm using the latest Tomato RAF Firmware v1.28.9013 MIPSR2-RAF-V1.2n K26 USB for my Linksys E4200 V1 router.

    I just wanted to report that there seems to be a minor issue
    under the CIFS client tab "Total / Free Size(not mounted)"

    I set the CIFS storage to be on my QNAP NAS in a share directory i set aside for it, because it has tons of space, and it's networked. Better than storing the logs on the very limited ram on the router. So far it has worked well.

    I'm just wondering why it claims not to be mounted, when clearly it seems to be, because i can save and load data as intended.

    So just wondering whether this minor inaccuracy is a bug that was overlooked ?


    This doesn't seem to be an issue only in the RAF release, as i noticed the same thing in Toastman's as well.
     
  13. Victek

    Victek Network Guru Member

    Thanks for reporting it, I didn't test this feature in my version since I'm always keping syslog in my usb pendrive (easier to configure), I'll check it. Thanks.
     
    Last edited: Oct 19, 2013
  14. Victek

    Victek Network Guru Member

    Well ... in reality ipv6 works (routing) thought, the issue appear with some ipv6 configurations used by some ISP .. I can't do so much, just adding new patches from kernel (almost included) and see how dnsmasq is developing the implementation for dnsmasq, today I have been 'off' all day seeking mushrooms .. no ipv6 needed.
     
  15. RonV

    RonV Network Guru Member

    Victek,

    I have v1.28.9013 MIPSR2-RAF-V1.2n K26 USB up and running. Currently got the IPv6 configured and appears to be working for all the basic settings. Once it burns in I will enable my access restriction rules.

    Thanks for fixing the device list page. I can see my hosts in IPv6 and IPv4. A bit confusing when you first look because its sorted by IP. Also since only one interface shows the wireless quality but if you sort my MAC address everything it's easy to make out what is going on.
     
  16. RMerlin

    RMerlin Network Guru Member

    That'd be odd considering 3.11 has been released years ago - I would have expected such issues to have been tracked down and fixed by the RP folks by now.

    Asus upgraded from 3.10 to 3.11 with FW 3.0.0.4.354. That's what I'm currently using here.
     
  17. shibby20

    shibby20 Network Guru Member

    you have right @RMerlin. but i haven`t pppoewan type,well i cannot fix this myself :/ The best solution for me was back to 3.10 :/

    I have to compare tomato sources of rp-pppoe and yours. Maybe i will find a clue.
     
  18. Victek

    Victek Network Guru Member

    The fix for device-list has been done by KDB...but stills there is a long way to sort associated services, anyway, it works fine and the hope is to see the light soon ;)

    @shibby20 I don't know how you upgraded rp-pppoe but I used Penguin tar file and updated in my version, compare my version and yours to find a possible difference.
     
  19. Elfew

    Elfew Addicted to LI Member

    I know, you focused on IPv6 and the result is that it is working for all common IPv6 connections from providers. Other providers with exotic setup have to sort out it - it is their problem.

    Now you can move to other modules and make them IPv6 compatible - QoS, BW limiter, device list etc.

    After that Tomato fw will have full compatibility with IPv6.

    There is a lot of work ahead of you, but a huge part of work is done. Keep good work, I am looking for every new beta build ;)
     
  20. Victek

    Victek Network Guru Member

    I'm restricting new betas doing internal test with some users .. but the outcome is weird ... now ipv6 works in one version I sent three days ago and it was not working, today it works... odd situation. ;)
    Also dnsmasq patches are released every day, that's good but involves a lot of work to update and test new changes. But overall I'm happy to sort and learn some ipv6 collateral influence in other modules and start working on it.

    Thanks!
     
    szpunk and Elfew like this.
  21. RonV

    RonV Network Guru Member

    Victek,

    Thanks for all the hard work you are putting into this. I think your priority to get IPv6/dnsmasq as stable as possible across as much of the IPv6 implementations that are out there is the right approach. If my coding skill were up to date I would be helping with the other areas such as access restrictions or QOS.
     
  22. Victek

    Victek Network Guru Member

    I will upload one version today .. few minutes... after testing it looks as ipv6 leases and some difficult connections are working stable ... then I go back now to see access restrictions, it seems easy to fix now.
    Also I upload changes to the git .. again.
     
  23. Elfew

    Elfew Addicted to LI Member

    @ Victek - will be possible to add IPv6 adress into acess restriction and other modules or only IPv4/MAC adress?
     
  24. MatteoV

    MatteoV Serious Server Member

    Please, do it for E4200 too, if you can :)
    I strongly would like to test.

    Thanks!
     
    Moogle Stiltzkin likes this.
  25. RMerlin

    RMerlin Network Guru Member

    Not saying Asus's works better, I just never received any feedback about PPPoE issues introduced in newer builds. The issue might be specific to some ISPs, and I just don't have any user who are on that ISP perhaps.
     
  26. nurofen

    nurofen Serious Server Member

    Did not want to bother you guys. Help me understand why does not work.
    I changed the settings for the test VLAN. And for some strange reason, does not work IPTV connected by LAN4.
    And on Port LAN3 IPTV set-top box works well.


    In the picture below, all works well.
    Thanks to google the answer is not found.
     

    Attached Files:

  27. Moogle Stiltzkin

    Moogle Stiltzkin Networkin' Nut Member

    my isp now since this month supports ipv6 via dual stack. So once the local tech community figure out the routerOS settings guide, i can test the tomato Victek RAF IPV6 if it works.

    because our ftth uses vlan tagging implementation for VOIP, internet video streaming, so am relying on Microtik's RB250GS switch to perform the vlan tagging.

    Although i guess the tomato can be setup to do that too, but it would be more inconvenient everytime i update the router firmware, having to re-do vlan tagging as well X_X:


    i also second this :)
     
  28. RonV

    RonV Network Guru Member

    I see version "P" up there is that the version you want tested?
     
  29. Victek

    Victek Network Guru Member

    Yes .. it's p version.

    Perfect .. it looks that the most exotic configurations are to be tested with RAF version, excellent!

    It's available already ..

    Yes, it's normal ... as you see you created two vlan (3 and 4) with the same vid, the second configuration looks OK for me, it doesn't work?.
     
  30. MatteoV

    MatteoV Serious Server Member

    Thanks for 1.2p on E4200 v1 @Victek .
    I'm sorry but I seem to need to ask again: why does the dnsmasq.conf still contain the directive:
    Code:
    strict-order
    
    I find it a hog, sincerely, when you struggle to set multiple dns' to make sure you will end up using the faster one...this hard-coded directive makes you end up waiting for the first dns to be said non-functional, and/or second, and so on...ie wait a lot sometimes till your name is actually solved.
    When are you going to toggle this hard-coded thing now that ipv6 things go better, if I may ask?

    Thanks!
     
    Moogle Stiltzkin likes this.
  31. Victek

    Victek Network Guru Member

    Edit:

    MatteoV strict order is only written in dnsmasq when you enable dnscrypto ... normal, not?

    I think it should work like this but I'll appreciate any opinion about why it's better to disable it when I fixed dnscrypto and the order of dns is important...

    Thanks!
     
    Last edited: Oct 20, 2013
  32. MatteoV

    MatteoV Serious Server Member

    ..edit2..
    Yes Victek that's the meaning I understood too.
    I'm sorry if I insisted that way, but when I asked you told me it was there maybe due to your intensive testing of all configurations to make ipv6 work reliably. Now I get it was always intended this way in Tomato or at least in RAF. I'm coming from DD-WRT, where if I wanted strict-order, I had to write strict-order in the custom configuration space given in the gui. The same space is available in TomatoRAF, too, so I guessed they was just behaving the same way!

    Now, let's go back to the real question about the configuration itself.
    I'm not sure about the loopback meaning. I mean, reading on the dnsmasq man:
    it seems to me it is saying the "server" directives are those used for upstream dns' and that the "nameserver.." loopback stuff is just for caching. But maybe I'm understanding this wrongly...
    So it will try the server/s given in resolv.conf in their order, as you said.
    This sounds bad to me because if a server fails (which happens not so rarely with dnscrypt-proxies I'm using here) then it will wait for the first one to not respond (don't know how much time actually) and then it will send the request to the next one and so on. I would agree on giving them a correct order, but since the dns' packets don't seem to me too much of a hassle to be sent altogether to every available server given, I don't see why we shouldn't just send a request to them all and then just use the -really- fastest one that answered. I understand it's the default behaviour of dnsmasq, too:
    and that's also why I was expecting it in use here.

    In short I think that, well, if a user does -not- want to use answers from a specific dns, then he will just not set it. And I also think that the normal user will just want to use the fastest dns available and avoid waiting if this is possible...don't you?

    ..edit..
    Also I think that this way you are toggling a choice naturally allowed already by dnsmasq and the tomatoRAF gui itself with the custom configuration space already given.

    Thanks for reading and always helping out!

    ..edit1..
    Sorry, I didn't see this before. Concepts on why it should be better to leave it off are anyway valid. But now well, that choice makes some sense, if I want dns crypted I should avoid using non-crypted. But, well, I think you should not obtain that by using strict-order (that will anyway allow tomato to reach other clean-text servers if crypted one fails) but just by using the single dnscrypto-server and nothing else. This way every purpose can be reach! In my case, I added multiple dnscrypto servers, manually, and with an upgraded bin due to problems with the included one (I know you have my request on your TODO list for that, too :) ) and when one goes down or has to work for keys renewals, my internet slows down a lot!!

    ..edit2..
    Another thing, before you listen to me and then hate me :) ... is a fact I discovered:
    if you set a single/more crypto dns then you will probably have problems on the router boot. In fact it could not be able to reach ntp servers due to it is practically not having a dns and it will consequently remain without a correct date set. This will make crypted dns non-validable on connection due to expired/not-yet-valid certificates. The solution is another line in dnsmasq config. I use:
    Code:
    server=/pool.ntp.org/8.8.8.8
    
    this makes the name solvable against 8.8.8.8 (Google's first dns).
     
    Last edited: Oct 20, 2013
  33. nurofen

    nurofen Serious Server Member

  34. Victek

    Victek Network Guru Member

    ok.. I will edit it tomorrow and answer you but the edit2 was solved, yes, we had this problem time ago, no need to patch .. ok, I'll answer in few hours.

    Edit today: I'll test how it works with strict-order off and dnscrypto ON. More information will be posted in this post.

    Yes, that's what I said ... work.png is the right configuration. You should respect the vlan map done by your ISP.
     
    Last edited: Oct 21, 2013
    MatteoV likes this.
  35. RonV

    RonV Network Guru Member

    Darn the "p" release doesn't seem to be handing out IPv6 addresses as the "n" release did.

    Code:
    Oct 20 19:18:38 rtr-gateway-n66r daemon.info dnsmasq-dhcp[1107]: DHCPSOLICIT(br0) 00:01:00:01:18:af:c8:5e:00:00:00:00:00:00
    Oct 20 19:18:38 rtr-gateway-n66r daemon.info dnsmasq-dhcp[1107]: DHCPADVERTISE(br0) 00:01:00:01:18:af:c8:5e:00:00:00:00:00:00 no addresses available
    Oct 20 19:18:42 rtr-gateway-n66r daemon.info dnsmasq-dhcp[1107]: DHCPSOLICIT(br0) 00:01:00:01:18:af:c8:5e:00:00:00:00:00:00
    Oct 20 19:18:42 rtr-gateway-n66r daemon.info dnsmasq-dhcp[1107]: DHCPADVERTISE(br0) 00:01:00:01:18:af:c8:5e:00:00:00:00:00:00 no addresses available
    Oct 20 19:18:50 rtr-gateway-n66r daemon.info dnsmasq-dhcp[1107]: DHCPSOLICIT(br0) 00:01:00:01:18:af:c8:5e:00:00:00:00:00:00
    Oct 20 19:18:50 rtr-gateway-n66r daemon.info dnsmasq-dhcp[1107]: DHCPADVERTISE(br0) 00:01:00:01:18:af:c8:5e:00:00:00:00:00:00 no addresses available
    Oct 20 19:18:54 rtr-gateway-n66r daemon.info dnsmasq-dhcp[1107]: RTR-ADVERT(br0) 2602:306:bdae:6b2f::
    Here is the dnsmasq.conf file:

    Code:
    pid-file=/var/run/dnsmasq.pid
    domain=vargofamily
    resolv-file=/etc/resolv.dnsmasq
    addn-hosts=/etc/dnsmasq/hosts
    dhcp-hostsfile=/etc/dnsmasq/dhcp
    expand-hosts
    min-port=4096
    stop-dns-rebind
    rebind-localhost-ok
    interface=br0
    dhcp-range=tag:br0,192.168.10.10,192.168.10.19,255.255.255.0,10m
    dhcp-option=tag:br0,3,192.168.10.254
    dhcp-lease-max=255
    dhcp-authoritative
    enable-ra
    ra-param=br0,10,1800
    dhcp-range=::1, ::FFFF:FFFF,constructor:br0,ra-stateless,ra-names, 64, 12h
    cache-size=8192 
     
    Last edited: Oct 21, 2013
  36. Moogle Stiltzkin

    Moogle Stiltzkin Networkin' Nut Member

    Victek,

    can i have your input ? Regarding my FTTH, we need a switch or router to perform the vlan tagging to handle the split IPTV, and Iphone. So because of that, i use the RB250gs to do the vlan tagging, and the linksys router to be configured as a normal router normally is.

    But seeing as the tomato firmware has vlan tagging, then what exactly is the difference between setting up vlan on the microtik switch vs the tomato router ? And which is the best solution ?

    http://web.archive.org/web/20130118122637/http://unifi.athena.my/mikrotik_rb250gs.php



    Because with the introduction of IPV6 dual stack, i need to now attempt to configure both the switch and router to handle ipv6, so i'm trying to understand which is the best network layout to deal with this :/
     
  37. kthaddock

    kthaddock Network Guru Member

    nurofen likes this.
  38. nurofen

    nurofen Serious Server Member

  39. Victek

    Victek Network Guru Member

    You have to connect the SIP to the 'main Internet' VLAN.
    I see ... the last change in dnsmasq affects one of the lines you have in dnsmasq.conf (domain=v*******) and dhcp-authoritative ... in last two commits ... http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=summary ...

    I'll revert changes done in dnsmasq until the package proves to be stable ... every day it solves something but breaks something it was working before. :mad:
     
    Last edited: Oct 21, 2013
  40. Victek

    Victek Network Guru Member

    Link is down.. ok .. I explain a little bit this scenario:

    1st. Any switch can deal with ethernet frames as we talk about layer2 device.
    2nd. Any switch can handle ipv4 and ipv6 at this layer.

    When your router receives a normal ethernet frame looks like the top image.
    When the frame is tagged (802.1Q) it's identified as the bottom image.
    [​IMG]

    So in fact if you create the VLAN tagging in your router you can handle the tagging without using the switch WHEN the protocols (pppoe) are the same for each frame (normally it's but in some cases the ISP shift the connection type to another modalities like static routing or dhcp). You should supply more information to have one idea about your configuration but this is a thread for firmware, not for ISP configurations.
     
    Last edited: Oct 21, 2013
  41. nurofen

    nurofen Serious Server Member

    My ISP uses a VLAN (VID) to connect the SIP...
     
  42. Victek

    Victek Network Guru Member

    Please give the data you know instead of write fragmented information. Then you have to create another VLAN tagged with the vid to permit the SIP forwarding.

    And I say you the same to MatteoV, this is a thread for firmware, I don't provide any help to configure your router.
     
    Last edited: Oct 21, 2013
  43. MatteoV

    MatteoV Serious Server Member

    I don't understand this fastly changed idea. And I do not remember to have asked help here to configure something, nor I sent fragmented information!?!? While many do it and are answered. No problem, of course, that's just good.

    But, there is just a fact in what I presented. You are toggling the possibility to set something as we like. The more, you have chosen for us the non default behaviour and we can't change it. And you call it a configuration support request!? Every software is supposed to make users choose. I didn't ask you to choose for me. I did already know I don't want to wait for non working or busy dns servers.

    And well, you still didn't explain why you made your choice and I am willing to listen too, while this is minor considered the facts. We could choose. We can choose with any firmware. The gui already would make us choose. But you hard coded a non default setting. This is a in topic argument for sure and firmware related :/

    Inviato dal mio Nexus 4 con Tapatalk
     
  44. Victek

    Victek Network Guru Member

    I changed it since the thread is concentrating users with customized configurations belonging to ISP's that I don't know settings and also users with low networking skills, I can't solve without be inside the router and your ISP is not paying me, right?. Of course you can choose any firmware but in almost cases the issue is related with customized configurations not with firmware or buggy functions in firmware, this is your case and I mistake the user name ;)

    The fragmented information was not your case, I answered to @nurofen.

    Thanks!
     
    Last edited: Oct 21, 2013
  45. Moogle Stiltzkin

    Moogle Stiltzkin Networkin' Nut Member

    victek,

    my friend is helping me configure the victek raf tomato for the isp ipv6, but we ran into problem to get it to work.

    something to do with

    "it just doesn't have it enabled for the PPP daemon, required for your ISP. I need to manually configure your ppp file and manually add in the commands to make it get the fe80:: "

    So essentially he reckons you may have missed an option, which my ISP requires to have to get ipv6 working for it.

    so my friend says.


    We are testing using

    Tomato RAF Firmware v1.28.9013 MIPSR2-RAF-V1.2n K26 USB

    But i noticed there is a newer tomato-E4200-1.28.9013MIPSR2-RAF-V1.2p

    Is there any changelog for it ? Any changes in regards to the ipv6 implementation for the newer firmware update ?
     
  46. Victek

    Victek Network Guru Member

    No, stay with 1.2n , it's stable. The configuration for ipv6 is in Basic/ipv6 menu, then he can set what he needs ... you can send him your /etc/dnsmasq.conf file... type cat /etc/dnsmasq.conf from telnet or open and ssh session for him and he can check, it's already included.

    Edit: You can show it to your friend, no need to type anything .. but the router should establish an ipv6 connection with your ISP hub...

    upload_2013-10-21_11-42-9.png

    I expect a long way to ipv6 harmonization ... pfff
    Ah, by the way ... I'll add IPv4 instead of Router IP Addresses ...
     
    Last edited: Oct 21, 2013
  47. Moogle Stiltzkin

    Moogle Stiltzkin Networkin' Nut Member


    He also said this


    Do you have MSN or AIm ? we on discussing atm a fix :] maybe you can join us ?

    my friend and you both technical experts. I make a poor in between communicator mediator lulz :]

    Although we may be jumping the gun, but will check if the bras has the thing enabled. If it does we will get back to you if it really is the firmware side. Right now can't say for sure ^^ cept the ppp part he mentions, but as said this could probly be because of the bras.


    *updated

    we also tested with tomato-E4200-1.28.9013MIPSR2-RAF-V1.2p, no dice still :X
     
    Last edited: Oct 21, 2013
  48. MatteoV

    MatteoV Serious Server Member

    Ok @Victek so this
    is just the actual situation, and you're giving the "problem" a sight, correct? Sorry but I didn't see it when answering and sometimes my English lacks! If I understood correctly it was just a wrong name here:
    correct?

    p.s. I perfectly understand (and see) that many times something simply becomes not-doable and more like a work you're not paid for. But you're always doing it more than right as far as I can see, and anyway there's no need for you to justify for something you don't do, at all, since you do it just for hobby! So, sorry if I seem harsh, that's not my intention but I guess I can't render it correct in English :))

    Thanks!
     
  49. Victek

    Victek Network Guru Member

    @MatteoV , correct and my apologies .. my multitasking sometimes breaks too.
    @Moogle Stiltzkin , Yes, I have IM but I'm regret to say you that I can't give support to all people asking for it. If you can convince your friend to post here his doubts I'll try to answer him.

    In few minutes a new release will be available after the feedback I received from RonV .. I rollback dnsmasq to a safe configuration. Look this post in few minutes and you can see some changes I did... included strict-order disabled for @MatteoV to be tested and report by him.

    Screenshot from 2013-10-21 12:32:13.png

    Thanks!
     
    Last edited: Oct 21, 2013
    Elfew and MatteoV like this.
  50. Moogle Stiltzkin

    Moogle Stiltzkin Networkin' Nut Member

    it's kewl i understand no worries :)


    uh my friend said he would like to see changelog if possible.

    he said the one here doesn't seem to be complete or accurate
    http://victek.is-a-geek.com/Repositorios/Beta_RAF/READ BEFORE YOU DOWNLOAD ANY TEST VERSION.txt

    like it didn't even show the Tomato RAF Firmware v1.28.9013 MIPSR2-RAF-V1.2n K26 USB. Although personally i don't think you should mind yourself with too detailed a changelog. Having the fixes is more important then posting every single detail kek.



    Oh and after somemore testing he said

     
  51. Victek

    Victek Network Guru Member

    all the information he needs can be seen in:

    root@RT-AC56U:/tmp/ppp# cat wanoptions

    You can pass him the contents of this file.. as I saw what he request is already in since the daemon ppp is common for ipv4 and ipv6 so the settings are common, the number of retries and so can be modified from Basic/network settings.
     
    Moogle Stiltzkin likes this.
  52. Victek

    Victek Network Guru Member

    Release v1.2q beta ready in the download area for v1.2 and v1.3 release for RT-N16, RT-N66, E4200, other models upon request.
     
    nurofen likes this.
  53. Moogle Stiltzkin

    Moogle Stiltzkin Networkin' Nut Member

    Okay seems like it was BRAS issue. So i won't have ipv6 in my area till sometime end this year hopefully.

    So i will report back then if ipv6 works for my isp with your firmware :]


    By the way is there a v1.3 for the E4200 V1?

    And what exactly is the diff between v1.2 and v1.3 ?
     
  54. Moogle Stiltzkin

    Moogle Stiltzkin Networkin' Nut Member

    Installed tomato-E4200-1.28.9013MIPSR2-RAF-V1.2q on my Linksys E4200 V1. Works fine although i haven't tested with IPV6 yet :(

    Is there some other particular observation you wanted me to look out for ?
     
  55. Victek

    Victek Network Guru Member

    No, we go to v1.3 is the path ... and we saved a lot of time when your ISP recognized that something is pending to assign you ipv6 .. I hate wasting time.

    Thanks!
     
    Moogle Stiltzkin likes this.
  56. Moogle Stiltzkin

    Moogle Stiltzkin Networkin' Nut Member

    Actually there is a new issue
    Theres been some discussion for a solution,
    https://forum.lowyat.net/index.php?showtopic=2978208&view=findpost&p=64010860


    I'm wondering if you had any suggestions for this particular problem :/
     
  57. Victek

    Victek Network Guru Member

    Yes, it's one problem that nobody till now pointed but it's a maturity update for dnsmasq, I think Oleg's team did something about when I was looking their code or it was related to >64 prefix, not sure... dnsmasq is now naked in front of ipv6 issues and dhcp leases to be performed by radv.

    The problem is dnsmasq doesn't use separate valid/preferred values and it provokes default gateway get lost due to some server reconfiguration. Unfortunately now it's set to 2 hours prefix and used for valid/preferred. But you are talking about mikrotik and dd-wrt and I don't know if they use dnsmasq alone as we use in tomato (I think they use dnsmasq and radvd.. not sure). As I said it's something to be solved by dnsmasq programmer and there is nothing related to the used kernel.
     
    Last edited: Oct 21, 2013
  58. dc361

    dc361 LI Guru Member

    Victek, E3000 and E900 please.. IPV6 using HE 6in4 has been working like a charm here, Thanks.
     
  59. Victek

    Victek Network Guru Member

    Hehe, yes.. he.com is working too charm.. it's the reason why I can't reproduce other scenarios issues and may be the reason also why it works fine in your devices.... I use he.com too.. I'll do.
     
    Last edited: Oct 21, 2013
  60. Moogle Stiltzkin

    Moogle Stiltzkin Networkin' Nut Member

    oh thats something i did not know, very interesting. thx for the feedback
     
  61. Moogle Stiltzkin

    Moogle Stiltzkin Networkin' Nut Member

    i don't think the new Q version is stable. getting disconnection issue every few intervals :x

    how to pass along internal info to you to check out ?
     
  62. Victek

    Victek Network Guru Member

    It works perfect in my case, look for other reasons, nvram erase and clean configuration.
    upload_2013-10-21_20-16-13.png
     
  63. Moogle Stiltzkin

    Moogle Stiltzkin Networkin' Nut Member

    i did nvram erasa too when i upgraded :/

    then again it could be my isps maintenace issues today, but since i'm not fully sure, thought i'd report anyway.

    I'll keep monitoring the uptime :X
     
  64. Victek

    Victek Network Guru Member

    Ok .. look for log messages ... if a wording like you have been disconnected appears then it can be ISP troubles.
     
  65. Elfew

    Elfew Addicted to LI Member

    Version 1.2q and after that final? I think you should continue with beta state until Z :)... Keep tradition, dont rush :) it is only a number but who knows...1.3 = lucky or unlucky number 13?! ;)
     
  66. MatteoV

    MatteoV Serious Server Member

    Sorry Victek, being unable to test today, nor I will tomorrow due to my stage undergoing, perhaps in the evening I will let you know if everything seems alright with my be-hated strict-order :))

    Thanks

    Inviato dal mio Nexus 4 con Tapatalk
     
  67. Victek

    Victek Network Guru Member

    beta r is cooking now ... with interesting changes...
    I'm not superstitious ... ;)

    Thanks @MatteoV I tested today, it works fine (also in combination with ipv6).... but a second opinion will be appreciated.
     
    MatteoV likes this.
  68. RonV

    RonV Network Guru Member

    Ok I am up on 1.2q and IPv6 is back to normal. I am going to let this one burn overnight. Have some streaming video to test tonight and lets see how well it holds up.
     
  69. Moogle Stiltzkin

    Moogle Stiltzkin Networkin' Nut Member

    well i can't seem to pm you, so hard to share logs :/ but seeing the internet uptime seems to be somewhere between

    50minutes to 1 hour from what i see before it drops the internet and reconnects later.
     
  70. Ric

    Ric Network Guru Member

    Unfortunately, no. ADSL.
     
  71. Ric

    Ric Network Guru Member

    RonV. I have the ADSL with the Motorola N3347-02 running in Bridge mode. -Ric
     
  72. Victek

    Victek Network Guru Member

    I can't help you so much if you can't post the following information in PM to me:

    _ Complete syslog where I can see when line drops (set debug to level 8 to see important messages).
    _ wan options file.
    _ screenshot of Basic/Network settings.

    But.. as usual I don't see any post of users with connection drops, so I'm inclined to think that some setting is wrong (for instance Connect on demand mode instead of keepalive).
    ----------------------------------------------------------------------------------------------------

    Version 1.2r ready to download, Changelog:

    _ Dropbear (ssh) udated to 2013.60.1 complete porting.
    _ dnsmasq reverted to 2.67rc4 due to some bugs detected on latest updates.
    _ code optimization to separate AC routers features (drivers) from N routers features. filesize -70KB.
    _ toolchains Makelib.c deprecated.
    _ Dedicated text in Status Overview to indicate IPv4 and IPv6 information (WAN & LAN) side.
    _ kernel updates for fileysytems drivers.
    _ Fast NAT auto enabled when QoS is disabled.

    It's a recommended update, sirq is less agressive now. Bandwidth WAN-LAN with RT-N16 245Mbps.

    Enjoy!
     
    eahm, Elfew, nurofen and 1 other person like this.
  73. Moogle Stiltzkin

    Moogle Stiltzkin Networkin' Nut Member

    couldn't find this option to set lv 8 :/

    same issue.

    normal settings.

    type PPOE, and yes keep alive is enabled :X
    ----------------------------------------------------------------------------------------------------

    I may as well update to the newer and see if the problem still occurs, kek :)


    By the way is this related to hardware turbo nat ? Example i think my old ESR-Engenius router had a turbo accelerated NAT, but couldn't use when QOS was enabled.
    If so, is this feature available for the E4200 V1 ? or is it for specific models that have this feature to make use of this option only o_o; ?
     
  74. nurofen

    nurofen Serious Server Member

    And for the RT-N66U ?
    In the evening, I will test the new beta!
    Do you plan to add to the firmware torrent?

    Thanks @Victek.
     
  75. Moogle Stiltzkin

    Moogle Stiltzkin Networkin' Nut Member

    Yeah i think my issue may have been related to this, cause saw a few error messages in log mentioning this. Anyway i'll monitor uptime see whether it's stable now :X
     
  76. Victek

    Victek Network Guru Member

    dnsmasq have no relation with pppoe or ISP disconnections, if you don't provide the information I can't answer you.

    Instead of asking please search the version and download.
    No, no torrent, you can use shibby mod if you want torrent downloader.
     
  77. RonV

    RonV Network Guru Member

    Must be a Netopia device rebranded Motorola, haven't seen one of those deployed for about 5 years. Very reliable but usually the carriers lock them down hard. Glad to see they left bridge mode customer configurable.
     
  78. Ric

    Ric Network Guru Member

    This is one of the earlier Business Class Routers (Netopia 3000 series). Have 2 of them. Solid performers. They were the deal from the old BellSouth prior to AT&T, and replaced the Westell 327.
     
  79. vlads

    vlads Serious Server Member

    @Victek - any chance you could build Netgear WNR3500v1 and v2 as well as Linksys E2000 builds?
     
  80. Victek

    Victek Network Guru Member

    Yes .. I'll do late today. No problem, I prefer to build these versions if no bugs are detected for other models, till now it seems ok so I'll do.
     
  81. dc361

    dc361 LI Guru Member

    Beta "r" seems to be working quite well on my E3000 after a few hours of testing - Thanks!
     
  82. Victek

    Victek Network Guru Member

    Yes.. it looks the most stable from 1.2 final .... and few CPU resources used, it's why the BW have been improved.
     
    nurofen likes this.
  83. eviltone

    eviltone Network Guru Member

    Victek -- THnks for 1.2r -- my e42000 loves it.. i dont have IPV6 -- so i dont think i can help with any of this.
    My friend has a Tenda W1800R that he's been running the 1.2n on, can you build 1.2r for the AC-66u? I'd like to hear feedback from him...
     
  84. MatteoV

    MatteoV Serious Server Member

    @Victek wow I missed p just yesterday night and we are at r!?
    Ahah I'll test it shortly! Thanks for your heavy work!!!
     
  85. Victek

    Victek Network Guru Member

    Yes, but you should wait till tomorrow.. I'm doing new toolchains ...
     
  86. MatteoV

    MatteoV Serious Server Member

    Victek, everything seems alright, no strict-order and dns set work wonderfully with no hassles.

    p.s. if you allow me to do it, I'd like to remind you about the v.1.3.0 to v.1.3.3 upgrade of dnscrypt-proxy, with very very very minor priority as I already managed to do scripts and stuff to make the compiled 1.3.3 found on the internet work ok and kill the included 1.3.0 with a cronjob, so it's alright now as I wanted it to be ;)

    Thanks again, really. The hu tunnel works so good too. I pushed my ISP to help me set tomato to have their own ipv6...who knows they'll answer and provide some more info :p
     
  87. Victek

    Victek Network Guru Member

    Thanks MatteoV .. afaik dnscrypt-proxy 1.3.3 deprecated libsodium .. not?
     
  88. akyboy

    akyboy Network Guru Member

    Hi Guys

    I know this might not be related directly to this firmware but let me try :p
    Just installed latest R on N66, and as all previous version it ROCKS!

    I was wondering if there is a way to use VPN ip for only one IP on network, i want to be able to use US IP in order to get US Netflix on Roku Player.

    Thanks
     
  89. Moogle Stiltzkin

    Moogle Stiltzkin Networkin' Nut Member

    i downgraded from Q to N but still getting periodic internet disconnections and reconnections :/ out of ideas. Before the N wasn't like this so somethings up x_x;

    every 50mins to an hour ish it will disconnect internet, and reconnect take 2-10minutes
     
  90. Victek

    Victek Network Guru Member

    I think it's something related with your ISP .. nevertheless try 'r' version released.

    akyboy, I think the only way could be restricting subnet/mask to one machine .. but it should be done in the server side.
     
  91. Moogle Stiltzkin

    Moogle Stiltzkin Networkin' Nut Member

    ok i'll try.

    My home network setup


    by the way the other day when my internet went down, i thought i would factory reset my Microtik RB250GS switch, which i use for VLAN tagging for my isp. But it didn't factory reset. So i'm guessing the vlan settings in it are still valid, seeing as the reset didn't work, and i can still go on the internet.

    So i doubt it was that, that is causing this new issue :/ hm ....

    anyways will be testing on r. If still doesn't change, i'll phone my isp or friend to check on that end.
     
  92. Victek

    Victek Network Guru Member

    Ok @Moogle Stiltzkin .. in any case I'm building a new E4200 version with one change, I revert rp-pppoe to an old version to be tested by you. The version is V1.2ra .. please test when available. and report which version works better for you.

    Screenshot from 2013-10-23 10:29:33.png
     
    Last edited: Oct 23, 2013
  93. godraab

    godraab Networkin' Nut Member

    @Victek Could you also do a RT-N66U with older rp-ppoe version, as I also have disconnects from my ISP.
     
  94. Moogle Stiltzkin

    Moogle Stiltzkin Networkin' Nut Member

    With the Tomato RAF Firmware v1.28.9013 MIPSR2-RAF-V1.2r K26 USB

    q, n

    seens the connection doesn't hold for more than 1 hour ish, before it disconnects and reconnects to the internet over a 2-5 minute period to do so.

    Guess i'll try the RA and see if it changes.


    *vik did you get the Pm ?

     
    Last edited: Oct 23, 2013
  95. Victek

    Victek Network Guru Member

    Yes, I was expecting answer from E4200.. but I'll do, no problem
     
  96. guyee

    guyee Reformed Router Member

    Hi everyone,

    Belkin F7D4301v1 with tomato-F7D4301-1.28.9013MIPSR2-RAF-V1.2e.trx.

    It seems this firmware has some issues with the switch. :(

    The port order is correct, everything can be set up according to my wishes, robocfg shows the same thing that can bee seen on GUI, but I cannot convince the router to send tagged packets from vlan 3.

    What I want to achieve is to have an additional interface (br1, 192.168.180.1), that is reachable via port 1 (port ID 3 in robocfg, confirmed by unplugging cable), VLAN tag 3.

    This is what I see:

    roboocfg:
    Code:
    root@unknown:/tmp/home/root# robocfg show
    Switch: enabled gigabit
    Port 0:  DOWN enabled stp: none vlan: 1 jumbo: off mac: 00:00:00:00:00:00
    Port 1: 1000FD enabled stp: none vlan: 1 jumbo: off mac: 84:18:88:7d:8e:00
    Port 2:  DOWN enabled stp: none vlan: 1 jumbo: off mac: 00:00:00:00:00:00
    Port 3:  100FD enabled stp: none vlan: 1 jumbo: off mac: 84:18:88:7d:8e:07
    Port 4: 1000FD enabled stp: none vlan: 2 jumbo: off mac: 00:22:68:9a:63:20
    Port 8: 1000FD enabled stp: none vlan: 1 jumbo: off mac: 94:44:52:af:91:7d
    VLANs: BCM53115 enabled mac_check mac_hash
      1: vlan1: 0 1 2 3t 8t
      2: vlan2: 4 8t
      3: vlan3: 3t 8t
    
    brctl:
    Code:
    root@unknown:/tmp/home/root# brctl show
    bridge name    bridge id              STP enabled    interfaces
    br0            8000.944452af917d      no              vlan1
                                                            eth1
                                                            eth2
                                                            vlan2
    br1            8000.944452af917d      no              vlan3
    
    ifconfig:
    Code:
    root@unknown:/tmp/home/root# ifconfig
    br0        Link encap:Ethernet  HWaddr 94:44:52:AF:91:7D
              inet addr:192.168.179.4  Bcast:192.168.179.255  Mask:255.255.255.0
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:6483 errors:0 dropped:0 overruns:0 frame:0
              TX packets:1157 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0
              RX bytes:1643352 (1.5 MiB)  TX bytes:878313 (857.7 KiB)
    
    br1        Link encap:Ethernet  HWaddr 94:44:52:AF:91:7D
              inet addr:192.168.180.1  Bcast:192.168.180.255  Mask:255.255.255.0
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:462 errors:0 dropped:0 overruns:0 frame:0
              TX packets:274 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0
              RX bytes:49149 (47.9 KiB)  TX bytes:11508 (11.2 KiB)
    
    eth0      Link encap:Ethernet  HWaddr 94:44:52:AF:91:7D
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:36400 errors:0 dropped:0 overruns:0 frame:0
              TX packets:35312 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000
              RX bytes:13605059 (12.9 MiB)  TX bytes:14071407 (13.4 MiB)
              Interrupt:4 Base address:0x2000
    
    eth1      Link encap:Ethernet  HWaddr 94:44:52:AF:91:7F
              UP BROADCAST RUNNING ALLMULTI MULTICAST  MTU:1500  Metric:1
              RX packets:0 errors:0 dropped:0 overruns:0 frame:207033
              TX packets:0 errors:27 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000
              RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
              Interrupt:3 Base address:0x1000
    
    eth2      Link encap:Ethernet  HWaddr 94:44:52:AF:91:80
              UP BROADCAST RUNNING ALLMULTI MULTICAST  MTU:1500  Metric:1
              RX packets:0 errors:0 dropped:0 overruns:0 frame:0
              TX packets:0 errors:30 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000
              RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
              Interrupt:6 Base address:0x8000
    
    lo        Link encap:Local Loopback
              inet addr:127.0.0.1  Mask:255.0.0.0
              inet6 addr: ::1/128 Scope:Host
              UP LOOPBACK RUNNING MULTICAST  MTU:16436  Metric:1
              RX packets:4 errors:0 dropped:0 overruns:0 frame:0
              TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0
              RX bytes:434 (434.0 B)  TX bytes:434 (434.0 B)
    
    vlan1      Link encap:Ethernet  HWaddr 94:44:52:AF:91:7D
              UP BROADCAST RUNNING ALLMULTI MULTICAST  MTU:1500  Metric:1
              RX packets:15036 errors:0 dropped:0 overruns:0 frame:0
              TX packets:18848 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0
              RX bytes:5623893 (5.3 MiB)  TX bytes:7341739 (7.0 MiB)
    
    vlan2      Link encap:Ethernet  HWaddr 94:44:52:AF:91:7E
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:20842 errors:0 dropped:0 overruns:0 frame:0
              TX packets:16190 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0
              RX bytes:7264480 (6.9 MiB)  TX bytes:6717064 (6.4 MiB)
    
    vlan3      Link encap:Ethernet  HWaddr 94:44:52:AF:91:7D
              UP BROADCAST RUNNING ALLMULTI MULTICAST  MTU:1500  Metric:1
              RX packets:521 errors:0 dropped:0 overruns:0 frame:0
              TX packets:274 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0
              RX bytes:61440 (60.0 KiB)  TX bytes:12604 (12.3 KiB)
    
    I tried to check with my computer set to VLAN ID 3, and by connecting a Juniper SRX to it (in case my Ethernet adapter's driver is messed up somehow - static IP address, of course). The interesting part is that even though it seems there IS traffic on both br1 and vlan3 interface (both RX and TX), nothing works neither from my notebook nor from the SRX.

    I cannot even see incoming traffic on the connected device:
    Code:
      Logical interface vlan.3 (Index 83) (SNMP ifIndex 535)
      Flags: SNMP-Traps 0x0 VLAN-Tag [ 0x8100.3 ]  Encapsulation: ENET2
      Bandwidth: 0
      Input packets : 0
      Output packets: 276
      Security: Zone: trust
      Allowed host-inbound traffic : bootp bfd bgp dns dvmrp igmp ldp msdp nhrp ospf ospf3 pgm pim rip ripng router-discovery rsvp sap vrrp dhcp finger
      ftp tftp ident-reset http https ike netconf ping reverse-telnet reverse-ssh rlogin rpm rsh snmp snmp-trap ssh telnet traceroute xnm-clear-text
      xnm-ssl lsping ntp sip dhcpv6 r2cp
      Protocol inet, MTU: 1500
      Flags: Sendbcast-pkt-to-re
      Addresses, Flags: Is-Preferred Is-Primary
      Destination: 192.168.180/24, Local: 192.168.180.100, Broadcast: 192.168.180.255
    
    Any ideas what could go wrong?

    Update:
    1. I connected my notebook to the SRX (both configured to VLAN 3), and they see each other, so they both work perfectly.
    2. NVRAM was erased after firmware upgrade and I set up everything from the beginning.
     
    Last edited: Oct 23, 2013
  97. Victek

    Victek Network Guru Member

    It looks well done but ... I think you must open firewall for vlan3 ... to allow traffic packets, and it will be interesting to look at advanced/routes to see how vlan3 reaches the wan... if it helps my approach will be as follows:

    Code:
    in administration/scripts/init tab.
    
    sleep 15
    ifconfig vlan3 (ip) broadcast ....
    ifconfig vlan3 up
    
    in administration/scripts/firewall tab
    
    iptables -A INPUT -p (protocol... tcp,udp,igmp...) -j ACCEPT;
    iptables -A INPUT -p (protocol ....) -m (protocol...) -d (subnet....) -j ACCEPT;
    iptables -t nat -A POSTROUTING -o vlan3 -j MASQUERADE;
    These are my ideas. Ah! forgot to say ... static routes is broken in all tomato versions, it's why I wrote it in this way....
     
    Last edited: Oct 23, 2013
  98. Victek

    Victek Network Guru Member

    Yes, I got and answered you, if you reset the switch then all VLAN tagging is gone, and since you tried also with other tomato mods with the same result (disconnecting again) I suggest you to get help in order to configure your switch again to re-establish vlan tagging.
     
  99. guyee

    guyee Reformed Router Member

    actually I haven't even tried to reach WAN, all I need is a damned ICMP echo reply from a directly connected device... :)

    However, the idea is great, to get rid of firewall and remove br1, so I flushed iptables, set default policy to ACCEPT, removed br1, and assigned the IP directly to vlan3.

    Code:
    root@unknown:/tmp/home/root# ifconfig br1 down
    root@unknown:/tmp/home/root# ifconfig vlan3 down
    root@unknown:/tmp/home/root# ifconfig vlan3 192.168.180.1 255.255.255.0 up
    ifconfig: SIOCSIFADDR: Invalid argument
    root@unknown:/tmp/home/root# ifconfig
    br0        Link encap:Ethernet  HWaddr 94:44:52:AF:91:7D
              inet addr:192.168.179.4  Bcast:192.168.179.255  Mask:255.255.255.0
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:4943 errors:0 dropped:0 overruns:0 frame:0
              TX packets:2636 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0
              RX bytes:822159 (802.8 KiB)  TX bytes:929807 (908.0 KiB)
    
    eth0      Link encap:Ethernet  HWaddr 94:44:52:AF:91:7D
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:22920 errors:0 dropped:0 overruns:0 frame:0
              TX packets:22036 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000
              RX bytes:9652915 (9.2 MiB)  TX bytes:10193650 (9.7 MiB)
              Interrupt:4 Base address:0x2000
    
    eth1      Link encap:Ethernet  HWaddr 94:44:52:AF:91:7F
              UP BROADCAST RUNNING ALLMULTI MULTICAST  MTU:1500  Metric:1
              RX packets:0 errors:0 dropped:0 overruns:0 frame:87941
              TX packets:0 errors:23 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000
              RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
              Interrupt:3 Base address:0x1000
    
    eth2      Link encap:Ethernet  HWaddr 94:44:52:AF:91:80
              UP BROADCAST RUNNING ALLMULTI MULTICAST  MTU:1500  Metric:1
              RX packets:0 errors:0 dropped:0 overruns:0 frame:0
              TX packets:0 errors:25 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000
              RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
              Interrupt:6 Base address:0x8000
    
    lo        Link encap:Local Loopback
              inet addr:127.0.0.1  Mask:255.0.0.0
              inet6 addr: ::1/128 Scope:Host
              UP LOOPBACK RUNNING MULTICAST  MTU:16436  Metric:1
              RX packets:7 errors:0 dropped:0 overruns:0 frame:0
              TX packets:7 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0
              RX bytes:770 (770.0 B)  TX bytes:770 (770.0 B)
    
    vlan1      Link encap:Ethernet  HWaddr 94:44:52:AF:91:7D
              UP BROADCAST RUNNING ALLMULTI MULTICAST  MTU:1500  Metric:1
              RX packets:8785 errors:0 dropped:0 overruns:0 frame:0
              TX packets:10225 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0
              RX bytes:4205130 (4.0 MiB)  TX bytes:4907347 (4.6 MiB)
    
    vlan2      Link encap:Ethernet  HWaddr 94:44:52:AF:91:7E
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:13078 errors:0 dropped:0 overruns:0 frame:0
              TX packets:11417 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0
              RX bytes:4986603 (4.7 MiB)  TX bytes:5268179 (5.0 MiB)
    
    vlan3      Link encap:Ethernet  HWaddr 94:44:52:AF:91:7D
              inet addr:192.168.180.1  Bcast:192.168.180.255  Mask:255.255.255.0
              UP BROADCAST RUNNING ALLMULTI MULTICAST  MTU:1500  Metric:1
              RX packets:1057 errors:0 dropped:0 overruns:0 frame:0
              TX packets:394 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0
              RX bytes:48622 (47.4 KiB)  TX bytes:18124 (17.6 KiB)
    
    root@unknown:/tmp/home/root# iptables -P INPUT ACCEPT
    root@unknown:/tmp/home/root# iptables -P OUTPUT ACCEPT
    root@unknown:/tmp/home/root# iptables -F INPUT
    root@unknown:/tmp/home/root# iptables -F OUTPUT
    root@unknown:/tmp/home/root# iptables -nvL
    Chain INPUT (policy ACCEPT 50 packets, 3668 bytes)
    pkts bytes target    prot opt in    out    source              destination
    
    Chain FORWARD (policy DROP 0 packets, 0 bytes)
    pkts bytes target    prot opt in    out    source              destination
        0    0            all  --  *      *      0.0.0.0/0            0.0.0.0/0          account: network/netmask: 192.168.179.0/255.255.255.0 name: lan
        0    0            all  --  *      *      0.0.0.0/0            0.0.0.0/0          account: network/netmask: 192.168.180.0/255.255.255.0 name: lan1
        0    0 ACCEPT    all  --  br0    br0    0.0.0.0/0            0.0.0.0/0
        0    0 ACCEPT    all  --  br1    br1    0.0.0.0/0            0.0.0.0/0
        0    0 DROP      all  --  *      *      0.0.0.0/0            0.0.0.0/0          state INVALID
        0    0 TCPMSS    tcp  --  *      *      0.0.0.0/0            0.0.0.0/0          tcp flags:0x06/0x02 TCPMSS clamp to PMTU
        0    0 ACCEPT    all  --  *      *      0.0.0.0/0            0.0.0.0/0          state RELATED,ESTABLISHED
        0    0 DROP      all  --  br0    br1    0.0.0.0/0            0.0.0.0/0
        0    0 DROP      all  --  br1    br0    0.0.0.0/0            0.0.0.0/0
        0    0 wanin      all  --  vlan2  *      0.0.0.0/0            0.0.0.0/0
        0    0 wanout    all  --  *      vlan2  0.0.0.0/0            0.0.0.0/0
        0    0 ACCEPT    all  --  br0    *      0.0.0.0/0            0.0.0.0/0
        0    0 ACCEPT    all  --  br1    *      0.0.0.0/0            0.0.0.0/0
        0    0 upnp      all  --  vlan2  *      0.0.0.0/0            0.0.0.0/0
    
    Chain OUTPUT (policy ACCEPT 42 packets, 5672 bytes)
    pkts bytes target    prot opt in    out    source              destination
    
    Chain upnp (1 references)
    pkts bytes target    prot opt in    out    source              destination
    
    Chain wanin (1 references)
    pkts bytes target    prot opt in    out    source              destination
    
    Chain wanout (1 references)
    pkts bytes target    prot opt in    out    source              destination
    
    Everything is the same... however... I noticed one thing. I constantly pinged the IP of vlan3 from the directly connected SRX from the same subnet, and RX counters were constantly increased in sync with the ping on SRX side. So VLAN tagging SHOULD work, as it DOES receive tagged packets... the fun part is TX counters remain the same... as if no packets would leave the router on that interface. According to my knowledge it is quite impossible, because 192.168.180.0/24 is a directly connected subnet, and no iptables accepts everything...

    Btw. my routing table is also correct:
    Code:
    root@unknown:/tmp/home/root# route -n
    Kernel IP routing table
    Destination    Gateway        Genmask        Flags Metric Ref    Use Iface
    192.168.179.0  0.0.0.0        255.255.255.0  U    0      0        0 br0
    192.168.180.0  0.0.0.0        255.255.255.0  U    0      0        0 vlan3
    127.0.0.0      0.0.0.0        255.0.0.0      U    0      0        0 lo
    0.0.0.0        192.168.179.1  0.0.0.0        UG    0      0        0 br0
    
    Interesting...
     
  100. guyee

    guyee Reformed Router Member

    One more thing: RX counter on vlan3 increases by 1 packet, and 46 bytes. It seems to be an arp request for me, that doesn't get answered... and it explains why no traffic gets through that vlan...
     

Share This Page