Anyone else having Access Restriction probs?

Discussion in 'DD-WRT Firmware' started by yosemite610, Jan 9, 2006.

  1. yosemite610

    yosemite610 Network Guru Member

    I noticed, after turning on QoS (using mac addies) that my access restrictions (mac based also) don't appear to work.

    Specifically one MAC that's on both appears unaffected to a 24/7 deny setting in Access Restrictions.

    Hope this makes sense... TIA
  2. dellsweig

    dellsweig Network Guru Member

    I have had access restricition issues since the beginning of V23. None of them have been able to be re-produced by Brainslayer.

    My issues range from simple port blocks to URL and keyword filters.

    They seem to work sometimes and not others.

    I never tried to turn off QoS to see if they were related - will try that tonight.

    There have been and continue to be open tickets on access restricition issues on bugtrak.

    I had always assumed this was a design issue (in the Linky base) so Brainslayer never paid too much attention to it.
  3. dellsweig

    dellsweig Network Guru Member

    Did your problem with the access list resolve when you turned off QoS??
  4. bigjohns

    bigjohns Network Guru Member

    I just noticed that my LOGGING died after I added a new access restriction yesterday. CRAP. All I get now is system log...
  5. RcNorth

    RcNorth Network Guru Member

    I have QoS on, with access restrictions. But my QoS does not involve any MAC addresses, only services. MY Access Restrictions do involve MAC addresses.
    For the first few days of running the new v23 firmware I was running Access Restrictions based on MAC and they have always worked. It sure sounds like you can't use MAC QoS and MAC AR at the same time.
  6. bigjohns

    bigjohns Network Guru Member

    i have MAC static IP, IP/netmask QOS + Service QOS, and IP access restrictions.

    Restrictions are not working right. And logging has stopped working... arrgh.
  7. yosemite610

    yosemite610 Network Guru Member

    Interesting. I tried turning on logging and I don't get any results (enabled, high, on, on, on).
  8. bigjohns

    bigjohns Network Guru Member

    which version are you using? I'm still on 06 december.
  9. yosemite610

    yosemite610 Network Guru Member

    DD-WRT v23 (12/25/05)

    Side note: I noticed there was no time showing up in Status. I turned on NTP Client. Now it shows the date/time.

    I wonder if that would have messed up access restrictions/logging? QOS?
  10. dellsweig

    dellsweig Network Guru Member

    There was a bug fixed in the beta where logging would stop as a result of certain bad L7 access filters.

    See if you still have these issues with the final release
  11. dellsweig

    dellsweig Network Guru Member

    Appears to be a some see it some dont issue. See bugtrak 000598

    I wish this problem would effect Brainslayer so it would get fixed....

    There is some combination of settings which render access lists useless and in some cases still effects logging. It only effects some installations as well - not an easy one to duplicate or find.
  12. bigjohns

    bigjohns Network Guru Member

    Here is a representation of the problem. NTOP uses winpcap to capture packets and examine them. It's catching L7. So the access restrictions are not working.

    Here is the screenshot showing that I should be blocking that unit from using Edonkey / bit torrent, etc.

  13. bigjohns

    bigjohns Network Guru Member

    Ok... funny thing. I delete my access restrictions and LOGGING works...


    So maybe I need to figure out firewall builder to handle configuring this for me? That way I'd use one interface to build the IPTABLES rules?

    Help and advice welcome...
  14. dellsweig

    dellsweig Network Guru Member


    Are you using the V23 Final??

    This problem was supposed to have been fixed a while ago.. I had reported logging problems for months until it was finally figured out to be related to certain L7 filters. I guess the problem still exists.

    I am also having problems with simple port access restrictions.

    One access list, one IP address one port (VNC port 5900).

    I enable filter, then open VNC client - no problem connecting thorugh router. I see the traffic in the syslog as well.

    It is NOT worth reporting this as a bug as NO ONE will look at it. It seems the difficult internal problems dont get addressed. I have had varients of this problem in bugtrak for a while.

    I am sure there is some other dependency in the config causing this as most folks dont seem to have any problem with access lists

    Let me know what you find
  15. dellsweig

    dellsweig Network Guru Member


    Have you made any progress here??

    I have done a complete reflash (V23 Std), hard reset, manual reconfigure and still cannot get a simple tcp port based access list working

    There appears to be no rhyme or reason as to when a port filter (not L7) will work, when a url or keyword filter will work. Sometimes they work , sometimes the same filters stop working.

    The filters seem to never work when the client is connected through a WDS node.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice