Hi all,
Been using a DFRobot Router with a 4GB RAM/32GB eMMC for about a year now without issues.
I have been looking into building my own image for this, but I am having some issues.
The issue i have is that one IoT device will not connect to the internet. A Sureflap Hub to be exact.
Every other device connected to my my swtich and access point is working.
Is this something to do with the newly implemented firewall4 or am I stuck forever using 21.02.3?
If anyone is willing to help I will happily install one of the several images I have built and post any config files.
It's always a good idea to do this if you're seeking assistance.
Here we go:
network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option packet_steering '1'
config interface 'lan'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option device 'eth1'
config interface 'wan'
option proto 'dhcp'
option device 'eth0'
option broadcast '1'
option peerdns '0'
list dns '8.8.8.8'
list dns '8.8.4.4'
firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include 'miniupnpd'
option type 'script'
option path '/usr/share/miniupnpd/firewall.include'
dhcp
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option localservice '1'
option ednspacket_max '1232'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
option ra_slaac '1'
list ra_flags 'managed-config'
list ra_flags 'other-config'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config host
option name 'Netgearxxxxxx'
option dns '1'
option mac 'xx:xx:xx:xx:xx:xx'
option ip '192.168.1.2'
config domain
option name 'SureflapHub'
option ip '192.168.1.176'
config domain
option name 'YamahaAVR'
option ip '192.168.1.194'
config domain
option name 'Nest-Thermostat'
option ip '192.168.1.150'
config domain
option name 'PS5'
option ip '192.168.1.237'
SQM
config queue 'eth0'
option verbosity '5'
option interface 'eth0'
option debug_logging '1'
option ingress_ecn 'ECN'
option qdisc 'cake'
option squash_ingress '1'
option qdisc_really_really_advanced '1'
option qdisc_advanced '1'
option egress_ecn 'NOECN'
option squash_dscp '1'
option script 'piece_of_cake.qos'
option eqdisc_opts 'docsis nat ack-filter dual-srchost noatm'
option linklayer 'none'
option enabled '1'
option iqdisc_opts 'docsis besteffort ingress nat dual-dsthost noatm'
option upload '85000'
option download '850000'
1 Like
So after a week of troubleshooting I have just updated to 23.05.0-rc4 and everything is working fine now.
1 Like