Help in how to route all traffic: WAN - LAN and OpenVPN - LAN

Installing and Using OpenWrt Network and Wireless Configuration
1

Hello,

I have a GL-MT300N-V2 connected to another router “home router” (GL-MT300N-V2 WAN port connected to main router LAN port with a static IP address).
Also, I have another device connected to the GL-MT300N-V2 LAN port, this device has it’s own web configuration interface.

configuration

Into the GL-MT300N-V2 I have configured an OpenVPN connection to an external OpenVPN Server (that work correctly).

I need to configure the GL-MT300N-V2 in order to:

  1. If a user connects to the OpenVPN server and types the GL-MT300N-V2 VPN IP address, it must be forwarded to the web interface into the IP address of the device connected to the GL-MT300N-V2 LAN port.
  2. If a user tries to connect to the GL-MT300N-V2 inside the home network (typing the GL-MT300N-V2 IP Address, it must be forwarded to the web interface into the IP address of the device connected to the GL-MT300N-V2 LAN port.

In other words, I need to make the GL-MT300N-V2 transparent to the connection in both VPN and WAN to LAN connections.

I have tried to write some rules but it does not work, I'm not able to reach the LAN device.

config redirect                                   
		option target 'DNAT'   
		option src 'wan'       
		option dest 'lan'      
		option proto 'tcp udp'    
		option dest_port '80' 
		option name 'wan_lan'     
		option dest_ip '172.16.0.1'
		option src_dport '80'

config rule 
		option name 'Allow-web'
		option dest_port '80'
		option proto 'tcp udp'
		option src 'wan'
		option target 'ACCEPT'

config redirect                                   
		option target 'DNAT'   
		option src 'VPN_client'       
		option dest 'lan'      
		option proto 'tcp udp'    
		option dest_port '80' 
		option name 'vpn_lan'     
		option dest_ip '172.16.0.1'
		option src_dport '80'

This is the result of my tests:

This is the result of my tests:

  1. Ethernet Wan to Lan redirect: Does not work
  2. WiFi to Lan: Work , I can configure the router at 172.16.0.254 and my device at 172.16.0.1
  3. OpenVPN to Lan: Does not work , also I need to disable the forward rule to connect again to the configuration interface of GL-MT300N-V2.

Please, can anyone help me?

Thank you

2

Please show from GL-MT300N-V2:

ip a; ip r
uci show network
uci show firewall
3

@vgaetera thank you for your answer.
These are the requested info.

Thank you :slight_smile:

**ip a; ip r**
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 1000
    link/ether e4:95:6e:43:ef:c6 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::e695:6eff:fe43:efc6/64 scope link
       valid_lft forever preferred_lft forever
3: ifb0: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN group default qlen 32
    link/ether 72:8a:e2:6b:7b:e2 brd ff:ff:ff:ff:ff:ff
4: ifb1: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN group default qlen 32
    link/ether 92:6a:40:71:c3:f6 brd ff:ff:ff:ff:ff:ff
5: gre0@NONE: <NOARP> mtu 1476 qdisc noop state DOWN group default qlen 1
    link/gre 0.0.0.0 brd 0.0.0.0
6: gretap0@NONE: <BROADCAST,MULTICAST> mtu 1462 qdisc noop state DOWN group default qlen 1000
    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
7: ra0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master br-lan state UP group default qlen 1000
    link/ether e4:95:6e:43:ef:c6 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::e695:6eff:fe43:efc6/64 scope link
       valid_lft forever preferred_lft forever
8: wds0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether e4:95:6e:43:ef:c6 brd ff:ff:ff:ff:ff:ff
9: wds1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether e4:95:6e:43:ef:c6 brd ff:ff:ff:ff:ff:ff
10: wds2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether e4:95:6e:43:ef:c6 brd ff:ff:ff:ff:ff:ff
11: wds3: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether e4:95:6e:43:ef:c6 brd ff:ff:ff:ff:ff:ff
12: apcli0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether e6:95:6e:03:ef:c6 brd ff:ff:ff:ff:ff:ff
13: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether e4:95:6e:43:ef:c6 brd ff:ff:ff:ff:ff:ff
    inet 172.16.0.254/16 brd 172.16.255.255 scope global br-lan
       valid_lft forever preferred_lft forever
    inet6 fd22:52dd:6c2b::1/60 scope global noprefixroute
       valid_lft forever preferred_lft forever
    inet6 fe80::e695:6eff:fe43:efc6/64 scope link
       valid_lft forever preferred_lft forever
14: eth0.1@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP group default qlen 1000
    link/ether e4:95:6e:43:ef:c6 brd ff:ff:ff:ff:ff:ff
15: eth0.2@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether e4:95:6e:43:ef:c6 brd ff:ff:ff:ff:ff:ff
    inet 192.168.198.13/24 brd 192.168.198.255 scope global eth0.2
       valid_lft forever preferred_lft forever
    inet6 fe80::e695:6eff:fe43:efc6/64 scope link
       valid_lft forever preferred_lft forever
16: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 100
    link/none
    inet 10.210.0.11/16 brd 10.210.255.255 scope global tun0
       valid_lft forever preferred_lft forever
default via 192.168.198.254 dev eth0.2  proto static  src 192.168.198.13
10.210.0.0/17 via 10.210.0.1 dev tun0
10.210.0.0/16 dev tun0  proto kernel  scope link  src 10.210.0.11
10.210.128.0/17 via 10.210.0.1 dev tun0
172.16.0.0/16 dev br-lan  proto kernel  scope link  src 172.16.0.254
192.168.198.0/24 dev eth0.2  proto kernel  scope link  src 192.168.198.13
192.168.198.254 dev eth0.2  proto static  scope link  src 192.168.198.13


**uci show network**
network.loopback=interface
network.loopback.ifname='lo'
network.loopback.proto='static'
network.loopback.ipaddr='127.0.0.1'
network.loopback.netmask='255.0.0.0'
network.globals=globals
network.globals.ula_prefix='fd22:52dd:6c2b::/48'
network.lan=interface
network.lan.type='bridge'
network.lan.ifname='eth0.1'
network.lan.proto='static'
network.lan.ip6assign='60'
network.lan.hostname='GL-MT300N-V2-fc6'
network.lan.ipaddr='172.16.0.254'
network.lan.netmask='255.255.0.0'
network.lan.broadcast='172.16.255.255'
network.lan_dev=device
network.lan_dev.name='eth0.1'
network.lan_dev.macaddr='e4:95:6e:43:ef:c6'
network.wan=interface
network.wan.ifname='eth0.2'
network.wan.proto='dhcp'
network.wan.hostname='GL-MT300N-V2-fc6'
network.wan.peerdns='0'
network.wan.custom_dns='1'
network.wan.dns='8.8.8.8 8.8.4.4'
network.wan_dev=device
network.wan_dev.name='eth0.2'
network.wan_dev.macaddr='e4:95:6e:43:ef:c6'
network.wan6=interface
network.wan6.ifname='eth0.2'
network.wan6.proto='dhcpv6'
network.@switch[0]=switch
network.@switch[0].name='switch0'
network.@switch[0].reset='1'
network.@switch[0].enable_vlan='1'
network.@switch_vlan[0]=switch_vlan
network.@switch_vlan[0].device='switch0'
network.@switch_vlan[0].vlan='1'
network.@switch_vlan[0].ports='1 6t'
network.@switch_vlan[1]=switch_vlan
network.@switch_vlan[1].device='switch0'
network.@switch_vlan[1].vlan='2'
network.@switch_vlan[1].ports='0 6t'
network.VPN_client=interface
network.VPN_client.ifname='tun0'
network.VPN_client.proto='none'





**uci show firewall**
firewall.@defaults[0]=defaults
firewall.@defaults[0].syn_flood='1'
firewall.@defaults[0].input='ACCEPT'
firewall.@defaults[0].output='ACCEPT'
firewall.@defaults[0].forward='REJECT'
firewall.@zone[0]=zone
firewall.@zone[0].name='lan'
firewall.@zone[0].input='ACCEPT'
firewall.@zone[0].output='ACCEPT'
firewall.@zone[0].forward='ACCEPT'
firewall.@zone[0].network=' '
firewall.@zone[1]=zone
firewall.@zone[1].name='wan'
firewall.@zone[1].output='ACCEPT'
firewall.@zone[1].masq='1'
firewall.@zone[1].mtu_fix='1'
firewall.@zone[1].network='wan6'
firewall.@zone[1].input='REJECT'
firewall.@zone[1].forward='REJECT'
firewall.@rule[0]=rule
firewall.@rule[0].name='Allow-DHCP-Renew'
firewall.@rule[0].src='wan'
firewall.@rule[0].proto='udp'
firewall.@rule[0].dest_port='68'
firewall.@rule[0].target='ACCEPT'
firewall.@rule[0].family='ipv4'
firewall.@rule[1]=rule
firewall.@rule[1].name='Allow-Ping'
firewall.@rule[1].src='wan'
firewall.@rule[1].proto='icmp'
firewall.@rule[1].icmp_type='echo-request'
firewall.@rule[1].family='ipv4'
firewall.@rule[1].target='ACCEPT'
firewall.@rule[2]=rule
firewall.@rule[2].name='Allow-IGMP'
firewall.@rule[2].src='wan'
firewall.@rule[2].proto='igmp'
firewall.@rule[2].family='ipv4'
firewall.@rule[2].target='ACCEPT'
firewall.@rule[3]=rule
firewall.@rule[3].name='Allow-DHCPv6'
firewall.@rule[3].src='wan'
firewall.@rule[3].proto='udp'
firewall.@rule[3].src_ip='fc00::/6'
firewall.@rule[3].dest_ip='fc00::/6'
firewall.@rule[3].dest_port='546'
firewall.@rule[3].family='ipv6'
firewall.@rule[3].target='ACCEPT'
firewall.@rule[4]=rule
firewall.@rule[4].name='Allow-MLD'
firewall.@rule[4].src='wan'
firewall.@rule[4].proto='icmp'
firewall.@rule[4].src_ip='fe80::/10'
firewall.@rule[4].icmp_type='130/0' '131/0' '132/0' '143/0'
firewall.@rule[4].family='ipv6'
firewall.@rule[4].target='ACCEPT'
firewall.@rule[5]=rule
firewall.@rule[5].name='Allow-ICMPv6-Input'
firewall.@rule[5].src='wan'
firewall.@rule[5].proto='icmp'
firewall.@rule[5].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type' 'router-solicitation' 'neighbour-solicitation' 'router-advertisement' 'neighbour-advertisement'
firewall.@rule[5].limit='1000/sec'
firewall.@rule[5].family='ipv6'
firewall.@rule[5].target='ACCEPT'
firewall.@rule[6]=rule
firewall.@rule[6].name='Allow-ICMPv6-Forward'
firewall.@rule[6].src='wan'
firewall.@rule[6].dest='*'
firewall.@rule[6].proto='icmp'
firewall.@rule[6].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type'
firewall.@rule[6].limit='1000/sec'
firewall.@rule[6].family='ipv6'
firewall.@rule[6].target='ACCEPT'
firewall.@rule[7]=rule
firewall.@rule[7].name='Allow-IPSec-ESP'
firewall.@rule[7].src='wan'
firewall.@rule[7].dest='lan'
firewall.@rule[7].proto='esp'
firewall.@rule[7].target='ACCEPT'
firewall.@rule[8]=rule
firewall.@rule[8].name='Allow-ISAKMP'
firewall.@rule[8].src='wan'
firewall.@rule[8].dest='lan'
firewall.@rule[8].dest_port='500'
firewall.@rule[8].proto='udp'
firewall.@rule[8].target='ACCEPT'
firewall.@include[0]=include
firewall.@include[0].path='/etc/firewall.user'
firewall.miniupnpd=include
firewall.miniupnpd.type='script'
firewall.miniupnpd.path='/usr/share/miniupnpd/firewall.include'
firewall.miniupnpd.family='any'
firewall.miniupnpd.reload='1'
firewall.shadowsocks=include
firewall.shadowsocks.type='script'
firewall.shadowsocks.path='/var/etc/shadowsocks.include'
firewall.shadowsocks.reload='1'
firewall.glservice_rule=rule
firewall.glservice_rule.name='glservice'
firewall.glservice_rule.dest_port='83'
firewall.glservice_rule.proto='tcp udp'
firewall.glservice_rule.src='wan'
firewall.glservice_rule.target='ACCEPT'
firewall.glservice_rule.enabled='0'
firewall.vpn_zone=zone
firewall.vpn_zone.name='VPN_client'
firewall.vpn_zone.input='ACCEPT'
firewall.vpn_zone.forward='REJECT'
firewall.vpn_zone.output='ACCEPT'
firewall.vpn_zone.network='VPN_client'
firewall.vpn_zone.masq='1'
firewall.@redirect[0]=redirect
firewall.@redirect[0].target='DNAT'
firewall.@redirect[0].src='wan'
firewall.@redirect[0].dest='lan'
firewall.@redirect[0].proto='tcp'
firewall.@redirect[0].src_dport='80'
firewall.@redirect[0].dest_ip='172.16.0.1'
firewall.@redirect[0].dest_port='80'
firewall.@redirect[0].name='Allow-MRC-wan'
firewall.@redirect[1]=redirect
firewall.@redirect[1].target='DNAT'
firewall.@redirect[1].src='VPN_client'
firewall.@redirect[1].dest='lan'
firewall.@redirect[1].proto='tcp'
firewall.@redirect[1].src_dport='80'
firewall.@redirect[1].dest_ip='172.16.0.1'
firewall.@redirect[1].dest_port='80'
firewall.@redirect[1].name='Allow-MRC-vpn'
firewall.@rule[10]=rule
firewall.@rule[10].target='ACCEPT'
firewall.@rule[10].src='wan'
firewall.@rule[10].proto='tcp'
firewall.@rule[10].dest_port='80'
firewall.@rule[10].name='Allow-web'
firewall.@rule[11]=rule
firewall.@rule[11].target='ACCEPT'
firewall.@rule[11].proto='tcp'
firewall.@rule[11].dest_port='22'
firewall.@rule[11].name='Allow-ssh'
firewall.@rule[11].src='wan'
firewall.@redirect[2]=redirect
firewall.@redirect[2].target='SNAT'
firewall.@redirect[2].dest='lan'
firewall.@redirect[2].proto='all'
firewall.@redirect[2].src_dip='any'
firewall.@redirect[2].dest_ip='172.16.0.1'
firewall.@redirect[2].src='wan'
firewall.@redirect[2].name='WTL'
firewall.@redirect[2].enabled='0'
firewall.@redirect[3]=redirect
firewall.@redirect[3].target='SNAT'
firewall.@redirect[3].dest='lan'
firewall.@redirect[3].proto='all'
firewall.@redirect[3].src_dip='any'
firewall.@redirect[3].dest_ip='172.16.0.1'
firewall.@redirect[3].src='VPN_client'
firewall.@redirect[3].name='VTL'
firewall.@redirect[3].enabled='0'
firewall.forwarding_origin=forwarding
firewall.forwarding_origin.src='lan'
firewall.forwarding_origin.dest='wan'
firewall.forwarding_vpn1=forwarding
firewall.forwarding_vpn1.dest='VPN_client'
firewall.forwarding_vpn1.src='lan'
5

There're 2 important questions:

  1. I see only networks wan6 and VPN_client assigned to firewall zones.
    Where are networks lan and wan assigned to?

  2. Permissive rules for forwarded ports are created automatically.
    What are those firewall forwardings (forwarding_origin, forwarding_vpn1) needed for?

6

Hello @vgaetera, sorry for my late answer.
I'm not an expert, I have for sure make some mistakes.

What do I need to do to fix these settings?
Can be useful if I post here the setting files? If yes, what files are needed?

Thank you

7

For the beginning let's assign those missing networks to the zones:

uci delete firewall.@zone[0].network
uci add_list firewall.@zone[0].network="lan"
uci delete firewall.@zone[1].network
uci add_list firewall.@zone[1].network="wan"
uci add_list firewall.@zone[1].network="wan6"
uci commit firewall
uci restart firewall

Then check what works and what doesn't.

8

After applying the commands, I'm unable to connect to the GL-MT300N-V2.
The only way is to ssh and disable the firewall, after that, I can connect to GL-MT300N-V2 from 192.168.198.13.

9

I have reset the GL-MT300N-V2, reinstalled the OpenVPN certificate and configured the IP on LAN and WAN.
So we can start with a clean system.

I'll post again here the results for

ip a; ip r
uci show network
uci show firewall

ip a; ip r

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 1000
    link/ether e4:95:6e:43:ef:c6 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::e695:6eff:fe43:efc6/64 scope link
       valid_lft forever preferred_lft forever
3: ifb0: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN group default qlen 32
    link/ether a2:8c:03:bc:01:d0 brd ff:ff:ff:ff:ff:ff
4: ifb1: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN group default qlen 32
    link/ether 22:15:80:f2:06:29 brd ff:ff:ff:ff:ff:ff
5: gre0@NONE: <NOARP> mtu 1476 qdisc noop state DOWN group default qlen 1
    link/gre 0.0.0.0 brd 0.0.0.0
6: gretap0@NONE: <BROADCAST,MULTICAST> mtu 1462 qdisc noop state DOWN group default qlen 1000
    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
7: ra0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master br-lan state UP group default qlen 1000
    link/ether e4:95:6e:43:ef:c6 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::e695:6eff:fe43:efc6/64 scope link
       valid_lft forever preferred_lft forever
8: wds0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether e4:95:6e:43:ef:c6 brd ff:ff:ff:ff:ff:ff
9: wds1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether e4:95:6e:43:ef:c6 brd ff:ff:ff:ff:ff:ff
10: wds2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether e4:95:6e:43:ef:c6 brd ff:ff:ff:ff:ff:ff
11: wds3: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether e4:95:6e:43:ef:c6 brd ff:ff:ff:ff:ff:ff
12: apcli0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether e6:95:6e:03:ef:c6 brd ff:ff:ff:ff:ff:ff
13: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether e4:95:6e:43:ef:c6 brd ff:ff:ff:ff:ff:ff
    inet 172.16.0.254/16 brd 172.16.255.255 scope global br-lan
       valid_lft forever preferred_lft forever
    inet6 fd25:ef63:d393::1/60 scope global noprefixroute
       valid_lft forever preferred_lft forever
    inet6 fe80::e695:6eff:fe43:efc6/64 scope link
       valid_lft forever preferred_lft forever
14: eth0.1@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP group default qlen 1000
    link/ether e4:95:6e:43:ef:c6 brd ff:ff:ff:ff:ff:ff
15: eth0.2@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether e4:95:6e:43:ef:c6 brd ff:ff:ff:ff:ff:ff
    inet 192.168.198.13/24 brd 192.168.198.255 scope global eth0.2
       valid_lft forever preferred_lft forever
    inet6 fe80::e695:6eff:fe43:efc6/64 scope link
       valid_lft forever preferred_lft forever
16: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 100
    link/none
    inet 10.210.0.11/16 brd 10.210.255.255 scope global tun0
       valid_lft forever preferred_lft forever
default via 192.168.198.254 dev eth0.2  proto static  src 192.168.198.13
10.210.0.0/17 via 10.210.0.1 dev tun0
10.210.0.0/16 dev tun0  proto kernel  scope link  src 10.210.0.11
10.210.128.0/17 via 10.210.0.1 dev tun0
172.16.0.0/16 dev br-lan  proto kernel  scope link  src 172.16.0.254
192.168.198.0/24 dev eth0.2  proto kernel  scope link  src 192.168.198.13
192.168.198.254 dev eth0.2  proto static  scope link  src 192.168.198.13

uci show network

network.loopback=interface
network.loopback.ifname='lo'
network.loopback.proto='static'
network.loopback.ipaddr='127.0.0.1'
network.loopback.netmask='255.0.0.0'
network.globals=globals
network.globals.ula_prefix='fd25:ef63:d393::/48'
network.lan=interface
network.lan.type='bridge'
network.lan.ifname='eth0.1'
network.lan.proto='static'
network.lan.ip6assign='60'
network.lan.hostname='GL-MT300N-V2-fc6'
network.lan.ipaddr='172.16.0.254'
network.lan.netmask='255.255.0.0'
network.lan.broadcast='172.16.255.255'
network.lan_dev=device
network.lan_dev.name='eth0.1'
network.lan_dev.macaddr='e4:95:6e:43:ef:c6'
network.wan=interface
network.wan.ifname='eth0.2'
network.wan.proto='dhcp'
network.wan.hostname='GL-MT300N-V2-fc6'
network.wan.peerdns='0'
network.wan.custom_dns='1'
network.wan.dns='1.1.1.1 1.0.0.1'
network.wan_dev=device
network.wan_dev.name='eth0.2'
network.wan_dev.macaddr='e4:95:6e:43:ef:c6'
network.wan6=interface
network.wan6.ifname='eth0.2'
network.wan6.proto='dhcpv6'
network.@switch[0]=switch
network.@switch[0].name='switch0'
network.@switch[0].reset='1'
network.@switch[0].enable_vlan='1'
network.@switch_vlan[0]=switch_vlan
network.@switch_vlan[0].device='switch0'
network.@switch_vlan[0].vlan='1'
network.@switch_vlan[0].ports='1 6t'
network.@switch_vlan[1]=switch_vlan
network.@switch_vlan[1].device='switch0'
network.@switch_vlan[1].vlan='2'
network.@switch_vlan[1].ports='0 6t'
network.VPN_client=interface
network.VPN_client.ifname='tun0'
network.VPN_client.proto='none'

uci show firewall

firewall.@defaults[0]=defaults
firewall.@defaults[0].syn_flood='1'
firewall.@defaults[0].input='ACCEPT'
firewall.@defaults[0].output='ACCEPT'
firewall.@defaults[0].forward='REJECT'
firewall.@zone[0]=zone
firewall.@zone[0].name='lan'
firewall.@zone[0].network='lan'
firewall.@zone[0].input='ACCEPT'
firewall.@zone[0].output='ACCEPT'
firewall.@zone[0].forward='ACCEPT'
firewall.@zone[1]=zone
firewall.@zone[1].name='wan'
firewall.@zone[1].network='wan' 'wan6'
firewall.@zone[1].output='ACCEPT'
firewall.@zone[1].forward='REJECT'
firewall.@zone[1].masq='1'
firewall.@zone[1].mtu_fix='1'
firewall.@zone[1].input='ACCEPT'
firewall.@rule[0]=rule
firewall.@rule[0].name='Allow-DHCP-Renew'
firewall.@rule[0].src='wan'
firewall.@rule[0].proto='udp'
firewall.@rule[0].dest_port='68'
firewall.@rule[0].target='ACCEPT'
firewall.@rule[0].family='ipv4'
firewall.@rule[1]=rule
firewall.@rule[1].name='Allow-Ping'
firewall.@rule[1].src='wan'
firewall.@rule[1].proto='icmp'
firewall.@rule[1].icmp_type='echo-request'
firewall.@rule[1].family='ipv4'
firewall.@rule[1].target='ACCEPT'
firewall.@rule[2]=rule
firewall.@rule[2].name='Allow-IGMP'
firewall.@rule[2].src='wan'
firewall.@rule[2].proto='igmp'
firewall.@rule[2].family='ipv4'
firewall.@rule[2].target='ACCEPT'
firewall.@rule[3]=rule
firewall.@rule[3].name='Allow-DHCPv6'
firewall.@rule[3].src='wan'
firewall.@rule[3].proto='udp'
firewall.@rule[3].src_ip='fc00::/6'
firewall.@rule[3].dest_ip='fc00::/6'
firewall.@rule[3].dest_port='546'
firewall.@rule[3].family='ipv6'
firewall.@rule[3].target='ACCEPT'
firewall.@rule[4]=rule
firewall.@rule[4].name='Allow-MLD'
firewall.@rule[4].src='wan'
firewall.@rule[4].proto='icmp'
firewall.@rule[4].src_ip='fe80::/10'
firewall.@rule[4].icmp_type='130/0' '131/0' '132/0' '143/0'
firewall.@rule[4].family='ipv6'
firewall.@rule[4].target='ACCEPT'
firewall.@rule[5]=rule
firewall.@rule[5].name='Allow-ICMPv6-Input'
firewall.@rule[5].src='wan'
firewall.@rule[5].proto='icmp'
firewall.@rule[5].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type' 'router-solicitation' 'neighbour-solicitation' 'router-advertisement' 'neighbour-advertisement'
firewall.@rule[5].limit='1000/sec'
firewall.@rule[5].family='ipv6'
firewall.@rule[5].target='ACCEPT'
firewall.@rule[6]=rule
firewall.@rule[6].name='Allow-ICMPv6-Forward'
firewall.@rule[6].src='wan'
firewall.@rule[6].dest='*'
firewall.@rule[6].proto='icmp'
firewall.@rule[6].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type'
firewall.@rule[6].limit='1000/sec'
firewall.@rule[6].family='ipv6'
firewall.@rule[6].target='ACCEPT'
firewall.@rule[7]=rule
firewall.@rule[7].name='Allow-IPSec-ESP'
firewall.@rule[7].src='wan'
firewall.@rule[7].dest='lan'
firewall.@rule[7].proto='esp'
firewall.@rule[7].target='ACCEPT'
firewall.@rule[8]=rule
firewall.@rule[8].name='Allow-ISAKMP'
firewall.@rule[8].src='wan'
firewall.@rule[8].dest='lan'
firewall.@rule[8].dest_port='500'
firewall.@rule[8].proto='udp'
firewall.@rule[8].target='ACCEPT'
firewall.@include[0]=include
firewall.@include[0].path='/etc/firewall.user'
firewall.miniupnpd=include
firewall.miniupnpd.type='script'
firewall.miniupnpd.path='/usr/share/miniupnpd/firewall.include'
firewall.miniupnpd.family='any'
firewall.miniupnpd.reload='1'
firewall.shadowsocks=include
firewall.shadowsocks.type='script'
firewall.shadowsocks.path='/var/etc/shadowsocks.include'
firewall.shadowsocks.reload='1'
firewall.glservice_rule=rule
firewall.glservice_rule.name='glservice'
firewall.glservice_rule.dest_port='83'
firewall.glservice_rule.proto='tcp udp'
firewall.glservice_rule.src='wan'
firewall.glservice_rule.target='ACCEPT'
firewall.glservice_rule.enabled='0'
firewall.vpn_zone=zone
firewall.vpn_zone.name='VPN_client'
firewall.vpn_zone.input='ACCEPT'
firewall.vpn_zone.forward='REJECT'
firewall.vpn_zone.output='ACCEPT'
firewall.vpn_zone.network='VPN_client'
firewall.vpn_zone.masq='1'
firewall.forwarding_origin=forwarding
firewall.forwarding_origin.src='lan'
firewall.forwarding_origin.dest='wan'
firewall.forwarding_vpn1=forwarding
firewall.forwarding_vpn1.dest='VPN_client'
firewall.forwarding_vpn1.src='lan'
10

That"s because you had port opening and port forwarding on the same port HTTP (80/TCP) from zone WAN.
The issue could be solved using HTTPS or alternate port for HTTP to access OpenWrt Web-UI (LUCI).

And now you need to return the lost settings back:

opkg update
opkg install luci-ssl
uci set uhttpd.main.redirect_https="0"
uci -q delete uhttpd.main.listen_http
uci add_list uhttpd.main.listen_http="0.0.0.0:8080"
uci add_list uhttpd.main.listen_http="[::]:8080"
uci commit uhttpd
/etc/init.d/uhttpd restart
uci add firewall rule
uci set firewall.@rule[-1].name="Allow-SSH-WAN"
uci set firewall.@rule[-1].src="wan"
uci set firewall.@rule[-1].dest_port="22"
uci set firewall.@rule[-1].proto="tcp"
uci set firewall.@rule[-1].target="ACCEPT"
uci add firewall rule
uci set firewall.@rule[-1].name="Allow-HTTPS-WAN"
uci set firewall.@rule[-1].src="wan"
uci set firewall.@rule[-1].dest_port="443"
uci set firewall.@rule[-1].proto="tcp"
uci set firewall.@rule[-1].target="ACCEPT"
uci add firewall rule
uci set firewall.@rule[-1].name="Allow-HTTP-8080-WAN"
uci set firewall.@rule[-1].src="wan"
uci set firewall.@rule[-1].dest_port="8080"
uci set firewall.@rule[-1].proto="tcp"
uci set firewall.@rule[-1].target="ACCEPT"
uci add firewall redirect
uci set firewall.@redirect[-1].name="DNAT-HTTP-WAN-LAN"
uci set firewall.@redirect[-1].src="wan"
uci set firewall.@redirect[-1].src_dport="80"
uci set firewall.@redirect[-1].dest="lan"
uci set firewall.@redirect[-1].dest_ip="172.16.0.1"
uci set firewall.@redirect[-1].proto="tcp"
uci set firewall.@redirect[-1].target="DNAT"
uci add firewall redirect
uci set firewall.@redirect[-1].name="DNAT-HTTP-VPN-LAN"
uci set firewall.@redirect[-1].src="VPN_client"
uci set firewall.@redirect[-1].src_dport="80"
uci set firewall.@redirect[-1].dest="lan"
uci set firewall.@redirect[-1].dest_ip="172.16.0.1"
uci set firewall.@redirect[-1].proto="tcp"
uci set firewall.@redirect[-1].target="DNAT"
uci add firewall redirect
uci set firewall.@redirect[-1].name="SNAT-HTTP-WAN-LAN"
uci set firewall.@redirect[-1].src="wan"
uci set firewall.@redirect[-1].src_dip="172.16.0.254"
uci set firewall.@redirect[-1].dest="lan"
uci set firewall.@redirect[-1].dest_port="80"
uci set firewall.@redirect[-1].proto="tcp"
uci set firewall.@redirect[-1].target="SNAT"
uci add firewall redirect
uci set firewall.@redirect[-1].name="SNAT-HTTP-VPN-LAN"
uci set firewall.@redirect[-1].src="VPN_client"
uci set firewall.@redirect[-1].src_dip="172.16.0.254"
uci set firewall.@redirect[-1].dest="lan"
uci set firewall.@redirect[-1].dest_port="80"
uci set firewall.@redirect[-1].proto="tcp"
uci set firewall.@redirect[-1].target="SNAT"
uci commit firewall
/etc/init.d/firewall restart

:slight_smile:

11

@vgaetera thank you for your support.

Before return the settings back, I need to insert also my old settings (pasted following) or they are useless and I need to use only your settings? Sorry but I'm not an expert.

config redirect                                   
   	option target 'DNAT'   
   	option src 'wan'       
   	option dest 'lan'      
   	option proto 'tcp udp'    
   	option dest_port '80' 
   	option name 'wan_lan'     
   	option dest_ip '172.16.0.1'
   	option src_dport '80'

config rule 
   	option name 'Allow-web'
   	option dest_port '80'
   	option proto 'tcp udp'
   	option src 'wan'
   	option target 'ACCEPT'

config redirect                                   
   	option target 'DNAT'   
   	option src 'VPN_client'       
   	option dest 'lan'      
   	option proto 'tcp udp'    
   	option dest_port '80' 
   	option name 'vpn_lan'     
   	option dest_ip '172.16.0.1'
   	option src_dport '80'

:roll_eyes:

Thank you :grinning:

12

I've already included the rules required for your task in the post above.
So run the commands and test.
Result will determine the course of actions.

13

Hi @vgaetera, thank you for your time and help :slight_smile:

These are the results after applying your command sequences:

  1. If I try to connect to 192.168.198.13 (WAN) the browser start to show the GL-MT300N-V2 welcome text "This page will be redirected in 2 seconds... " and after that nothing happens.
    It does not load the 172.16.0.1 device web interface (for simplicity I have connected a printer server device to this LAN port setting it with a static IP 172.16.0.1, the print server has it own admin interface but it does not load it).

  2. If I try to connect to 192.168.198.13 with https I see the follow looping text:

ELFà@4t4 44@4@  TT@T@ppp@p@pˆˆ@ˆ@@@Ð&Ð&Ð&Ð&AÐ&A—°  @ @Qåtd/lib/ld-musl-mipsel-sf.so.1 öò§A–ÇÔá8@ ` @¸@ø @@ hp'A 'Appp@ ppOp&p @2pà&Aþÿÿo@ÿÿÿoðÿÿo` @CO 1/.:#>63"%0!7'4 J,;$(@HM8D E5e2C*)&-+A=9a <FL?BIGNKÈY@hAù@7€@­` @ ³p(AÐl(Aç'A½8(A~8@ï &@"ƒh(AÖU@X8(A%‚ @öb'A>'AoÁ@6L8(Aw`(AÞÑ@DÀ&@"£'AŽd(A‹@@E8(A0'AÕ€(A k5MäÒez%Á`Pß$*}Ÿ$ÿ3!Lm÷¹qFû]'v Ú.ž[T˜ðëdV°„__stack_chk_guardsprintffopenfgetsstrstrfclose__stack_chk_failstrchrstrlenmallocstrcpywww_pathfseekftellwholefreadfirst_wordlast_wordmemsetgetShellCommandReturnLineget_model_nameis_nandis_nand_flashinit_dictmp_pathstrcmpstrncpyget_ddns_namestrcasecmpstatsystemfputsmkdirtmp__mobile_pathtranslate_pagecgi_session_varreplace_stringinitializeguci_initcgi_initcgi_process_formcgi_session_startcgi_session_freecgi_free_cookiescgi_endguci_freegetenvget_flash_readyneed_new_passwordcgi_session_var_existsgenerate_tokencgi_session_register_varcgi_paramaccessrenameguci_getguci_setguci_commitget_htmldelete_diclibglinet.so__RLD_MAP_finiwlan_driver_versionlibfcgi.so.0libglutil.solibgcc_s.so.1__register_frame_info__deregister_frame_infolibc.so__libc_start_main_ftext_fdata_edata__bss_start_fbssGLIBC_2.0áii ^è&A ì&Að&Aàÿ½'¼¯¿¯a¼¿à ½'ðj“ðô@2iâšeðþdsxgÓàñ+y‚g Ò’€ñnm@ê:e’“CàÐðD™ ”ÐgÒ’uâ’@ê:e!÷â]gð¸™`ð@¢ ”dñM¾òUÀ ’@ê:e* ’𸙔„ñM@ê:e"ð™ñHð™ñHðð\™ “@÷°gqä@ê:eg ’𸙠”„ñM@ê:e *°ðL™Aó@ê:eÂg𸙒„ñMg@ê:eðð\™ “@÷°gqä@ê:eg’@ê:e “Iã Ò} ’𸙠”¤ñM@ê:e8*’ “ðð™@š8eÒ@÷•qâ@è Ò’”@ê:e “ð¸™Iã” ÒPð\™ÄñM@ê:epg@ñ*0ðT™@šr`ðX™$ñJðX™ñJg¢g ” ’;e@ë‘âg’¹ ’𸙠”ÄñM@ê:e-*°ðD™ð˜™Aó°gÄñL@ê:e@÷áòL‚Ó "’g@ê:eÂg “’°gqâ’@ê:eðð\™“ ”𸙑ãäñM@ê:e ’J‡ ’𸙠”äñM@ê:e*ðð\™ “•@÷qä@ê:e”n ’𸙠”òM@ê:e*ðð\™•qyð™Ò‚g ’$òH°g@ê:e*’•€š ’@ê:e–@÷že|gðð|›*ð¸™$òM" ’°gQä@ë;eRð™ ’$òH”°g@ê:e!*’•€š ’@ê:e–@÷že|gðð|›*ð¸™DòM ’;e@ëQä ’ J ’°gQä@ë;e ’J ’𸙔DòM@ê:e!*’ nmg@ê:eðP™ð˜™°gdòL@ê:eJz*ð¸™ðð\™dòM “@÷qä@ê:e ’Jì’šyÒ> A˜•‚g Ò ’@ê:e* ’𸙔„òM@ê:e*ðð\™ “ •@÷qä@ê:e˜e ’•€˜@ê:eæ"˜Ù ’𸙔„ñM@ê:eg*ðð\™ “ ˜@÷qä@ê:e€˜’@ê:e “Iã ÒV “ðð\™•@÷qä@ê:e’”@ê:e “AóIãàón Ò’mg@ê:e’𸙖Ga„òMg@ê:eñ@™g@ê:eej  “ + ”!÷ã?ðLÃDgJ Òj ÒHӐðX™•@÷@ê:e°ðð™”@è8e”@è8e“!÷”j`›Žëa#pðD™@ê:ejBØÏ@÷cððd èeðjñô@2iâše`ððd /dev/pts/0tokenHTTP-X-CSRF-TOKENindex/mobile/login/mobile/welcome/default_buttonThe requested page does not exist. Will go to home page in 2 seconds.PATH_INFO/mobile/logged/login/welcomelang/defaultar750mt300nmt300amt300n-v2/www/images/ar750_reset.png/www/images/reset.png/www/images/ar750_switch.png/www/images/switch.pngglconfig.general.languagechineseenglishzh_cnluci.main.langglconfigluciContent-Type: text/html; charset=utf-8 The requested page does not exist. Will go to home page in 5 seconds.%s/tmp/www/mobile/tmp/www//usr/share/glweb/A<à&™à&œ'#À!xà‚À ø þÿ'A<è&ù è&ø%A<ì&ù ì&ø%A<ð&ù ð&ø%ÿÿÿÿÿÿÿÿ€&@€&@€&@@&@P&@\&@€@'A`(Ah(Ad(A8(AY@l(AÑ@'A'Aù@Á@ @@U@

Again in this case, it's the GL-MT300N-V2 interface and not the printer server interface.

  1. If I try to connect through OpenVPN nothing happens like with the WAN connection.

  2. If I stop the firewall service I'm able to connect to GL-MT300N-V2 througt WAN or OpenVPN, but obviously it does not load the printer server interface.

17

Let's look at the NAT table to check the rules are applied correctly:

iptables-save -t nat

Workaround for HTTP:

uci set uhttpd.main.redirect_https="0"
uci delete uhttpd.main.listen_http
uci add_list uhttpd.main.listen_http="0.0.0.0:8080"
uci add_list uhttpd.main.listen_http="[::]:8080"
uci commit uhttpd
service uhttpd restart

uci add firewall rule
uci set firewall.@rule[-1].name="Allow-LUCI-WAN"
uci set firewall.@rule[-1].src="wan"
uci set firewall.@rule[-1].dest_port="8080"
uci set firewall.@rule[-1].proto="tcp"
uci set firewall.@rule[-1].target="ACCEPT"
uci commit firewall
service firewall restart

Ignore HTTPS for now, use http://192.168.198.13:8080/.

18

I have applied your settings.

iptables-save -t nat

# Generated by iptables-save v1.4.21 on Sun Sep 30 08:27:06 2018
*nat
:PREROUTING ACCEPT [892:302976]
:INPUT ACCEPT [6:879]
:OUTPUT ACCEPT [697:58527]
:POSTROUTING ACCEPT [74:4449]
:MINIUPNPD - [0:0]
:MINIUPNPD-POSTROUTING - [0:0]
:postrouting_VPN_client_rule - [0:0]
:postrouting_lan_rule - [0:0]
:postrouting_rule - [0:0]
:postrouting_wan_rule - [0:0]
:prerouting_VPN_client_rule - [0:0]
:prerouting_lan_rule - [0:0]
:prerouting_rule - [0:0]
:prerouting_wan_rule - [0:0]
:zone_VPN_client_postrouting - [0:0]
:zone_VPN_client_prerouting - [0:0]
:zone_lan_postrouting - [0:0]
:zone_lan_prerouting - [0:0]
:zone_wan_postrouting - [0:0]
:zone_wan_prerouting - [0:0]
-A PREROUTING -m comment --comment "!fw3: user chain for prerouting" -j prerouting_rule
-A PREROUTING -i br-lan -m comment --comment "!fw3" -j zone_lan_prerouting
-A PREROUTING -i eth0.2 -m comment --comment "!fw3" -j zone_wan_prerouting
-A PREROUTING -i tun0 -m comment --comment "!fw3" -j zone_VPN_client_prerouting
-A POSTROUTING -m comment --comment "!fw3: user chain for postrouting" -j postrouting_rule
-A POSTROUTING -o br-lan -m comment --comment "!fw3" -j zone_lan_postrouting
-A POSTROUTING -o eth0.2 -m comment --comment "!fw3" -j zone_wan_postrouting
-A POSTROUTING -o tun0 -m comment --comment "!fw3" -j zone_VPN_client_postrouting
-A zone_VPN_client_postrouting -m comment --comment "!fw3: user chain for postrouting" -j postrouting_VPN_client_rule
-A zone_VPN_client_postrouting -m comment --comment "!fw3" -j MASQUERADE
-A zone_VPN_client_prerouting -m comment --comment "!fw3: user chain for prerouting" -j prerouting_VPN_client_rule
-A zone_VPN_client_prerouting -p tcp -m tcp --dport 80 -m comment --comment "!fw3: Redirect-HTTP-VPN-LAN" -j DNAT --to-destination 172.16.0.1:80
-A zone_lan_postrouting -m comment --comment "!fw3: user chain for postrouting" -j postrouting_lan_rule
-A zone_lan_postrouting -s 172.16.0.0/16 -d 172.16.0.1/32 -p tcp -m tcp --dport 80 -m comment --comment "!fw3: Redirect-HTTP-WAN-LAN (reflection)" -j SNAT --to-source 172.16.0.254
-A zone_lan_prerouting -m comment --comment "!fw3: user chain for prerouting" -j prerouting_lan_rule
-A zone_lan_prerouting -s 172.16.0.0/16 -d 192.168.198.13/32 -p tcp -m tcp --dport 80 -m comment --comment "!fw3: Redirect-HTTP-WAN-LAN (reflection)" -j DNAT --to-destination 172.16.0.1:80
-A zone_wan_postrouting -j MINIUPNPD-POSTROUTING
-A zone_wan_postrouting -m comment --comment "!fw3: user chain for postrouting" -j postrouting_wan_rule
-A zone_wan_postrouting -m comment --comment "!fw3" -j MASQUERADE
-A zone_wan_prerouting -j MINIUPNPD
-A zone_wan_prerouting -m comment --comment "!fw3: user chain for prerouting" -j prerouting_wan_rule
-A zone_wan_prerouting -p tcp -m tcp --dport 80 -m comment --comment "!fw3: Redirect-HTTP-WAN-LAN" -j DNAT --to-destination 172.16.0.1:80
COMMIT
# Completed on Sun Sep 30 08:27:06 2018

  1. If I try to connect to 192.168.198.13 (WAN) the browser start to show the GL-MT300N-V2 welcome text " This page will be redirected in 2 seconds... " and after it shows me the text like with https

  2. If I try to connect to 10.210.0.11 I see the welcome text and, after that, nothing happens.

Thank you :slight_smile:

19 
opkg update; opkg install tcpdump
tcpdump -ni any tcp and port http

This will show what's going on with HTTP-traffic.

20

tcpdump shows a looping answer only with 192.168.198.13 that is:

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
17:42:14.218161 ethertype IPv4, IP 10.10.0.1.63339 > 192.168.198.13.80: Flags [S], seq 141239361, win 64240, options [mss 1352,nop,wscale 8,nop,nop,sackOK], length 0
17:42:14.218161 IP 10.10.0.1.63339 > 192.168.198.13.80: Flags [S], seq 141239361, win 64240, options [mss 1352,nop,wscale 8,nop,nop,sackOK], length 0
17:42:14.218419 IP 10.10.0.1.63339 > 172.16.0.1.80: Flags [S], seq 141239361, win 64240, options [mss 1352,nop,wscale 8,nop,nop,sackOK], length 0
17:42:14.218444 IP 10.10.0.1.63339 > 172.16.0.1.80: Flags [S], seq 141239361, win 64240, options [mss 1352,nop,wscale 8,nop,nop,sackOK], length 0
17:42:14.473303 ethertype IPv4, IP 10.10.0.1.63340 > 192.168.198.13.80: Flags [S], seq 1164323036, win 64240, options [mss 1352,nop,wscale 8,nop,nop,sackOK], length 0
17:42:14.473303 IP 10.10.0.1.63340 > 192.168.198.13.80: Flags [S], seq 1164323036, win 64240, options [mss 1352,nop,wscale 8,nop,nop,sackOK], length 0
17:42:14.473598 IP 10.10.0.1.63340 > 172.16.0.1.80: Flags [S], seq 1164323036, win 64240, options [mss 1352,nop,wscale 8,nop,nop,sackOK], length 0
17:42:14.473627 IP 10.10.0.1.63340 > 172.16.0.1.80: Flags [S], seq 1164323036, win 64240, options [mss 1352,nop,wscale 8,nop,nop,sackOK], length 0
17:42:17.218297 ethertype IPv4, IP 10.10.0.1.63339 > 192.168.198.13.80: Flags [S], seq 141239361, win 64240, options [mss 1352,nop,wscale 8,nop,nop,sackOK], length 0
17:42:17.218297 IP 10.10.0.1.63339 > 192.168.198.13.80: Flags [S], seq 141239361, win 64240, options [mss 1352,nop,wscale 8,nop,nop,sackOK], length 0
17:42:17.218494 IP 10.10.0.1.63339 > 172.16.0.1.80: Flags [S], seq 141239361, win 64240, options [mss 1352,nop,wscale 8,nop,nop,sackOK], length 0
17:42:17.218517 IP 10.10.0.1.63339 > 172.16.0.1.80: Flags [S], seq 141239361, win 64240, options [mss 1352,nop,wscale 8,nop,nop,sackOK], length 0
17:42:17.484291 ethertype IPv4, IP 10.10.0.1.63340 > 192.168.198.13.80: Flags [S], seq 1164323036, win 64240, options [mss 1352,nop,wscale 8,nop,nop,sackOK], length 0
17:42:17.484291 IP 10.10.0.1.63340 > 192.168.198.13.80: Flags [S], seq 1164323036, win 64240, options [mss 1352,nop,wscale 8,nop,nop,sackOK], length 0
17:42:17.484492 IP 10.10.0.1.63340 > 172.16.0.1.80: Flags [S], seq 1164323036, win 64240, options [mss 1352,nop,wscale 8,nop,nop,sackOK], length 0
17:42:17.484516 IP 10.10.0.1.63340 > 172.16.0.1.80: Flags [S], seq 1164323036, win 64240, options [mss 1352,nop,wscale 8,nop,nop,sackOK], length 0
17:42:23.219130 ethertype IPv4, IP 10.10.0.1.63339 > 192.168.198.13.80: Flags [S], seq 141239361, win 64240, options [mss 1352,nop,wscale 8,nop,nop,sackOK], length 0
17:42:23.219130 IP 10.10.0.1.63339 > 192.168.198.13.80: Flags [S], seq 141239361, win 64240, options [mss 1352,nop,wscale 8,nop,nop,sackOK], length 0
17:42:23.219296 IP 10.10.0.1.63339 > 172.16.0.1.80: Flags [S], seq 141239361, win 64240, options [mss 1352,nop,wscale 8,nop,nop,sackOK], length 0
17:42:23.219318 IP 10.10.0.1.63339 > 172.16.0.1.80: Flags [S], seq 141239361, win 64240, options [mss 1352,nop,wscale 8,nop,nop,sackOK], length 0
17:42:23.488800 ethertype IPv4, IP 10.10.0.1.63340 > 192.168.198.13.80: Flags [S], seq 1164323036, win 64240, options [mss 1352,nop,wscale 8,nop,nop,sackOK], length 0
17:42:23.488800 IP 10.10.0.1.63340 > 192.168.198.13.80: Flags [S], seq 1164323036, win 64240, options [mss 1352,nop,wscale 8,nop,nop,sackOK], length 0
17:42:23.488965 IP 10.10.0.1.63340 > 172.16.0.1.80: Flags [S], seq 1164323036, win 64240, options [mss 1352,nop,wscale 8,nop,nop,sackOK], length 0
17:42:23.488987 IP 10.10.0.1.63340 > 172.16.0.1.80: Flags [S], seq 1164323036, win 64240, options [mss 1352,nop,wscale 8,nop,nop,sackOK], length 0

No answer on 10.210.0.11

21

At least we see, that HTTP is redirected to 172.16.0.1.
The lack of response is another question.
Let's make sure it is reachable:

opkg update; opkg install nmap
nmap -sV -p80 172.16.0.1
wget -O- http://172.16.0.1/
22

Here the answers:

Starting Nmap 7.31 ( https://nmap.org ) at 2018-10-01 06:22 GMT
Nmap scan report for 172.16.0.1
Host is up (0.00032s latency).
PORT   STATE SERVICE VERSION
80/tcp open  http    TP-LINK WR702N WAP http config
MAC Address: C0:4A:00:E9:07:F8 (Tp-link Technologies)
Service Info: Device: WAP; CPE: cpe:/h:tp-link:wr702n

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 10.19 seconds

and

Downloading 'http://172.16.0.1/'
Connecting to 172.16.0.1:80
HTTP error 401

It seems that it reaches the TP-LINK device connected to the LAN but it does not load the HTML admin interface.
If I connect to GL-MT300N-V2 WAN through WiFi (and I obtain an address 172.16.0.XXX), then I'm able to see the TP-LINK admin interface.

23 
kill $(ps | grep [t]cpdump | sed 's/ .*//') 2>/dev/null
tcpdump -ni any tcp and port http &
sleep 3; wget -O- http://172.16.0.1/
24 
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
Downloading 'http://172.16.0.1/'
07:21:52.703482 IP 172.16.0.254.52446 > 172.16.0.1.80: Flags [S], seq 2900303454, win 29200, options [mss 1460,sackOK,TS val 8306754 ecr 0,nop,wscale 4], length 0
07:21:52.703644 IP 172.16.0.254.52446 > 172.16.0.1.80: Flags [S], seq 2900303454, win 29200, options [mss 1460,sackOK,TS val 8306754 ecr 0,nop,wscale 4], length 0
07:21:52.703482 IP 172.16.0.254.52446 > 172.16.0.1.80: Flags [S], seq 2900303454, win 29200, options [mss 1460,sackOK,TS val 8306754 ecr 0,nop,wscale 4], length 0
07:21:52.703644 IP 172.16.0.254.52446 > 172.16.0.1.80: Flags [S], seq 2900303454, win 29200, options [mss 1460,sackOK,TS val 8306754 ecr 0,nop,wscale 4], length 0
07:21:52.703482 IP 172.16.0.254.52446 > 172.16.0.1.80: Flags [S], seq 2900303454, win 29200, options [mss 1460,sackOK,TS val 8306754 ecr 0,nop,wscale 4], length 0
07:21:52.703644 IP 172.16.0.254.52446 > 172.16.0.1.80: Flags [S], seq 2900303454, win 29200, options [mss 1460,sackOK,TS val 8306754 ecr 0,nop,wscale 4], length 0
07:21:52.703482 IP 172.16.0.254.52446 > 172.16.0.1.80: Flags [S], seq 2900303454, win 29200, options [mss 1460,sackOK,TS val 8306754 ecr 0,nop,wscale 4], length 0
07:21:52.703644 IP 172.16.0.254.52446 > 172.16.0.1.80: Flags [S], seq 2900303454, win 29200, options [mss 1460,sackOK,TS val 8306754 ecr 0,nop,wscale 4], length 0
07:21:52.705495 ethertype IPv4, IP 172.16.0.1.80 > 172.16.0.254.52446: Flags [S.], seq 3281663094, ack 2900303455, win 16384, options [mss 1460,nop,wscale 0,nop,nop,TS val 18498795 ecr 8306754], length 0
07:21:52.705495 IP 172.16.0.1.80 > 172.16.0.254.52446: Flags [S.], seq 3281663094, ack 2900303455, win 16384, options [mss 1460,nop,wscale 0,nop,nop,TS val 18498795 ecr 8306754], length 0
07:21:52.705495 IP 172.16.0.1.80 > 172.16.0.254.52446: Flags [S.], seq 3281663094, ack 2900303455, win 16384, options [mss 1460,nop,wscale 0,nop,nop,TS val 18498795 ecr 8306754], length 0
07:21:52.705878 IP 172.16.0.254.52446 > 172.16.0.1.80: Flags [.], ack 1, win 1825, options [nop,nop,TS val 8306755 ecr 18498795], length 0
07:21:52.705932 IP 172.16.0.254.52446 > 172.16.0.1.80: Flags [.], ack 1, win 1825, options [nop,nop,TS val 8306755 ecr 18498795], length 0
07:21:52.705495 ethertype IPv4, IP 172.16.0.1.80 > 172.16.0.254.52446: Flags [S.], seq 3281663094, ack 2900303455, win 16384, options [mss 1460,nop,wscale 0,nop,nop,TS val 18498795 ecr 8306754], length 0
07:21:52.705495 IP 172.16.0.1.80 > 172.16.0.254.52446: Flags [S.], seq 3281663094, ack 2900303455, win 16384, options [mss 1460,nop,wscale 0,nop,nop,TS val 18498795 ecr 8306754], length 0
07:21:52.705495 IP 172.16.0.1.80 > 172.16.0.254.52446: Flags [S.], seq 3281663094, ack 2900303455, win 16384, options [mss 1460,nop,wscale 0,nop,nop,TS val 18498795 ecr 8306754], length 0
07:21:52.705878 IP 172.16.0.254.52446 > 172.16.0.1.80: Flags [.], ack 1, win 1825, options [nop,nop,TS val 8306755 ecr 18498795], length 0
07:21:52.705932 IP 172.16.0.254.52446 > 172.16.0.1.80: Flags [.], ack 1, win 1825, options [nop,nop,TS val 8306755 ecr 18498795], length 0
07:21:52.705495 ethertype IPv4, IP 172.16.0.1.80 > 172.16.0.254.52446: Flags [S.], seq 3281663094, ack 2900303455, win 16384, options [mss 1460,nop,wscale 0,nop,nop,TS val 18498795 ecr 8306754], length 0
07:21:52.705495 IP 172.16.0.1.80 > 172.16.0.254.52446: Flags [S.], seq 3281663094, ack 2900303455, win 16384, options [mss 1460,nop,wscale 0,nop,nop,TS val 18498795 ecr 8306754], length 0
07:21:52.705495 IP 172.16.0.1.80 > 172.16.0.254.52446: Flags [S.], seq 3281663094, ack 2900303455, win 16384, options [mss 1460,nop,wscale 0,nop,nop,TS val 18498795 ecr 8306754], length 0
07:21:52.705878 IP 172.16.0.254.52446 > 172.16.0.1.80: Flags [.], ack 1, win 1825, options [nop,nop,TS val 8306755 ecr 18498795], length 0
07:21:52.705932 IP 172.16.0.254.52446 > 172.16.0.1.80: Flags [.], ack 1, win 1825, options [nop,nop,TS val 8306755 ecr 18498795], length 0
07:21:52.705495 ethertype IPv4, IP 172.16.0.1.80 > 172.16.0.254.52446: Flags [S.], seq 3281663094, ack 2900303455, win 16384, options [mss 1460,nop,wscale 0,nop,nop,TS val 18498795 ecr 8306754], length 0
07:21:52.705495 IP 172.16.0.1.80 > 172.16.0.254.52446: Flags [S.], seq 3281663094, ack 2900303455, win 16384, options [mss 1460,nop,wscale 0,nop,nop,TS val 18498795 ecr 8306754], length 0
07:21:52.705495 IP 172.16.0.1.80 > 172.16.0.254.52446: Flags [S.], seq 3281663094, ack 2900303455, win 16384, options [mss 1460,nop,wscale 0,nop,nop,TS val 18498795 ecr 8306754], length 0
07:21:52.705878 IP 172.16.0.254.52446 > 172.16.0.1.80: Flags [.], ack 1, win 1825, options [nop,nop,TS val 8306755 ecr 18498795], length 0
07:21:52.705932 IP 172.16.0.254.52446 > 172.16.0.1.80: Flags [.], ack 1, win 1825, options [nop,nop,TS val 8306755 ecr 18498795], length 0
Connecting to 172.16.0.1:80
07:21:52.713448 IP 172.16.0.254.52446 > 172.16.0.1.80: Flags [P.], seq 1:35, ack 1, win 1825, options [nop,nop,TS val 8306755 ecr 18498795], length 34: HTTP: GET / HTTP/1.1
07:21:52.713448 IP 172.16.0.254.52446 > 172.16.0.1.80: Flags [P.], seq 1:35, ack 1, win 1825, options [nop,nop,TS val 8306755 ecr 18498795], length 34: HTTP: GET / HTTP/1.1
07:21:52.713589 IP 172.16.0.254.52446 > 172.16.0.1.80: Flags [P.], seq 1:35, ack 1, win 1825, options [nop,nop,TS val 8306755 ecr 18498795], length 34: HTTP: GET / HTTP/1.1
07:21:52.713448 IP 172.16.0.254.52446 > 172.16.0.1.80: Flags [P.], seq 1:35, ack 1, win 1825, options [nop,nop,TS val 8306755 ecr 18498795], length 34: HTTP: GET / HTTP/1.1
07:21:52.713589 IP 172.16.0.254.52446 > 172.16.0.1.80: Flags [P.], seq 1:35, ack 1, win 1825, options [nop,nop,TS val 8306755 ecr 18498795], length 34: HTTP: GET / HTTP/1.1
07:21:52.713448 IP 172.16.0.254.52446 > 172.16.0.1.80: Flags [P.], seq 1:35, ack 1, win 1825, options [nop,nop,TS val 8306755 ecr 18498795], length 34: HTTP: GET / HTTP/1.1
07:21:52.713589 IP 172.16.0.254.52446 > 172.16.0.1.80: Flags [P.], seq 1:35, ack 1, win 1825, options [nop,nop,TS val 8306755 ecr 18498795], length 34: HTTP: GET / HTTP/1.1
07:21:52.713589 IP 172.16.0.254.52446 > 172.16.0.1.80: Flags [P.], seq 1:35, ack 1, win 1825, options [nop,nop,TS val 8306755 ecr 18498795], length 34: HTTP: GET / HTTP/1.1
07:21:52.742995 ethertype IPv4, IP 172.16.0.1.80 > 172.16.0.254.52446: Flags [.], ack 35, win 17376, options [nop,nop,TS val 18498798 ecr 8306755], length 0
07:21:52.742995 IP 172.16.0.1.80 > 172.16.0.254.52446: Flags [.], ack 35, win 17376, options [nop,nop,TS val 18498798 ecr 8306755], length 0
07:21:52.742995 IP 172.16.0.1.80 > 172.16.0.254.52446: Flags [.], ack 35, win 17376, options [nop,nop,TS val 18498798 ecr 8306755], length 0
07:21:52.743286 IP 172.16.0.254.52446 > 172.16.0.1.80: Flags [P.], seq 35:64, ack 1, win 1825, options [nop,nop,TS val 8306758 ecr 18498798], length 29: HTTP
07:21:52.743340 IP 172.16.0.254.52446 > 172.16.0.1.80: Flags [P.], seq 35:64, ack 1, win 1825, options [nop,nop,TS val 8306758 ecr 18498798], length 29: HTTP
07:21:52.743968 ethertype IPv4, IP 172.16.0.1.80 > 172.16.0.254.52446: Flags [P.], seq 1:10, ack 64, win 17376, options [nop,nop,TS val 18498798 ecr 8306758], length 9: HTTP
07:21:52.743968 IP 172.16.0.1.80 > 172.16.0.254.52446: Flags [P.], seq 1:10, ack 64, win 17376, options [nop,nop,TS val 18498798 ecr 8306758], length 9: HTTP
07:21:52.743968 IP 172.16.0.1.80 > 172.16.0.254.52446: Flags [P.], seq 1:10, ack 64, win 17376, options [nop,nop,TS val 18498798 ecr 8306758], length 9: HTTP
07:21:52.744257 IP 172.16.0.254.52446 > 172.16.0.1.80: Flags [.], ack 10, win 1825, options [nop,nop,TS val 8306759 ecr 18498798], length 0
07:21:52.744468 ethertype IPv4, IP 172.16.0.1.80 > 172.16.0.254.52446: Flags [P.], seq 10:194, ack 64, win 17376, options [nop,nop,TS val 18498798 ecr 8306759], length 184: HTTP
07:21:52.745605 ethertype IPv4, IP 172.16.0.1.80 > 172.16.0.254.52446: Flags [P.], seq 194:1781, ack 64, win 17376, options [nop,nop,TS val 18498798 ecr 8306759], length 1587: HTTP
07:21:52.745605 IP 172.16.0.1.80 > 172.16.0.254.52446: Flags [P.], seq 194:1781, ack 64, win 17376, options [nop,nop,TS val 18498798 ecr 8306759], length 1587: HTTP
07:21:52.745605 IP 172.16.0.1.80 > 172.16.0.254.52446: Flags [P.], seq 194:1781, ack 64, win 17376, options [nop,nop,TS val 18498798 ecr 8306759], length 1587: HTTP
07:21:52.745859 IP 172.16.0.254.52446 > 172.16.0.1.80: Flags [.], ack 1781, win 2091, options [nop,nop,TS val 8306759 ecr 18498798], length 0
07:21:52.745899 IP 172.16.0.254.52446 > 172.16.0.1.80: Flags [.], ack 1781, win 2091, options [nop,nop,TS val 8306759 ecr 18498798], length 0
07:21:52.742995 ethertype IPv4, IP 172.16.0.1.80 > 172.16.0.254.52446: Flags [.], ack 35, win 17376, options [nop,nop,TS val 18498798 ecr 8306755], length 0
07:21:52.742995 IP 172.16.0.1.80 > 172.16.0.254.52446: Flags [.], ack 35, win 17376, options [nop,nop,TS val 18498798 ecr 8306755], length 0
07:21:52.742995 IP 172.16.0.1.80 > 172.16.0.254.52446: Flags [.], ack 35, win 17376, options [nop,nop,TS val 18498798 ecr 8306755], length 0
07:21:52.743286 IP 172.16.0.254.52446 > 172.16.0.1.80: Flags [P.], seq 35:64, ack 1, win 1825, options [nop,nop,TS val 8306758 ecr 18498798], length 29: HTTP
07:21:52.743340 IP 172.16.0.254.52446 > 172.16.0.1.80: Flags [P.], seq 35:64, ack 1, win 1825, options [nop,nop,TS val 8306758 ecr 18498798], length 29: HTTP
07:21:52.743968 ethertype IPv4, IP 172.16.0.1.80 > 172.16.0.254.52446: Flags [P.], seq 1:10, ack 64, win 17376, options [nop,nop,TS val 18498798 ecr 8306758], length 9: HTTP
07:21:52.743968 IP 172.16.0.1.80 > 172.16.0.254.52446: Flags [P.], seq 1:10, ack 64, win 17376, options [nop,nop,TS val 18498798 ecr 8306758], length 9: HTTP
07:21:52.742995 ethertype IPv4, IP 172.16.0.1.80 > 172.16.0.254.52446: Flags [.], ack 35, win 17376, options [nop,nop,TS val 18498798 ecr 8306755], length 0
07:21:52.742995 IP 172.16.0.1.80 > 172.16.0.254.52446: Flags [.], ack 35, win 17376, options [nop,nop,TS val 18498798 ecr 8306755], length 0
07:21:52.742995 IP 172.16.0.1.80 > 172.16.0.254.52446: Flags [.], ack 35, win 17376, options [nop,nop,TS val 18498798 ecr 8306755], length 0
07:21:52.743286 IP 172.16.0.254.52446 > 172.16.0.1.80: Flags [P.], seq 35:64, ack 1, win 1825, options [nop,nop,TS val 8306758 ecr 18498798], length 29: HTTP
07:21:52.743340 IP 172.16.0.254.52446 > 172.16.0.1.80: Flags [P.], seq 35:64, ack 1, win 1825, options [nop,nop,TS val 8306758 ecr 18498798], length 29: HTTP
07:21:52.743968 ethertype IPv4, IP 172.16.0.1.80 > 172.16.0.254.52446: Flags [P.], seq 1:10, ack 64, win 17376, options [nop,nop,TS val 18498798 ecr 8306758], length 9: HTTP
07:21:52.743968 IP 172.16.0.1.80 > 172.16.0.254.52446: Flags [P.], seq 1:10, ack 64, win 17376, options [nop,nop,TS val 18498798 ecr 8306758], length 9: HTTP
07:21:52.742995 ethertype IPv4, IP 172.16.0.1.80 > 172.16.0.254.52446: Flags [.], ack 35, win 17376, options [nop,nop,TS val 18498798 ecr 8306755], length 0
07:21:52.742995 IP 172.16.0.1.80 > 172.16.0.254.52446: Flags [.], ack 35, win 17376, options [nop,nop,TS val 18498798 ecr 8306755], length 0
07:21:52.742995 IP 172.16.0.1.80 > 172.16.0.254.52446: Flags [.], ack 35, win 17376, options [nop,nop,TS val 18498798 ecr 8306755], length 0
07:21:52.743286 IP 172.16.0.254.52446 > 172.16.0.1.80: Flags [P.], seq 35:64, ack 1, win 1825, options [nop,nop,TS val 8306758 ecr 18498798], length 29: HTTP
07:21:52.743340 IP 172.16.0.254.52446 > 172.16.0.1.80: Flags [P.], seq 35:64, ack 1, win 1825, options [nop,nop,TS val 8306758 ecr 18498798], length 29: HTTP
07:21:52.743968 ethertype IPv4, IP 172.16.0.1.80 > 172.16.0.254.52446: Flags [P.], seq 1:10, ack 64, win 17376, options [nop,nop,TS val 18498798 ecr 8306758], length 9: HTTP
07:21:52.743968 IP 172.16.0.1.80 > 172.16.0.254.52446: Flags [P.], seq 1:10, ack 64, win 17376, options [nop,nop,TS val 18498798 ecr 8306758], length 9: HTTP
HTTP error 401
07:21:52.750842 IP 172.16.0.254.52446 > 172.16.0.1.80: Flags [F.], seq 64, ack 1782, win 2091, options [nop,nop,TS val 8306759 ecr 18498798], length 0
07:21:52.750842 IP 172.16.0.254.52446 > 172.16.0.1.80: Flags [F.], seq 64, ack 1782, win 2091, options [nop,nop,TS val 8306759 ecr 18498798], length 0
07:21:52.750930 IP 172.16.0.254.52446 > 172.16.0.1.80: Flags [F.], seq 64, ack 1782, win 2091, options [nop,nop,TS val 8306759 ecr 18498798], length 0
07:21:52.750842 IP 172.16.0.254.52446 > 172.16.0.1.80: Flags [F.], seq 64, ack 1782, win 2091, options [nop,nop,TS val 8306759 ecr 18498798], length 0
07:21:52.751102 ethertype IPv4, IP 172.16.0.1.80 > 172.16.0.254.52446: Flags [.], ack 65, win 17376, options [nop,nop,TS val 18498798 ecr 8306759], length 0
07:21:52.750930 IP 172.16.0.254.52446 > 172.16.0.1.80: Flags [F.], seq 64, ack 1782, win 2091, options [nop,nop,TS val 8306759 ecr 18498798], length 0
07:21:52.751102 IP 172.16.0.1.80 > 172.16.0.254.52446: Flags [.], ack 65, win 17376, options [nop,nop,TS val 18498798 ecr 8306759], length 0
07:21:52.751102 ethertype IPv4, IP 172.16.0.1.80 > 172.16.0.254.52446: Flags [.], ack 65, win 17376, options [nop,nop,TS val 18498798 ecr 8306759], length 0
07:21:52.751102 IP 172.16.0.1.80 > 172.16.0.254.52446: Flags [.], ack 65, win 17376, options [nop,nop,TS val 18498798 ecr 8306759], length 0
07:21:52.751102 IP 172.16.0.1.80 > 172.16.0.254.52446: Flags [.], ack 65, win 17376, options [nop,nop,TS val 18498798 ecr 8306759], length 0
07:21:52.751102 IP 172.16.0.1.80 > 172.16.0.254.52446: Flags [.], ack 65, win 17376, options [nop,nop,TS val 18498798 ecr 8306759], length 0
07:21:52.750930 IP 172.16.0.254.52446 > 172.16.0.1.80: Flags [F.], seq 64, ack 1782, win 2091, options [nop,nop,TS val 8306759 ecr 18498798], length 0
07:21:52.751102 ethertype IPv4, IP 172.16.0.1.80 > 172.16.0.254.52446: Flags [.], ack 65, win 17376, options [nop,nop,TS val 18498798 ecr 8306759], length 0
07:21:52.751102 IP 172.16.0.1.80 > 172.16.0.254.52446: Flags [.], ack 65, win 17376, options [nop,nop,TS val 18498798 ecr 8306759], length 0
07:21:52.751102 IP 172.16.0.1.80 > 172.16.0.254.52446: Flags [.], ack 65, win 17376, options [nop,nop,TS val 18498798 ecr 8306759], length 0
root@GL-MT300N-V2:~# 07:21:52.750842 IP 172.16.0.254.52446 > 172.16.0.1.80: Flags [F.], seq 64, ack 1782, win 2091, options [nop,nop,TS val 8306759 ecr 18498798], length 0
07:21:52.750930 IP 172.16.0.254.52446 > 172.16.0.1.80: Flags [F.], seq 64, ack 1782, win 2091, options [nop,nop,TS val 8306759 ecr 18498798], length 0
07:21:52.751102 ethertype IPv4, IP 172.16.0.1.80 > 172.16.0.254.52446: Flags [.], ack 65, win 17376, options [nop,nop,TS val 18498798 ecr 8306759], length 0
07:21:52.751102 IP 172.16.0.1.80 > 172.16.0.254.52446: Flags [.], ack 65, win 17376, options [nop,nop,TS val 18498798 ecr 8306759], length 0
07:21:52.751102 IP 172.16.0.1.80 > 172.16.0.254.52446: Flags [.], ack 65, win 17376, options [nop,nop,TS val 18498798 ecr 8306759], length 0