Nope, this is a leftover of a previous configuration that I end up not using since CPU was too weak to provide full speed connectivity inside a VPN tunnel. What's weird though is that the interface doesn't show in LuCI even though it is still present in the firewall settings:
Done. The relevant part now is:
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list device 'tun0'
list network 'wan'
list network 'wan6'
config forwarding
option src 'lan'
option dest 'wan'
Maybe, as I got this router shortly before 22.03 release. For sure I kept the settings as I find it a waste of time to reconfigure everything by hand.
Resulting output after modifications:
{
"kernel": "5.10.161",
"hostname": "ArcherA6",
"system": "Qualcomm Atheros QCA956X ver 1 rev 0",
"model": "TP-Link Archer C6 v2 (US) / A6 v2 (US/TW)",
"board_name": "tplink,archer-c6-v2-us",
"rootfs_type": "squashfs",
"release": {
"distribution": "OpenWrt",
"version": "22.03.3",
"revision": "r20028-43d71ad93e",
"target": "ath79/generic",
"description": "OpenWrt 22.03.3 r20028-43d71ad93e"
}
}
package network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fdeb:10f9:9e35::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0.1'
option ipv6 '0'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.1.1'
config interface 'wan'
option device 'eth0.2'
option proto 'dhcp'
option peerdns '0'
list dns '9.9.9.9'
list dns '149.112.112.112'
option hostname '*'
config interface 'wan6'
option device 'eth0.2'
option proto 'dhcpv6'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '2 3 4 5 0t'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '1 0t'
config device
option name 'wlan0'
option ipv6 '0'
config device
option name 'wlan1'
option ipv6 '0'
config device
option name 'eth0'
option ipv6 '0'
package dhcp
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option expandhosts '1'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option localservice '1'
option ednspacket_max '1232'
option local '/local/'
option domain 'local'
option logqueries '1'
config dhcp 'lan'
option interface 'lan'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
list ra_flags 'managed-config'
list ra_flags 'other-config'
option start '2'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config host
option name 'MiWiFi'
option dns '1'
option mac '50:D2:F5:XX:YY:ZZ’
option ip '192.168.1.4'
config host
option name 'fvdw'
option dns '1'
option mac '00:D0:4B:XX:YY:ZZ'
option ip '192.168.1.10'
config host
option name 'Lancelot-Mo'
option dns '1'
option mac 'A8:20:66:XX:YY:ZZ'
option ip '192.168.1.20'
config host
option name 'Whitebook'
option dns '1'
option mac '00:26:B0:XX:YY:ZZ'
option ip '192.168.1.21'
config host
option name 'Canon-MFP'
option dns '1'
option mac 'F4:81:39:XX:YY:ZZ'
option ip '192.168.1.24'
config host
option name 'Think-PC'
option dns '1'
option mac '50:7B:9D:XX:YY:ZZ'
option ip '192.168.1.25'
config host
option name 'LibreELEC'
option dns '1'
option mac 'B8:27:EB:XX:YY:ZZ'
option ip '192.168.1.26'
config host
option name 'Lancelot-wifi'
option dns '1'
option mac '5C:96:9D:XX:YY:ZZ'
option ip '192.168.1.50'
config host
option name 'Whitebook-wifi'
option dns '1'
option mac '00:26:08:XX:YY:ZZ'
option ip '192.168.1.51'
config host
option name 'Oboo-clock-7176'
option dns '1'
option mac '40:A3:6B:XX:YY:ZZ'
option ip '192.168.1.59'
config host
option name 'MiniPad'
option dns '1'
option mac '68:9C:70:XX:YY:ZZ'
option ip '192.168.1.60'
config host
option name 'CubyPad'
option dns '1'
option mac '84:29:99:XX:YY:ZZ'
option ip '192.168.1.61'
config host
option name 'Z6252CA'
option mac '92:15:C8:XX:YY:ZZ'
option ip '192.168.1.66'
config host
option name ‘Joe-PC'
option dns '1'
option mac '68:CA:00:01:47:DF'
option ip '192.168.1.68'
config host
option mac 'F4:B1:9C:XX:YY:ZZ'
option name 'Geeni-cam'
option dns '1'
option ip '192.168.1.70'
config host
option name 'Omega-F079'
option ip '192.168.1.150'
option mac '40:A3:6B:XX:YY:ZZ'
config host
option name 'wdnas'
option dns '1'
option mac '00:00:C0:XX:YY:ZZ'
option ip '192.168.1.213'
config domain
option name 'fvdwsl-base.local'
option ip '192.168.1.10'
config host
option name 'Think-Air'
option ip '192.168.1.53'
option mac 'A4:D1:8C:XX:YY:ZZ'
config host
option name 'Joe2'
option dns '1'
option mac '90:DE:80:XX:YY:ZZ'
option ip '192.168.1.67'
package firewall
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list device 'tun0'
list network 'wan'
list network 'wan6'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config rule
option name 'Support-UDP-Traceroute'
option src 'wan'
option dest_port '33434:33689'
option proto 'udp'
option family 'ipv4'
option target 'REJECT'
option enabled 'false'
config include
option path '/etc/firewall.user'
config redirect
option dest 'lan'
option target 'DNAT'
option src 'wan'
option src_dport '4222-4228'
option name 'fvdwsl-base1'
option dest_ip '192.168.1.10'
option dest_port '4222-4228'
config redirect
option dest 'lan'
option target 'DNAT'
option src 'wan'
option src_dport '4215-4221'
option name 'Syno1'
option dest_ip '192.168.1.15'
config redirect
option dest 'lan'
option target 'DNAT'
option name 'Syno2'
list proto 'tcp'
option src 'wan'
option src_dport '51418-51419'
option dest_ip '192.168.1.15'
config redirect
option dest 'lan'
option target 'DNAT'
option src 'wan'
option src_dport '9091-9093'
option name 'fvdwsl-base2'
option dest_ip '192.168.1.10'
option dest_port '9091-9093'
config redirect
option dest 'lan'
option target 'DNAT'
option name 'Syno3'
option src 'wan'
option src_dport '5006'
option dest_ip '192.168.1.15'
config redirect
option dest 'lan'
option target 'DNAT'
option name 'Syno4'
option src 'wan'
option src_dport '3001'
option dest_ip '192.168.1.15'
option enabled '0'
config forwarding
option dest 'lan'
config forwarding
option dest 'lan'
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
6: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
inet 192.168.1.1/24 brd 192.168.1.255 scope global br-lan
valid_lft forever preferred_lft forever
8: eth0.2@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
inet 38.xxx.yyy.180/28 brd 38.xxx.yyy.191 scope global eth0.2
valid_lft forever preferred_lft forever
default via 38.xxx.yyy.177 dev eth0.2 proto static src 38.xxx.yyy.180
38.xxx.yyy.176/28 dev eth0.2 proto kernel scope link src 38.xxx.yyy.180
192.168.1.0/24 dev br-lan proto kernel scope link src 192.168.1.1
broadcast 38.xxx.yyy.176 dev eth0.2 table local proto kernel scope link src 38.xxx.yyy.180
local 38.xxx.yyy.180 dev eth0.2 table local proto kernel scope host src 38.xxx.yyy.180
broadcast 38.xxx.yyy.191 dev eth0.2 table local proto kernel scope link src 38.xxx.yyy.180
broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1
local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1
local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1
broadcast 192.168.1.0 dev br-lan table local proto kernel scope link src 192.168.1.1
local 192.168.1.1 dev br-lan table local proto kernel scope host src 192.168.1.1
broadcast 192.168.1.255 dev br-lan table local proto kernel scope link src 192.168.1.1
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
8: eth0.2@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 fe80::6aff:7bff:fe03:8555/64 scope link
valid_lft forever preferred_lft forever
unreachable fdeb:10f9:9e35::/48 dev lo proto static metric 2147483647 pref medium
fe80::/64 dev eth0.2 proto kernel metric 256 pref medium
local ::1 dev lo table local proto kernel metric 0 pref medium
anycast fe80:: dev eth0.2 table local proto kernel metric 0 pref medium
local fe80::6aff:7bff:fe03:8555 dev eth0.2 table local proto kernel metric 0 pref medium
multicast ff00::/8 dev eth0.2 table local proto kernel metric 256 pref medium
0: from all lookup local
32766: from all lookup main
lrwxrwxrwx 1 root root 16 Jan 2 19:24 /etc/resolv.conf -> /tmp/resolv.conf
-rw-r--r-- 1 root root 49 Apr 26 12:42 /tmp/resolv.conf
-rw-r--r-- 1 root root 62 Apr 26 12:42 /tmp/resolv.conf.d/resolv.conf.auto
/tmp/resolv.conf.d:
-rw-r--r-- 1 root root 62 Apr 26 12:42 resolv.conf.auto
==> /etc/resolv.conf <==
search local
nameserver 127.0.0.1
nameserver ::1
==> /tmp/resolv.conf <==
search local
nameserver 127.0.0.1
nameserver ::1
==> /tmp/resolv.conf.d <==
head: /tmp/resolv.conf.d: I/O error
==> /tmp/resolv.conf.d/resolv.conf.auto <==
# Interface wan
nameserver 9.9.9.9
nameserver 149.112.112.112
I feel you. However when upgrading to another major version it is advised to start clean. Because configuration is not always compatible from old to new. Network is for sure one which must be configured from scratch, as there are a lot of changes.
Bummer. That would make another evening project, though.
I'd get the configuration from the commands posted above, and re-configure the router since it's human-readable.
About installed packages, should I just pull the list and copy-paste their name inside the imagebuilder so as to save on flash space? And just use generated sysupgrade image without saving settings?
It is not evident that the DNS is to blame. From the first post it is visible that the reply is coming back immediately. Maybe you are searching for the problem in the wrong direction?
Just happened again. I made a ping test directly from the router so as to exclude any computer failure.
PING quora.com (54.197.7.90): 56 data bytes
--- quora.com ping statistics ---
5 packets transmitted, 0 packets received, 100% packet loss
At the same time, that's what the syslog is showing. Pay special attention to the time of the very first request and when it started loading: 17 seconds. It took much more than that to actually display, though.
The site eventually loaded, but the whole process took an abnormally long time.
Just made a quick search in the logs of everything that pertained to that domain, nothing more. Of course some info may be irrelevant. Still, two interesting points from syslog:
The DNS resolves the URL into an IP (from cache), but the site itself couldn't be reached in a timely manner, as the dropped ping packets show.
As most large websites, Quora probably has content spread among different "caches" (That's my understanding of what a "Content Delivery Network" is), hence the existence of more than one query
traceroute to bing.com (204.79.197.200), 20 hops max, 46 byte packets
1 38.xxx.yyy.177 12.956 ms
2 10.170.192.53 15.687 ms
3 161.199.164.21 24.397 ms
4 198.179.18.16 11.416 ms
5 *
[…]
Although IP is known (so DNS or at least its cache is indeed working), the website couldn't be reached in 20 hops. The last IP seems to be a server on Microsoft CDN.
Oh, I get it. Since @trendy said I may be pointing at the wrong culprit, I tried a ping to see if the website was reachable in the first place, and if it followed any time-based pattern
Tabs were open on the browser, but the only one actively loading was Quora.
Well, isn't it abnormal for such a website to be unreachable?
It isn't. It is related to an intermittent issue I'm having with no clear pattern. Could be the ISP, but how would I check that?
Not abnormal at all. That might not even be the last hop. A lot of CDN systems do not allow tracing thru their networks.
I'll be honest. Unless you haven't posted or described it clearly yet (i.e. before "troubleshooting") - I don't see an issue. That's why I asked:
But then you described traceroute about some other site - which confused me. Websites use HTTP or HTTPS. You can see that in a browser. Totally unrelated to tracerouting.
EDIT:
you could use this trace command if your test client has it - but they actually may think you're attacking them (I'm still not sure why you're doing this):
What would be the proper way to debug this annoying intermittent issue, then? I've seen it appear on different computers, so probably not linked to the computer.
DNS is providing responses immediately.
Ping is blocked for quora . com
Traceroute or mtr will also never reach the end.
Also quora is not using IPv6 from what I can see, so it should not be an issue to have an incomplete IPv6 configuration.
So far these are not the droids you are looking for and the culprit is somewhere else.
I would capture the https packets from pc to quora server, see where the delay is.
I already answered these points in post nº 5. There's no IPv6 anywhere in sight on my WAN or LAN.
The current output to
ubus call system board; \
uci export network; \
uci export dhcp; uci export firewall; \
ip -4 addr ; ip -4 ro li tab all ; ip -4 ru; \
ip -6 addr ; ip -6 ro li tab all ; ip -6 ru; \
ls -l /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/* ; head -n -0 /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/*
is :
{
"kernel": "5.10.161",
"hostname": "ArcherA6",
"system": "Qualcomm Atheros QCA956X ver 1 rev 0",
"model": "TP-Link Archer C6 v2 (US) / A6 v2 (US/TW)",
"board_name": "tplink,archer-c6-v2-us",
"rootfs_type": "squashfs",
"release": {
"distribution": "OpenWrt",
"version": "22.03.3",
"revision": "r20028-43d71ad93e",
"target": "ath79/generic",
"description": "OpenWrt 22.03.3 r20028-43d71ad93e"
}
}
package network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fdeb:10f9:9e35::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0.1'
option ipv6 '0'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.1.1'
config interface 'wan'
option device 'eth0.2'
option proto 'dhcp'
option peerdns '0'
list dns '9.9.9.9'
list dns '149.112.112.112'
option hostname '*'
config interface 'wan6'
option device 'eth0.2'
option proto 'dhcpv6'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '2 3 4 5 0t'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '1 0t'
config device
option name 'wlan0'
option ipv6 '0'
config device
option name 'wlan1'
option ipv6 '0'
config device
option name 'eth0'
option ipv6 '0'
package dhcp
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option expandhosts '1'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option localservice '1'
option ednspacket_max '1232'
option local '/local/'
option domain 'local'
option logqueries '1'
config dhcp 'lan'
option interface 'lan'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
list ra_flags 'managed-config'
list ra_flags 'other-config'
option start '2'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config host
option name 'MiWiFi'
option dns '1'
option mac '50:D2:F5:XX:YY:ZZ’
option ip '192.168.1.4'
config host
option name 'fvdw'
option dns '1'
option mac '00:D0:4B:XX:YY:ZZ'
option ip '192.168.1.10'
config host
option name 'Lancelot-Mo'
option dns '1'
option mac 'A8:20:66:XX:YY:ZZ'
option ip '192.168.1.20'
config host
option name 'Whitebook'
option dns '1'
option mac '00:26:B0:XX:YY:ZZ'
option ip '192.168.1.21'
config host
option name 'Canon-MFP'
option dns '1'
option mac 'F4:81:39:XX:YY:ZZ'
option ip '192.168.1.24'
config host
option name 'Think-PC'
option dns '1'
option mac '50:7B:9D:XX:YY:ZZ'
option ip '192.168.1.25'
config host
option name 'LibreELEC'
option dns '1'
option mac 'B8:27:EB:XX:YY:ZZ'
option ip '192.168.1.26'
config host
option name 'Lancelot-wifi'
option dns '1'
option mac '5C:96:9D:XX:YY:ZZ'
option ip '192.168.1.50'
config host
option name 'Whitebook-wifi'
option dns '1'
option mac '00:26:08:XX:YY:ZZ'
option ip '192.168.1.51'
config host
option name 'Oboo-clock-7176'
option dns '1'
option mac '40:A3:6B:XX:YY:ZZ'
option ip '192.168.1.59'
config host
option name 'MiniPad'
option dns '1'
option mac '68:9C:70:XX:YY:ZZ'
option ip '192.168.1.60'
config host
option name 'CubyPad'
option dns '1'
option mac '84:29:99:XX:YY:ZZ'
option ip '192.168.1.61'
config host
option name 'Z6252CA'
option mac '92:15:C8:XX:YY:ZZ'
option ip '192.168.1.66'
config host
option name ‘Joe-PC'
option dns '1'
option mac '68:CA:00:01:47:DF'
option ip '192.168.1.68'
config host
option mac 'F4:B1:9C:XX:YY:ZZ'
option name 'Geeni-cam'
option dns '1'
option ip '192.168.1.70'
config host
option name 'Omega-F079'
option ip '192.168.1.150'
option mac '40:A3:6B:XX:YY:ZZ'
config host
option name 'wdnas'
option dns '1'
option mac '00:00:C0:XX:YY:ZZ'
option ip '192.168.1.213'
config domain
option name 'fvdwsl-base.local'
option ip '192.168.1.10'
config host
option name 'Think-Air'
option ip '192.168.1.53'
option mac 'A4:D1:8C:XX:YY:ZZ'
config host
option name 'Joe2'
option dns '1'
option mac '90:DE:80:XX:YY:ZZ'
option ip '192.168.1.67'
package firewall
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list device 'tun0'
list network 'wan'
list network 'wan6'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config rule
option name 'Support-UDP-Traceroute'
option src 'wan'
option dest_port '33434:33689'
option proto 'udp'
option family 'ipv4'
option target 'REJECT'
option enabled 'false'
config include
option path '/etc/firewall.user'
config redirect
option dest 'lan'
option target 'DNAT'
option src 'wan'
option src_dport '4222-4228'
option name 'fvdwsl-base1'
option dest_ip '192.168.1.10'
option dest_port '4222-4228'
config redirect
option dest 'lan'
option target 'DNAT'
option src 'wan'
option src_dport '4215-4221'
option name 'Syno1'
option dest_ip '192.168.1.15'
config redirect
option dest 'lan'
option target 'DNAT'
option name 'Syno2'
list proto 'tcp'
option src 'wan'
option src_dport '51418-51419'
option dest_ip '192.168.1.15'
config redirect
option dest 'lan'
option target 'DNAT'
option src 'wan'
option src_dport '9091-9093'
option name 'fvdwsl-base2'
option dest_ip '192.168.1.10'
option dest_port '9091-9093'
config redirect
option dest 'lan'
option target 'DNAT'
option name 'Syno3'
option src 'wan'
option src_dport '5006'
option dest_ip '192.168.1.15'
config redirect
option dest 'lan'
option target 'DNAT'
option name 'Syno4'
option src 'wan'
option src_dport '3001'
option dest_ip '192.168.1.15'
option enabled '0'
config forwarding
option dest 'lan'
config forwarding
option dest 'lan'
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
6: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
inet 192.168.1.1/24 brd 192.168.1.255 scope global br-lan
valid_lft forever preferred_lft forever
8: eth0.2@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
inet 38.xxx.yyy.180/28 brd 38.xxx.yyy.191 scope global eth0.2
valid_lft forever preferred_lft forever
default via 38.xxx.yyy.177 dev eth0.2 proto static src 38.xxx.yyy.180
38.xxx.yyy.176/28 dev eth0.2 proto kernel scope link src 38.xxx.yyy.180
192.168.1.0/24 dev br-lan proto kernel scope link src 192.168.1.1
broadcast 38.xxx.yyy.176 dev eth0.2 table local proto kernel scope link src 38.xxx.yyy.180
local 38.xxx.yyy.180 dev eth0.2 table local proto kernel scope host src 38.xxx.yyy.180
broadcast 38.xxx.yyy.191 dev eth0.2 table local proto kernel scope link src 38.xxx.yyy.180
broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1
local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1
local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1
broadcast 192.168.1.0 dev br-lan table local proto kernel scope link src 192.168.1.1
local 192.168.1.1 dev br-lan table local proto kernel scope host src 192.168.1.1
broadcast 192.168.1.255 dev br-lan table local proto kernel scope link src 192.168.1.1
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
8: eth0.2@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 fe80::6aff:7bff:fe03:8555/64 scope link
valid_lft forever preferred_lft forever
unreachable fdeb:10f9:9e35::/48 dev lo proto static metric 2147483647 pref medium
fe80::/64 dev eth0.2 proto kernel metric 256 pref medium
local ::1 dev lo table local proto kernel metric 0 pref medium
anycast fe80:: dev eth0.2 table local proto kernel metric 0 pref medium
local fe80::6aff:7bff:fe03:8555 dev eth0.2 table local proto kernel metric 0 pref medium
multicast ff00::/8 dev eth0.2 table local proto kernel metric 256 pref medium
0: from all lookup local
32766: from all lookup main
lrwxrwxrwx 1 root root 16 Jan 2 19:24 /etc/resolv.conf -> /tmp/resolv.conf
-rw-r--r-- 1 root root 49 Apr 26 12:42 /tmp/resolv.conf
-rw-r--r-- 1 root root 62 Apr 26 12:42 /tmp/resolv.conf.d/resolv.conf.auto
/tmp/resolv.conf.d:
-rw-r--r-- 1 root root 62 Apr 26 12:42 resolv.conf.auto
==> /etc/resolv.conf <==
search local
nameserver 127.0.0.1
nameserver ::1
==> /tmp/resolv.conf <==
search local
nameserver 127.0.0.1
nameserver ::1
==> /tmp/resolv.conf.d <==
head: /tmp/resolv.conf.d: I/O error
==> /tmp/resolv.conf.d/resolv.conf.auto <==
# Interface wan
nameserver 9.9.9.9
nameserver 149.112.112.112
These aren't the droids I'm looking for.
As of now I'm trying to find out a suitable display filter for Wireshark before the problem reoccurs.
tcp.port==443 and ip.addr == 54.197.7.90 and ip.addr == 192.168.1.20
but it is better to add it in tcpdump instead so you can capture also the wan packets.