@GloooM is @KONG (or anyone else with an ea8500) the current 21.02 and master .dts are the same. Seems like the master settings work. What settings work for you on 21.02 (seems like they need to be different?)
I'm still testing stability with promisc mode disabled, I'm already there for 8 days, everything stable, very fast, Wi-Fi at maximum speed and no disconnections. Disable the options of both wifis to test:
Enable key reinstallation (KRACK) countermeasures
Y
Disassociate On Low Acknowledgment
The question that makes me curious is because almost no one fails or generates instability in the promisc mode, I imagine that some equipment in my wired network causes some type of incompatibility in the router.
My router finally rebooted with br-lan in promisc mode and fw4.
However it rebooted when i fiddled with the firewall so I might have caused it myself.
I'm curious why promisc mode makes the router run like a normal build where hairpin forwards work.
I know for a fact that net.bridge.bridge-nf-call-iptables=1 causes promisc mode to be needed but there gotta be a firewall rule that fixes hairpin forwards.
Perhaps someone can figure out a solution using this as guide:
Really alarming discovery that I've just found out with current master build from 20220206 firewall4
If I uncheck a firewall traffic rule and hit save&apply the rule will still remain active and port will be left open.
Can anyone try the same and confirm it.
This is the current content of the /etc/config/firewall
config rule
option name 'ssh-wan'
list proto 'tcp'
option src 'wan'
option dest_port '22'
option target 'ACCEPT'
option enabled '0'
I tried to make a build for EA8500 and every time failed, it said my uImage is too big.
In diffconfig, I've tried to delete almost all addons but do no work, still "too big".
Then I looked up for target/linux/ipq806x/image/generic.mk and found
Then I changed the KERNEL_SIZE to 3200k and build success
Will this brick my router? Or should I just proceed?
I don't think the partition table allows me to change, but how could I shrink the kernel size then?
It's working for me so it certainly looks like it's fixed in master now. There were a couple of extra fixes earlier this week, so for now, anything from the 9th onwards should be good for a basic fw4 setup, although obviously there are a lot of other packages that need to be updated still...
Speaking of which, I can see the SQM script nss.qos uses iptables to MARK packets but I can't see anything that actually makes use of them, unless nssfq_codel uses them internally?
now after 9 days the 5ghz wifi network has dropped, it has been left without internet access. I have only restarted the wifi 5ghz and everything ok again.
For what it's worth to those perhaps having glitches with the current build that's posted - Firewall4 has been updated since this build has been posted. May be worth rebuilding / updating to see if it resolves any issues you may be having.