WRT3200ACM OpenWrt 19.07: switch issue: wan == lan?

Installing and Using OpenWrt
1

Hello community,

I setup a brand new Linksys WRT3200ACM with OpenWrt 19.07. I already have four of these running (at other locations), but with 18.06.
Currently I am running with simply the default OpenWrt settings (regarding zones, firewall etc) besides WAN set up (Telekom). The connection to WAN works properly (I have internet working), but I noticed a bit of a strange thing as some devices simply couldn't connect properly.
As a first step I turned logging on for both WAN and LAN. While monitoring the log output I realized, that - for whatever reason - LAN devices getting rejected, as they come on in eth1.2, which is meant to be the WAN interface by default.
I double checked all the cables and made sure it is not as simple as "I put the cable in the wrong port".
I can see the following messages appearing in the log:

Fri Jan 31 22:59:25 2020 kern.debug kernel: [ 6330.972088] iptables_INPUT_denied: IN=eth1.2 OUT= MAC=ff:ff:ff:ff:ff:ff:b4:69:21:12:dd:8d:08:00:45:00:00:4e SRC=10.10.50.14 DST=10.10.50.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=48824 PROTO=UDP SPT=137 DPT=137 LEN=58
Fri Jan 31 22:59:26 2020 kern.debug kernel: [ 6331.522254] iptables_INPUT_denied: IN=eth1.2 OUT= MAC=ff:ff:ff:ff:ff:ff:b4:69:21:12:dd:8d:08:00:45:00:00:48 SRC=10.10.50.14 DST=10.10.50.255 LEN=72 TOS=0x00 PREC=0x00 TTL=128 ID=48825 PROTO=UDP SPT=57621 DPT=57621 LEN=52
Fri Jan 31 22:59:56 2020 kern.debug kernel: [ 6361.536138] iptables_INPUT_denied: IN=eth1.2 OUT= MAC=ff:ff:ff:ff:ff:ff:b4:69:21:12:dd:8d:08:00:45:00:00:48 SRC=10.10.50.14 DST=10.10.50.255 LEN=72 TOS=0x00 PREC=0x00 TTL=128 ID=48826 PROTO=UDP SPT=57621 DPT=57621 LEN=52
Fri Jan 31 23:00:26 2020 kern.debug kernel: [ 6391.549368] iptables_INPUT_denied: IN=eth1.2 OUT= MAC=ff:ff:ff:ff:ff:ff:b4:69:21:12:dd:8d:08:00:45:00:00:48 SRC=10.10.50.14 DST=10.10.50.255 LEN=72 TOS=0x00 PREC=0x00 TTL=128 ID=48827 PROTO=UDP SPT=57621 DPT=57621 LEN=52
Fri Jan 31 23:00:56 2020 kern.debug kernel: [ 6421.562965] iptables_INPUT_denied: IN=eth1.2 OUT= MAC=ff:ff:ff:ff:ff:ff:b4:69:21:12:dd:8d:08:00:45:00:00:48 SRC=10.10.50.14 DST=10.10.50.255 LEN=72 TOS=0x00 PREC=0x00 TTL=128 ID=48828 PROTO=UDP SPT=57621 DPT=57621 LEN=52
Fri Jan 31 23:01:26 2020 kern.debug kernel: [ 6451.575703] iptables_INPUT_denied: IN=eth1.2 OUT= MAC=ff:ff:ff:ff:ff:ff:b4:69:21:12:dd:8d:08:00:45:00:00:48 SRC=10.10.50.14 DST=10.10.50.255 LEN=72 TOS=0x00 PREC=0x00 TTL=128 ID=48829 PROTO=UDP SPT=57621 DPT=57621 LEN=52
Fri Jan 31 23:01:37 2020 kern.debug kernel: [ 6462.216177] iptables_INPUT_denied: IN=eth1.2 OUT= MAC=ff:ff:ff:ff:ff:ff:b4:69:21:12:dd:8d:08:00:45:00:00:4e SRC=10.10.50.14 DST=10.10.50.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=48830 PROTO=UDP SPT=137 DPT=137 LEN=58
Fri Jan 31 23:01:37 2020 kern.debug kernel: [ 6462.966357] iptables_INPUT_denied: IN=eth1.2 OUT= MAC=ff:ff:ff:ff:ff:ff:b4:69:21:12:dd:8d:08:00:45:00:00:4e SRC=10.10.50.14 DST=10.10.50.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=48831 PROTO=UDP SPT=137 DPT=137 LEN=58
Fri Jan 31 23:01:38 2020 kern.debug kernel: [ 6463.718287] iptables_INPUT_denied: IN=eth1.2 OUT= MAC=ff:ff:ff:ff:ff:ff:b4:69:21:12:dd:8d:08:00:45:00:00:4e SRC=10.10.50.14 DST=10.10.50.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=48832 PROTO=UDP SPT=137 DPT=137 LEN=58
Fri Jan 31 23:01:56 2020 kern.debug kernel: [ 6481.588149] iptables_INPUT_denied: IN=eth1.2 OUT= MAC=ff:ff:ff:ff:ff:ff:b4:69:21:12:dd:8d:08:00:45:00:00:48 SRC=10.10.50.14 DST=10.10.50.255 LEN=72 TOS=0x00 PREC=0x00 TTL=128 ID=48833 PROTO=UDP SPT=57621 DPT=57621 LEN=52
Fri Jan 31 23:02:26 2020 kern.debug kernel: [ 6511.605654] iptables_INPUT_denied: IN=eth1.2 OUT= MAC=ff:ff:ff:ff:ff:ff:b4:69:21:12:dd:8d:08:00:45:00:00:48 SRC=10.10.50.14 DST=10.10.50.255 LEN=72 TOS=0x00 PREC=0x00 TTL=128 ID=48834 PROTO=UDP SPT=57621 DPT=57621 LEN=52
Fri Jan 31 23:02:56 2020 kern.debug kernel: [ 6541.663494] iptables_INPUT_denied: IN=eth1.2 OUT= MAC=ff:ff:ff:ff:ff:ff:b4:69:21:12:dd:8d:08:00:45:00:00:48 SRC=10.10.50.14 DST=10.10.50.255 LEN=72 TOS=0x00 PREC=0x00 TTL=128 ID=48835 PROTO=UDP SPT=57621 DPT=57621 LEN=52
Fri Jan 31 23:03:26 2020 kern.debug kernel: [ 6571.676760] iptables_INPUT_denied: IN=eth1.2 OUT= MAC=ff:ff:ff:ff:ff:ff:b4:69:21:12:dd:8d:08:00:45:00:00:48 SRC=10.10.50.14 DST=10.10.50.255 LEN=72 TOS=0x00 PREC=0x00 TTL=128 ID=48836 PROTO=UDP SPT=57621 DPT=57621 LEN=52
Fri Jan 31 23:03:56 2020 kern.debug kernel: [ 6601.691540] iptables_INPUT_denied: IN=eth1.2 OUT= MAC=ff:ff:ff:ff:ff:ff:b4:69:21:12:dd:8d:08:00:45:00:00:48 SRC=10.10.50.14 DST=10.10.50.255 LEN=72 TOS=0x00 PREC=0x00 TTL=128 ID=48837 PROTO=UDP SPT=57621 DPT=57621 LEN=52
Fri Jan 31 23:04:26 2020 kern.debug kernel: [ 6631.705305] iptables_INPUT_denied: IN=eth1.2 OUT= MAC=ff:ff:ff:ff:ff:ff:b4:69:21:12:dd:8d:08:00:45:00:00:48 SRC=10.10.50.14 DST=10.10.50.255 LEN=72 TOS=0x00 PREC=0x00 TTL=128 ID=48838 PROTO=UDP SPT=57621 DPT=57621 LEN=52
Fri Jan 31 23:04:56 2020 kern.debug kernel: [ 6661.718370] iptables_INPUT_denied: IN=eth1.2 OUT= MAC=ff:ff:ff:ff:ff:ff:b4:69:21:12:dd:8d:08:00:45:00:00:48 SRC=10.10.50.14 DST=10.10.50.255 LEN=72 TOS=0x00 PREC=0x00 TTL=128 ID=48839 PROTO=UDP SPT=57621 DPT=57621 LEN=52
Fri Jan 31 23:05:26 2020 kern.debug kernel: [ 6691.732261] iptables_INPUT_denied: IN=eth1.2 OUT= MAC=ff:ff:ff:ff:ff:ff:b4:69:21:12:dd:8d:08:00:45:00:00:48 SRC=10.10.50.14 DST=10.10.50.255 LEN=72 TOS=0x00 PREC=0x00 TTL=128 ID=48840 PROTO=UDP SPT=57621 DPT=57621 LEN=52
Fri Jan 31 23:05:56 2020 kern.debug kernel: [ 6721.744789] iptables_INPUT_denied: IN=eth1.2 OUT= MAC=ff:ff:ff:ff:ff:ff:b4:69:21:12:dd:8d:08:00:45:00:00:48 SRC=10.10.50.14 DST=10.10.50.255 LEN=72 TOS=0x00 PREC=0x00 TTL=128 ID=48841 PROTO=UDP SPT=57621 DPT=57621 LEN=52
Fri Jan 31 23:06:15 2020 kern.debug kernel: [ 6740.811567] iptables_INPUT_denied: IN=eth1.2 OUT= MAC=ff:ff:ff:ff:ff:ff:b4:69:21:12:dd:8d:08:00:45:00:00:4e SRC=10.10.50.14 DST=10.10.50.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=48842 PROTO=UDP SPT=137 DPT=137 LEN=58
Fri Jan 31 23:06:16 2020 kern.debug kernel: [ 6741.566457] iptables_INPUT_denied: IN=eth1.2 OUT= MAC=ff:ff:ff:ff:ff:ff:b4:69:21:12:dd:8d:08:00:45:00:00:4e SRC=10.10.50.14 DST=10.10.50.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=48843 PROTO=UDP SPT=137 DPT=137 LEN=58
Fri Jan 31 23:06:17 2020 kern.debug kernel: [ 6742.318929] iptables_INPUT_denied: IN=eth1.2 OUT= MAC=ff:ff:ff:ff:ff:ff:b4:69:21:12:dd:8d:08:00:45:00:00:4e SRC=10.10.50.14 DST=10.10.50.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=48844 PROTO=UDP SPT=137 DPT=137 LEN=58
Fri Jan 31 23:06:26 2020 kern.debug kernel: [ 6751.758613] iptables_INPUT_denied: IN=eth1.2 OUT= MAC=ff:ff:ff:ff:ff:ff:b4:69:21:12:dd:8d:08:00:45:00:00:48 SRC=10.10.50.14 DST=10.10.50.255 LEN=72 TOS=0x00 PREC=0x00 TTL=128 ID=48845 PROTO=UDP SPT=57621 DPT=57621 LEN=52
Fri Jan 31 23:06:56 2020 kern.debug kernel: [ 6781.772375] iptables_INPUT_denied: IN=eth1.2 OUT= MAC=ff:ff:ff:ff:ff:ff:b4:69:21:12:dd:8d:08:00:45:00:00:48 SRC=10.10.50.14 DST=10.10.50.255 LEN=72 TOS=0x00 PREC=0x00 TTL=128 ID=48846 PROTO=UDP SPT=57621 DPT=57621 LEN=52
Fri Jan 31 23:07:26 2020 kern.debug kernel: [ 6811.785599] iptables_INPUT_denied: IN=eth1.2 OUT= MAC=ff:ff:ff:ff:ff:ff:b4:69:21:12:dd:8d:08:00:45:00:00:48 SRC=10.10.50.14 DST=10.10.50.255 LEN=72 TOS=0x00 PREC=0x00 TTL=128 ID=48847 PROTO=UDP SPT=57621 DPT=57621 LEN=52
Fri Jan 31 23:07:56 2020 kern.debug kernel: [ 6841.798503] iptables_INPUT_denied: IN=eth1.2 OUT= MAC=ff:ff:ff:ff:ff:ff:b4:69:21:12:dd:8d:08:00:45:00:00:48 SRC=10.10.50.14 DST=10.10.50.255 LEN=72 TOS=0x00 PREC=0x00 TTL=128 ID=48848 PROTO=UDP SPT=57621 DPT=57621 LEN=52
Fri Jan 31 23:08:26 2020 kern.debug kernel: [ 6871.811882] iptables_INPUT_denied: IN=eth1.2 OUT= MAC=ff:ff:ff:ff:ff:ff:b4:69:21:12:dd:8d:08:00:45:00:00:48 SRC=10.10.50.14 DST=10.10.50.255 LEN=72 TOS=0x00 PREC=0x00 TTL=128 ID=48849 PROTO=UDP SPT=57621 DPT=57621 LEN=52
Fri Jan 31 23:08:56 2020 kern.debug kernel: [ 6901.825934] iptables_INPUT_denied: IN=eth1.2 OUT= MAC=ff:ff:ff:ff:ff:ff:b4:69:21:12:dd:8d:08:00:45:00:00:48 SRC=10.10.50.14 DST=10.10.50.255 LEN=72 TOS=0x00 PREC=0x00 TTL=128 ID=48850 PROTO=UDP SPT=57621 DPT=57621 LEN=52
Fri Jan 31 23:09:26 2020 kern.debug kernel: [ 6931.839472] iptables_INPUT_denied: IN=eth1.2 OUT= MAC=ff:ff:ff:ff:ff:ff:b4:69:21:12:dd:8d:08:00:45:00:00:48 SRC=10.10.50.14 DST=10.10.50.255 LEN=72 TOS=0x00 PREC=0x00 TTL=128 ID=48851 PROTO=UDP SPT=57621 DPT=57621 LEN=52
Fri Jan 31 23:09:56 2020 kern.debug kernel: [ 6961.852847] iptables_INPUT_denied: IN=eth1.2 OUT= MAC=ff:ff:ff:ff:ff:ff:b4:69:21:12:dd:8d:08:00:45:00:00:48 SRC=10.10.50.14 DST=10.10.50.255 LEN=72 TOS=0x00 PREC=0x00 TTL=128 ID=48852 PROTO=UDP SPT=57621 DPT=57621 LEN=52
Fri Jan 31 23:10:26 2020 kern.debug kernel: [ 6991.865668] iptables_INPUT_denied: IN=eth1.2 OUT= MAC=ff:ff:ff:ff:ff:ff:b4:69:21:12:dd:8d:08:00:45:00:00:48 SRC=10.10.50.14 DST=10.10.50.255 LEN=72 TOS=0x00 PREC=0x00 TTL=128 ID=48853 PROTO=UDP SPT=57621 DPT=57621 LEN=52
Fri Jan 31 23:10:56 2020 kern.debug kernel: [ 7021.879424] iptables_INPUT_denied: IN=eth1.2 OUT= MAC=ff:ff:ff:ff:ff:ff:b4:69:21:12:dd:8d:08:00:45:00:00:48 SRC=10.10.50.14 DST=10.10.50.255 LEN=72 TOS=0x00 PREC=0x00 TTL=128 ID=48854 PROTO=UDP SPT=57621 DPT=57621 LEN=52
Fri Jan 31 23:11:25 2020 kern.debug kernel: [ 7051.092895] iptables_INPUT_denied: IN=eth1.2 OUT= MAC=ff:ff:ff:ff:ff:ff:b4:69:21:12:dd:8d:08:00:45:00:00:4e SRC=10.10.50.14 DST=10.10.50.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=48855 PROTO=UDP SPT=137 DPT=137 LEN=58
Fri Jan 31 23:11:26 2020 kern.debug kernel: [ 7051.843905] iptables_INPUT_denied: IN=eth1.2 OUT= MAC=ff:ff:ff:ff:ff:ff:b4:69:21:12:dd:8d:08:00:45:00:00:4e SRC=10.10.50.14 DST=10.10.50.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=48856 PROTO=UDP SPT=137 DPT=137 LEN=58
Fri Jan 31 23:11:26 2020 kern.debug kernel: [ 7051.940772] iptables_INPUT_denied: IN=eth1.2 OUT= MAC=ff:ff:ff:ff:ff:ff:b4:69:21:12:dd:8d:08:00:45:00:00:48 SRC=10.10.50.14 DST=10.10.50.255 LEN=72 TOS=0x00 PREC=0x00 TTL=128 ID=48857 PROTO=UDP SPT=57621 DPT=57621 LEN=52
Fri Jan 31 23:11:27 2020 kern.debug kernel: [ 7052.602801] iptables_INPUT_denied: IN=eth1.2 OUT= MAC=ff:ff:ff:ff:ff:ff:b4:69:21:12:dd:8d:08:00:45:00:00:4e SRC=10.10.50.14 DST=10.10.50.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=48858 PROTO=UDP SPT=137 DPT=137 LEN=58
Fri Jan 31 23:11:56 2020 kern.debug kernel: [ 7081.954723] iptables_INPUT_denied: IN=eth1.2 OUT= MAC=ff:ff:ff:ff:ff:ff:b4:69:21:12:dd:8d:08:00:45:00:00:48 SRC=10.10.50.14 DST=10.10.50.255 LEN=72 TOS=0x00 PREC=0x00 TTL=128 ID=48859 PROTO=UDP SPT=57621 DPT=57621 LEN=52
Fri Jan 31 23:11:57 2020 kern.debug kernel: [ 7083.002893] iptables_INPUT_denied: IN=eth1.2 OUT= MAC=ff:ff:ff:ff:ff:ff:b4:69:21:12:dd:8d:08:00:45:00:00:4e SRC=10.10.50.14 DST=10.10.50.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=48860 PROTO=UDP SPT=137 DPT=137 LEN=58
Fri Jan 31 23:11:58 2020 kern.debug kernel: [ 7083.753528] iptables_INPUT_denied: IN=eth1.2 OUT= MAC=ff:ff:ff:ff:ff:ff:b4:69:21:12:dd:8d:08:00:45:00:00:4e SRC=10.10.50.14 DST=10.10.50.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=48861 PROTO=UDP SPT=137 DPT=137 LEN=58
Fri Jan 31 23:11:59 2020 kern.debug kernel: [ 7084.504008] iptables_INPUT_denied: IN=eth1.2 OUT= MAC=ff:ff:ff:ff:ff:ff:b4:69:21:12:dd:8d:08:00:45:00:00:4e SRC=10.10.50.14 DST=10.10.50.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=48862 PROTO=UDP SPT=137 DPT=137 LEN=58

For starters, the MAC is somewhat weird, but what is the most weird thing, is that connection is coming from LAN (obviously with 10.10.50.0/24), but the input interface is eth1.2, although eth1.2 is configured to be the WAN interface.
Please see the following output:

root@OpenWrt:~# cat /etc/config/network 

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd7e:4713:0c72::/48'

config interface 'lan'
        option type 'bridge'
        option proto 'static'
        option ipaddr '10.10.50.1'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option delegate '0'
        option ifname 'eth0.1'

config interface 'wan'
        option ifname 'eth1.2'
        option proto 'pppoe'
        option username 'REMOVED'
        option password 'REMOVED'
        option ipv6 '0'
        option delegate '0'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '0 1 2 3 5t'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '4 6t'

root@OpenWrt:~#

Anybody an idea if that's actually an hardware issue or some misconfiguration?

Thanks!

2

Okay, I am experiencing the same issue on 18.06.02 (which I am running on the other devices).
Anybody an idea what the issue might could be (besides a hardware issue, which is somewhat unlikely I guess)?
Thanks!

3

Those are broadcasts (NetBios and Spotify?)
But I have no clue why the broadcasts from the lan side appear on the wan interface.

4

Yes, that's exactly the strange thing - why would lan devices make incoming traffic (which is not related or established and thus allowed) on the WAN port?

5

See here:

So it is:
Dest MAC: ff:ff:ff:ff:ff:ff - Makes sense for a broadcast
Src MAC: b4:69:21:12:dd:8d - Does 10.10.50.14 actually have this MAC address?
Type:
08:00 IPv4 Ethernet header
45: IPv4 IP header
00: DSCP
00:4e: IP Length Header

I don't know...

  • Maybe someone spoofed those packets, but it makes no sense to do so
  • Problem with the switch setup/driver
  • Something forwards those broadcast packets.
6

Okay, that explains the MAC, thanks.
I have a replacement router now (I set it up the exact same way) and this issue does not seem to be present.
However, I only tested it in a "lab" environment. On the weekend I'll report back if the issue is actually resolved or not.

Thanks for helping me out!

Does 10.10.50.14 actually have this MAC address?

Yes it does