Xiaomi AX3600 INT firmware

Great, thank you! That was the issue.

Any idea about using a local domain? I am trying to figure this one out as my Nginx Reverse proxy on my NAS stops working if I cannot have the nas named nas.lan in the local network.

Anyone else having issues with smart devices like the Shelly's and Google Home/Minis? With my AC-68U they worked all the time, now when I ask to turn on or off a light it works about 50% of the time? They are all connected to 2.4Ghz wifi. Any settings via SSH which can help them keep connection?

Did you use any script to get SSH from the MIWIFI official firmware? If yes, be aware that the script like xqrepack remove some of the MIWIFI functionality which may be related somehow. I suggest to test your devices first with official firmware (without SSH) and check if they run or not.You can upload the official firmware from the upgrade page in router UI.
As example, my router works with WIFI 6 on channel 40, on other channels it is unstable, don't now the reason or found any solution so far.

Yes, I used this script and guide. https://forum.lowyat.net/topic/5071359

with original FW i have no problem, with xqrepack FW i have stability issues.

Thanks for this solution @jockebq now it works perfect

I haven't seen it mentioned in the thread yet, there's a script that allows you to bypass all the xiaomi mesh checks by passing the second nodes 5ghz mac address via the api to the master. If anyone fancies tinkering, it would be interesting to see if this allows a mesh between 2 devices not set to the same region. If so, might be a quicker/easier way to form a mesh between an int ax3600 and a cn ax1800 until int ax1800 is available?

1 Like

You have no issues with this solution? What stability issues were there before?

my wlan Drops packages and sometimes the connection to the devices breaks for a millisecond

With xqrepack solution?

Port forwarding isn't working for me at all. Have anyone else tried this? When checking from outside my network the ports are still closed even after adding the port forward.
I opened /etc/config/firewall and found a few default entries that were not showing on the Web UI, deleted them to try again, but no difference. However I lost them. Anyone care to post all the default entries from this file?

Doing /etc/init.d/firewall reload with only the defaults also ended up with this result:
! Failed with exit code 1

That's why I deleted them, however no difference!

Default Firewall content on my router running ver 3.0.22.

config defaults
	option syn_flood '0'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option drop_invalid '1'
	option disable_ipv6 '0'

config zone
	option name 'lan'
	option network 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'

config zone
	option name 'wan'
	list network 'wan'
	list network 'wan6'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option src_ip 'fe80::/10'
	option src_port '547'
	option dest_ip 'fe80::/10'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule 'Forbidden_Wan_RA'
	option name 'Forbidden_Wan_RA'
	option dest 'wan'
	option proto 'icmp'
	option family 'ipv6'
	option target 'REJECT'
	list icmp_type 'router-advertisement'

config include 'webinitrdr'
	option path '/lib/firewall.sysapi.loader webinitrdr'
	option reload '1'
	option enabled '1'

config include 'dnsmiwifi'
	option path '/lib/firewall.sysapi.loader dnsmiwifi'
	option reload '1'
	option enabled '1'

config include 'macfilter'
	option path '/lib/firewall.sysapi.loader macfilter'
	option reload '1'
	option enabled '1'

config include 'ipv6_masq'
	option path '/lib/firewall.sysapi.loader ipv6_masq'
	option reload '1'

config rule 'guest_8999'
	option name 'Hello wifi 8999'
	option src 'guest'
	option proto 'tcp'
	option dest_port '8999'
	option target 'ACCEPT'

config rule 'guest_8300'
	option name 'Hello wifi 8300'
	option src 'guest'
	option proto 'tcp'
	option dest_port '8300'
	option target 'ACCEPT'

config rule 'guest_7080'
	option name 'Hello wifi 7080'
	option src 'guest'
	option proto 'tcp'
	option dest_port '7080'
	option target 'ACCEPT'

config zone 'ready_zone'
	option name 'ready'
	option input 'DROP'
	option forward 'DROP'
	option output 'DROP'
	list network 'ready'

config rule 'ready_dhcp'
	option name 'DHCP for ready'
	option src 'ready'
	option src_port '67-68'
	option dest_port '67-68'
	option proto 'udp'
	option target 'ACCEPT'
	option family 'ipv4'

config rule 'ready_dhcp_out'
	option name 'DHCP for ready'
	option dest 'ready'
	option src_port '67-68'
	option dest_port '67-68'
	option proto 'udp'
	option target 'ACCEPT'
	option family 'ipv4'

config rule 'ready_minet_in'
	option name 'minet ready'
	option src 'ready'
	option dest_port '786'
	option proto 'tcp'
	option target 'ACCEPT'
	option family 'ipv4'

config rule 'ready_minet_out'
	option name 'minet ready'
	option src 'ready'
	option src_port '786'
	option proto 'tcp'
	option target 'ACCEPT'
	option family 'ipv4'

config include 'set_tcpmss'
	option path '/lib/firewall.sysapi.loader set_tcpmss'
	option reload '1'

config include 'parentalctl'
	option path '/lib/firewall.sysapi.loader parentalctl'
	option reload '1'

config include 'miqos'
	option path '/lib/firewall.sysapi.loader miqos'
	option reload '1'

config include 'miniupnpd'
	option type 'script'
	option path '/usr/share/miniupnpd/firewall.include'
	option family 'IPv4'
	option reload '1'

config include 'qcanssecm'
	option type 'script'
	option path '/etc/firewall.d/qca-nss-ecm'
	option family 'any'
	option reload '1'
1 Like

Thanks man! Have you got any issues with the port forwarding?

Using port forwarding with no issues

On my router, the port forwarding is not working. Additionally, I found that this router doesn't allow port forward to itself, with simple trick one can fill port forward port to other ports with end number from 2-9.I will test tomorrow once again.

I've just seen on AMAZON.DE that there are offers for 75,99€ incl. Prime shipping to german customers.

1 Like

Hi, any way to have client monitoring using this router in repeater wired mode ?in reapeater mode (Access point so) monitoring is now disabled and there is no way to check who is connected. I had before Synology RT2600ac in Access point mode, and i was able to see who is connected, with details.

Hey guys im a long time reader of this thread I decided to get a xiaomi ax3600 myself to test it out vs wifi 5 if you are interested heres a video i made of the test xiaomi 4a gig vs xiaomi ax 3600 on gig internet

I only skipped through your video, but am i seeing right that you ran a back to back test but changed two variables at once for the laptop? The router and the wifi chip?
:upside_down_face:

1 Like

Yes tested The wifi 5 router with wifi 5 card then wifi 6 router with wifi 5 card then wifi 6 router with wifi 6 card consider watching

Hi guys, I just enabled SSH to my AX3600. How is it now possible to edit config or log files?
For example I want to see the result of that: iwinfo wl0 txpowerlist >> /tmp/xiaoqiang.log

SFTP doesn't work (Filezilla). SSH with PuTTY worked.