10856 questions

12933 answers

20163 comments

25435 members

0 votes
140 views 6 comments
by
A number of RUTX12 and RUTX11 (all mobile only) were all working fine - upgraded to RUTX_R_00.07.02 from RUTX_R_00.07.01.4 and they appear to be fine but devices connected wirelessly or via ethernet have no internet - all devices are still accessible via RMS over the SIM but no traffic is returning to the LAN devices so looks like it's not being masquaraded properly? iptables nat rules appear to be the same on a working device to a non working one. tcpdump on br-lan just shows traffic from the LAN addresses trying to get to internet addresses but nothing comes back from internet to LAN addresses - on wwan1 we do not see any traffic from the LAN subnet. Upgrading again to latest makes no difference either.

We have also noticed that a previously added additional admin user now also has no permissions to change APN's etc either after the update.
by

Hello,

Could you generate and attach the troubleshoot file? 

Replicate the issue, access router's WebUI, go to System -> Administration > Troubleshoot section and download troubleshoot file from there.

I will forward your issue to the development department.

Best regards,

Žygimantas

1 Answer

0 votes
by
Hello,

I have a similar issue. Could you check with tcpdump that you don't have ICMP address unreachable errors from br-lan:

tcpdump -i br-lan -n -v 'host internet-address or icmp'

If you have ICMP errors could you check the rules :

ip -4 rule show

ip -6 rule show

Look at rule 2062 you can retry the internet address access after deleting it.

Regards,
by
Hello,

Have you noticed any pattern on how to replicate the issue?

Could you provide a troubleshoot with the issue detected?

Best regards,

Žygimantas
by

Maybe. Versions 07.01.4 and below : the IPv6 traffic was always blocked the ip 6 2062 rule was always the apparent culprit, deleting it was enough to permit IPv6 traffic from devices on the lan to the rest of the world. IPv4 was always fine. See https://community.teltonika-networks.com/47293/rutx-07-0-1-4-dubious-ipv6-rules for the description.

Version 07.02 and 07.02.1: IPv6 always fine or so it appears, strange issues with IPv4. Traffic (always ?) permitted just after a reboot then blocked after some time (from several minutes to several hours for no apparent reason, nothing obvious in the logs). 

To be sure to avoid such issues I have added a workaround in /etc/mwan3.user :

[ "$ACTION" == "ifup" ] && [ "$DEVICE" == "wwan0" ] && {
       ip -4 rule show| grep 2062 && ip -4 rule delete $(ip -4 rule show| grep 2062 | cut -d":" -f 2)                                                           
       ip -6 rule show| grep 2062 && ip -6 rule delete $(ip -6 rule show| grep 2062 | cut -d":" -f 2)                                                           
}

by

those rules appear on working devices too though - will give it a go though as could be a good workaround for now

[Update] - running "ip -4 rule delete $(ip -4 rule show| grep 2062 | cut -d":" -f 2)" restored internet access from LAN devices

by
I'm assuming the issue is more to do with the marking of packets rather than the rules themselves as the rules are present on all that I've checked - although equally the mangle table also appears to be identical on a working and non-working unit...
by
I've also tried to follow the iptables but I haven't been able to pinpoint the issue. So the quick and dirty workaround.