FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14238 questions

16883 answers

27775 comments

54489 members

+1 vote
400 views 8 comments
by
A number of RUTX12 and RUTX11 (all mobile only) were all working fine - upgraded to RUTX_R_00.07.02 from RUTX_R_00.07.01.4 and they appear to be fine but devices connected wirelessly or via ethernet have no internet - all devices are still accessible via RMS over the SIM but no traffic is returning to the LAN devices so looks like it's not being masquaraded properly? iptables nat rules appear to be the same on a working device to a non working one. tcpdump on br-lan just shows traffic from the LAN addresses trying to get to internet addresses but nothing comes back from internet to LAN addresses - on wwan1 we do not see any traffic from the LAN subnet. Upgrading again to latest makes no difference either.

We have also noticed that a previously added additional admin user now also has no permissions to change APN's etc either after the update.
by

Hello,

Could you generate and attach the troubleshoot file? 

Replicate the issue, access router's WebUI, go to System -> Administration > Troubleshoot section and download troubleshoot file from there.

I will forward your issue to the development department.

Best regards,

Žygimantas

2 Answers

+1 vote
by
Hello,

I have a similar issue. Could you check with tcpdump that you don't have ICMP address unreachable errors from br-lan:

tcpdump -i br-lan -n -v 'host internet-address or icmp'

If you have ICMP errors could you check the rules :

ip -4 rule show

ip -6 rule show

Look at rule 2062 you can retry the internet address access after deleting it.

Regards,
by
Hello,

Have you noticed any pattern on how to replicate the issue?

Could you provide a troubleshoot with the issue detected?

Best regards,

Žygimantas
by

Maybe. Versions 07.01.4 and below : the IPv6 traffic was always blocked the ip 6 2062 rule was always the apparent culprit, deleting it was enough to permit IPv6 traffic from devices on the lan to the rest of the world. IPv4 was always fine. See https://community.teltonika-networks.com/47293/rutx-07-0-1-4-dubious-ipv6-rules for the description.

Version 07.02 and 07.02.1: IPv6 always fine or so it appears, strange issues with IPv4. Traffic (always ?) permitted just after a reboot then blocked after some time (from several minutes to several hours for no apparent reason, nothing obvious in the logs). 

To be sure to avoid such issues I have added a workaround in /etc/mwan3.user :

[ "$ACTION" == "ifup" ] && [ "$DEVICE" == "wwan0" ] && {
       ip -4 rule show| grep 2062 && ip -4 rule delete $(ip -4 rule show| grep 2062 | cut -d":" -f 2)                                                           
       ip -6 rule show| grep 2062 && ip -6 rule delete $(ip -6 rule show| grep 2062 | cut -d":" -f 2)                                                           
}

by

those rules appear on working devices too though - will give it a go though as could be a good workaround for now

[Update] - running "ip -4 rule delete $(ip -4 rule show| grep 2062 | cut -d":" -f 2)" restored internet access from LAN devices

by
I'm assuming the issue is more to do with the marking of packets rather than the rules themselves as the rules are present on all that I've checked - although equally the mangle table also appears to be identical on a working and non-working unit...
by
I've also tried to follow the iptables but I haven't been able to pinpoint the issue. So the quick and dirty workaround.
0 votes
by
Ouch. I believe I faced this issue today! I didn't know about this problem, and was rushing to fix things so I failed to check rules, routes etc or download Troubleshoot file first (shame on me).

My "fix" was to upgrade to RUTX_R_00.07.02.8 — and after rebooting everything was working again.

Is this still going to be an issue on the new firmware? We need to do some manual editing of config files to avoid this problem?
by
I haven't seen this issue with firmware versions 07.02.7 and above.
by
@flebourse That's good to hear. At least I know to look for that pesky rule 2062 now if it happens again.