FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14193 questions

16848 answers

27718 comments

54243 members

0 votes
290 views 8 comments
by
Hello,

I have a RUT240 (firmware RUT2_R_00.07.03) in front a specific device on my network to provide a LTE failover solution for this specific device only. Everything is working as expected, but I'm trying to configure the RUT240 to relay SSDP (UDP port 1900) packets to the device behind its NAT and vice-versa for automatic discovery of devices on my main LAN. I've installed the UDP Broadcast Relay tool and configured it accordingly for port 1900 in the wan->lan direction and in the lan>wan direction. I've also enable all traffic from any zones to any zones to be sure that the firewall is not blocking anything for test purpose. The SSDP packets still do not go through the router but are reaching the RUT240 on wan and lan from what I've seen on a tcp dump file. Do you know what might be causing this and what should I do to accomplish what I want?

Thanks!

1 Answer

0 votes
by

Hello,

  

Thank you for reaching out!

Could you please try using v7.2.7 of RutOS to check if it's working?

However, this would require the configuration of the router to be erased, so before that a few more steps to troubleshoot:

  • Make sure the traffic rule to allow the packet to reach the LAN network on port 1900 is created, as the UDP Broadcast Relay does not create these rules on its own;
  • Try disabling NAT to see if that could be an issue. This can be done by unchecking the Masquerading checkbox on the WAN zone in the Firewall settings;
  • Try leaving only one UDP Broadcast rule in place (WAN -> LAN);
  
Best regards,
DaumantasG
by

Hello and sorry for the delay,

I had the chance to troubleshoot this further today but it is still not working after trying your recommendation. Even when downgrading to 7.02.7, SSDP udp packets are not relayed between WAN and LAN.

I'm not sure what might be misconfigured... My Firewall rules looks like this at the moment :

I've even tried opening every ports and accepting all traffic from WAN to LAN and WAN to Router. Is there a way to log what the firewall is doing with packets more precisely?

I've also tried taking the issue from another side and bridge my 2 ethernet interface so they could be on the same LAN, but I was not able to make the failover work correctly when it switches to mobile and I don't think it would be possible... In the end I just want the device behind the rut240 to be able to communicate freely with my main LAN while having a mobile wan backup in case internet drops on my main LAN.

Is this possible?

by
Hello,

  

Putting wired WAN into the LAN zone could be a solution here. As I understand you've tried bridging the ports, however, it should be done by editing the WAN interface, and in the interface firewall settings, setting the zone as LAN. This way traffic from the mobile network would still be treated as WAN, and traffic from the WAN port would bypass the firewall (this is only okay because you already have another router behind the RUT240).

I've tested this setup and failover seems to be working as expected.

  

Let me know if this helps.

Best regards,
DaumantasG
by
I've tried what you suggested, but when merging the WAN and LAN interface into the same zone I'm losing the NAT option between the two zones and when configuring the 2 interfaces on the same subnet but with different IP, nothing works. The device connected on the LAN interface, even with a static IP cannot communicate with the router and absolutely no traffic goes through the two wired interfaces. I've tried adding a LAN to LAN firewall rules juste in case (which does not makes sense anyway), but it does not change anything. The device alone in the LAN interface is completely isolated in this configuration.

How have you configured it on your side, more precisely for it to work?

Thanks!
by

Hello,

  

Yes, sorry, it seems like my suggested solution might not be the best here.

I'd need some more information regarding your setup and a troubleshoot file to check your exact configuration. Troubleshoot file can be generated by navigating to System → Administration → Troubleshoot and can be attached to the original post. It will only be visible to Teltonika moderators.

As for your configuration, could you clarify what devices you're using that communicate using SSDP? Perhaps the device that receives the SSDP message also sends a unicast response? 

This page might be of help when configuring the UDP Broadcast relay.

  

Best regards,
DaumantasG

by
I've tried launching the udp broadcast relay service using ssh with the help of the example command at the link you have provided, but it is still not working. I've also tested the config to relay Bonjour udp packets just for testing purpose and I was not able to make it work either. I have attached the troubleshoot logs to the original post. In short the setup is :

-SmartThings Hub behind the RUT240 with LTE failover.

-Multiple Smart Wifi devices that broadcast through SSDP to be discovered by the hub for initial configuration and pairing. (Smart plugs, speakers, smart bulbs, etc.)

At the moment I need to physically connect the SmartThings Hub to the main LAN for it to discover the new smart devices, add the devices, then physically reconnects the Hub behind the RUT240. After de device is added it can communicates with the hub but the traffic between them goes through the internet and not directly from the LAN through the RUT240.

I could keep the config as is since it works most of the time and physically changing the network of the Hub is not too much effort when adding new devices, but it would prevent the Hub to communicate directly with the Wifi devices when internet is down on the main LAN (which does not happened frequently in practice).

Let me know if you find something interesting in the logs and let's try a few more things and if it still does not work after this, I'll probably keep the config as is since I've spent too much time on this lol

Thanks!
by

Hello,

once more thing that could be tried is in the Network → Firewall → Zones, set input and forward to Accept in the WAN zone, as it might be the case that the router itself receives the SSDP packets and re-broadcasts them rather than just forwarding them to LAN. If that does not help, then try creating a traffic rule (Network → Firewall → Traffic Rules), that allows all UPD packets to be forwarded to the Device (input) zone instead of LAN.

Best regards,
DaumantasG

by

Sorry, the Zone was already configured to accept input and forward, I might have sent a troubleshoot log before putting back any settings as they were before some testing. It does not change anything.

Also, I already have an Input rule that allows TCP+UDP packets to the Router for every ports in the traffic rules :

Would that be the correct way to configure it?

Since it is still not working, I suspect the devices probably send a unicast packet to the Router address like you said and it does not get forwarded to anyone after that. I'll monitor the traffic to see if it is the case when I'll have more time.

If it is the case, what would be the best way for those unicast packet to reach the right host behind the RUT240?

Thanks again for your help

by
Hello,

  

That does seem correct. Let me know if you find some free time to monitor TCPdump and see how the packets are sent, as I'm honestly not sure what could be wrong here.

Best regards,
DaumantasG