FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

12678 questions

15063 answers

24130 comments

47082 members

0 votes
1,176 views 4 comments
by

We have just purchased 5 x RUT955 for testing before replacing 90+ "other" routers on our vessels.

We are having an issue with locking down by MAC address.

Router is configured and internet access is fine.  We then add IPTables to allow certain MAC addresses through to internet.

Once configured, we reboot the router, and the devices can access the internet for anywhere between 15 mins to an hour, then all of sudden reports "no internet access"

If we factory reset the router, reconfigure and leave out the rules, its fine.  Its only when we add the IPTable rules (See below).   We have updated the firmware to the latest release as published on the site, but this has not made any difference.

The rules being pushed are:

iptables -I INPUT -s 192.168.1.0/24 -j DROP ; iptables -I INPUT -m mac --mac-source E8:6A:64:0E:AE:67 -j ACCEPT ; iptables -I INPUT -m mac --mac-source 54:E1:AD:A4:C4:45 -j ACCEPT ; iptables -I INPUT -m mac --mac-source D9:56:82:FF:H6:H7 -j ACCEPT

Any advice would be appreciated as the guys are pulling their hair out with this one.

Thanks

2 Answers

0 votes
by

The router is loosing the default gateway , some bug they have.
This even happens after a reboot, very strange bug..



My workaround is to run this script every 5 mins in crontab.
#--------START-------------

default=`/sbin/route | grep -c default`

tmpfile="/tmp/testingdefaultgateway"

if [ ! -f "$tmpfile" ]; then #create file if missing.

        echo 0 >$tmpfile

fi

trigger=`cat $tmpfile | grep -c error`

if [ $default == 0 ]; then      #0 Error no default gateway

        echo "error" >>$tmpfile

        echo "Missing default gateway"

else

        echo 0 >$tmpfile

fi

if [ $trigger -ge 3 ];then      #Too many errors

        echo 0 >$tmpfile

        echo "Rebooting, missing default too long"

        reboot

fi

#-------------------END-------------
by
Thanks for the script, however, now going to have to dig around to find out how to use it in the RUT955.

Ultimately this may be the "nail in the coffin" for these devices, for us.

We need to deploy around 90 of them, fortunately we only have the test devices at the moment, and with this sort of bug it means they are unreliable.

I assume Teltonika are aware of the bug? if so, shocked thats its not been fixed given that its causing a critical issue for users, losing the gateway is not good.

We are either going to have to look at alternative routers (which is a shame), or sit tight till they fix the bug.  Unfortunately time is not on our side.

would of thought that there might be a simpler way to whitelist 2 or 3 devices and block everything else, but its now turning into a headache with this bug.
by
Same for us,  I am trying out the X11 when I get it, but if it's the same problem with very slow LTE speed and loosing gateway, then we give up on these routers.
0 votes
by
Did you try to add these iptables rules over WebUI?

Manually added iptables rules do not use standard firewall configuration and might be pulled down in list if firewall changes it's dynamic state.
by
They were added using Linux commands via the Firewall "Custom Rules" option.

I am not aware if there is any other option for specifying allowed MAC addresses, ie on my Draytek I simply input a list of MAC address that are allowed out to the internet.

The RUT955 doesn't seem to have a similar option, hence Linux commands.
by

Try to create rule without mac adress and edit /etc/config/firewal

You will find something similar to this:

config rule
    option  target      'REJECT'
    option  proto       'tcp'
    option  src         'lan'
    option  src_ip      '192.168.1.2'
    option  src_mac     '00:11:22:33:44:55'

Add to your created section src_mac option.