A forum to discuss the Gargoyle web interface for Openwrt
https://www.gargoyle-router.com/phpbb/
As a follow up to myself, i just spun up Gargoyle on a virtual machine (works quite well! never tried that before), and port forwarding was fine. Would check your network configuration.Lantis wrote:I made a change to try auto configuration of the WAN and LAN devices. It is possible that the roles of the ports has reversed between RC2 and RC3. Have you checked this? The change shouldn’t break port forwarding itself though.bluegravy wrote:Eric...
Some observations...since x86 1.11_RC3 was released it appears that port forwarding on x86 platform is possibly broken. I cannot reach my LAN devices from remote port 80 to local port 3389--Remote Desktop.
If you have a /etc/config/network file from RC2 and RC3/4 that you could provide for me to compare that would be beneficial. Please be mindful to remove any passwords or identifiable information.
Yes, I can force the problem (just put on higher channel and reboot). Where are logread and dmesg located? It already took some effort for me to figure out how to retrieve the other file, but I don't know where this is.Lantis wrote:Sure, it might be a bit of a strange assumption to make, and maybe even “lazy coding” but it works. There’s no reason for you to add any repository pointing to the Gargoyle site that isn’t there by default. Openwrt the argument could be made, sure.
Nothing out of the ordinary in your settings.
Could you force the problem with a reboot, and provide a logread and dmesg immediately after the problem occurs please?
viewtopic.php?f=8&t=8505Waterspuwer wrote: Yes, I can force the problem (just put on higher channel and reboot). Where are logread and dmesg located? It already took some effort for me to figure out how to retrieve the other file, but I don't know where this is.
I made a typo. I meant to say channel 36. Either way, I reloaded the RC4 release on the WRT1900AC and it works fine now.Lantis wrote:I made a change to try auto configuration of the WAN and LAN devices. It is possible that the roles of the ports has reversed between RC2 and RC3. Have you checked this? The change shouldn’t break port forwarding itself though.bluegravy wrote:Eric...
Some observations...since x86 1.11_RC3 was released it appears that port forwarding on x86 platform is possibly broken. I cannot reach my LAN devices from remote port 80 to local port 3389--Remote Desktop.
If you have a /etc/config/network file from RC2 and RC3/4 that you could provide for me to compare that would be beneficial. Please be mindful to remove any passwords or identifiable information.
You shouldn’t be able to select channel 39, it isn’t a channel we make available. Can you confirm exactly what you are setting there? A screenshot should be fine.Next, on my Linksys WRT1900AC device. The gargoyle_1.11.x-mvebu-cortexa9-linksys-wrt1900ac-squashfs-sysupgrade. Since RC1, it seems that if I try to change my 5Ghz channel to anything except channel 39, it shuts off. LED turns off and nothing on 5Ghz is being seen by the devices, even though the config page shows it is on and working.
Please advise if you need further documentation, screen shots, etc.
Thanks,
Andy
Happy to check. I've been pulling my hair out on this. Last night (as I mentioned in my other post) I blew everything out and started from scratch on the x86 machine. I realized that I had been restoring the config and that surely was hosing things up. So, I started from scratch, reloaded the RC4 image and set it all back up. Voila! Port forwarding worked--the WAN was receiving my incoming RDP request on port 80 and Gargoyle was sending it out on 3389 and I could establish my remote desktop from the internet. Great. I went to bed, woke up 8 hours later and it stopped working.Lantis wrote:As a follow up to myself, i just spun up Gargoyle on a virtual machine (works quite well! never tried that before), and port forwarding was fine. Would check your network configuration.Lantis wrote:I made a change to try auto configuration of the WAN and LAN devices. It is possible that the roles of the ports has reversed between RC2 and RC3. Have you checked this? The change shouldn’t break port forwarding itself though.bluegravy wrote:Eric...
Some observations...since x86 1.11_RC3 was released it appears that port forwarding on x86 platform is possibly broken. I cannot reach my LAN devices from remote port 80 to local port 3389--Remote Desktop.
If you have a /etc/config/network file from RC2 and RC3/4 that you could provide for me to compare that would be beneficial. Please be mindful to remove any passwords or identifiable information.
Code: Select all
config redirect 'redirect_enabled_number_0'
option name 'RDP'
option src 'wan'
option dest 'lan'
option proto 'tcp'
option src_dport '80'
option dest_ip '192.168.10.1'
option dest_port '3389'
config redirect 'redirect_enabled_number_1'
option name 'RDP'
option src 'wan'
option dest 'lan'
option proto 'udp'
option src_dport '80'
option dest_ip '192.168.10.1'
option dest_port '3389'Code: Select all
root@Gargoyle:~# /etc/init.d/firewall restart
Warning: Option @defaults[0].force_router_dns is unknown
Warning: Option @defaults[0].enforce_dhcp_assignments is unknown
Warning: Section 'redirect_enabled_number_0' has no target specified, defaulting to DNAT
Warning: Section 'redirect_enabled_number_1' has no target specified, defaulting to DNAT
* Flushing IPv4 filter table
* Flushing IPv4 nat table
* Flushing IPv4 mangle table
* Flushing IPv6 filter table
* Flushing IPv6 mangle table
* Flushing conntrack table ...
* Populating IPv4 filter table
* Rule 'Allow-DHCP-Renew'
* Rule 'Allow-Ping'
* Rule 'Allow-IGMP'
* Rule 'Allow-IPSec-ESP'
* Rule 'Allow-ISAKMP'
* Redirect 'RDP'
* Redirect 'RDP'
* Forward 'lan' -> 'wan'
* Zone 'lan'
* Zone 'wan'
* Populating IPv4 nat table
* Redirect 'RDP'
* Redirect 'RDP'
* Zone 'lan'
* Zone 'wan'
* Populating IPv4 mangle table
* Zone 'lan'
* Zone 'wan'
* Populating IPv6 filter table
* Rule 'Allow-DHCPv6'
* Rule 'Allow-MLD'
* Rule 'Allow-ICMPv6-Input'
* Rule 'Allow-ICMPv6-Forward'
* Rule 'Allow-IPSec-ESP'
* Rule 'Allow-ISAKMP'
* Forward 'lan' -> 'wan'
* Zone 'lan'
* Zone 'wan'
* Populating IPv6 mangle table
* Zone 'lan'
* Zone 'wan'
* Set tcp_ecn to off
* Set tcp_syncookies to on
* Set tcp_window_scaling to on
* Running script '/etc/firewall.user'
* Running script '/usr/lib/gargoyle_firewall_util/gargoyle_additions.firewall'
iptables: No chain/target/match by that name.
* Running script '/usr/share/miniupnpd/firewall.include'
* Running script '/etc/openvpn.firewall'
* Running script '/etc/tor.firewall'Code: Select all
config forwarding
option src 'wan'
option dest 'lan'Code: Select all
root@Gargoyle:~# cat /etc/config/firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option force_router_dns '1'
option enforce_dhcp_assignments '1'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'wan'
option dest 'lan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
option reload '1'
config include
option type 'script'
option path '/usr/lib/gargoyle_firewall_util/gargoyle_additions.firewall'
option family 'IPv4'
option reload '1'
config include 'miniupnpd'
option type 'script'
option path '/usr/share/miniupnpd/firewall.include'
option family 'any'
option reload '1'
config include 'openvpn_include_file'
option path '/etc/openvpn.firewall'
option reload '1'
config include 'tor_include_file'
option path '/etc/tor.firewall'
option reload '1'
config remote_accept 'ra_443_443'
option local_port '443'
option remote_port '443'
option proto 'tcp'
option zone 'wan'
config remote_accept 'ra_80_80'
option local_port '80'
option remote_port '80'
option proto 'tcp'
option zone 'wan'
config remote_accept 'ra_22_22'
option local_port '22'
option remote_port '22'
option proto 'tcp'
option zone 'wan'
config redirect 'redirect_enabled_number_0'
option name 'RDP'
option src 'wan'
option dest 'lan'
option proto 'tcp'
option src_dport '80'
option dest_ip '192.168.10.1'
option dest_port '3389'
config redirect 'redirect_enabled_number_1'
option name 'RDP'
option src 'wan'
option dest 'lan'
option proto 'udp'
option src_dport '80'
option dest_ip '192.168.10.1'
option dest_port '3389'
root@Gargoyle:~#
root@Gargoyle:~# /etc/init.d/firewall restart
Warning: Option @defaults[0].force_router_dns is unknown
Warning: Option @defaults[0].enforce_dhcp_assignments is unknown
Warning: Section 'redirect_enabled_number_0' has no target specified, defaulting to DNAT
Warning: Section 'redirect_enabled_number_1' has no target specified, defaulting to DNAT
* Flushing IPv4 filter table
* Flushing IPv4 nat table
* Flushing IPv4 mangle table
* Flushing IPv6 filter table
* Flushing IPv6 mangle table
* Flushing conntrack table ...
* Populating IPv4 filter table
* Rule 'Allow-DHCP-Renew'
* Rule 'Allow-Ping'
* Rule 'Allow-IGMP'
* Rule 'Allow-IPSec-ESP'
* Rule 'Allow-ISAKMP'
* Redirect 'RDP'
* Redirect 'RDP'
* Forward 'wan' -> 'lan'
* Zone 'lan'
* Zone 'wan'
* Populating IPv4 nat table
* Redirect 'RDP'
* Redirect 'RDP'
* Zone 'lan'
* Zone 'wan'
* Populating IPv4 mangle table
* Zone 'lan'
* Zone 'wan'
* Populating IPv6 filter table
* Rule 'Allow-DHCPv6'
* Rule 'Allow-MLD'
* Rule 'Allow-ICMPv6-Input'
* Rule 'Allow-ICMPv6-Forward'
* Rule 'Allow-IPSec-ESP'
* Rule 'Allow-ISAKMP'
* Forward 'wan' -> 'lan'
* Zone 'lan'
* Zone 'wan'
* Populating IPv6 mangle table
* Zone 'lan'
* Zone 'wan'
* Set tcp_ecn to off
* Set tcp_syncookies to on
* Set tcp_window_scaling to on
* Running script '/etc/firewall.user'
* Running script '/usr/lib/gargoyle_firewall_util/gargoyle_additions.firewall'
iptables: No chain/target/match by that name.
* Running script '/usr/share/miniupnpd/firewall.include'
* Running script '/etc/openvpn.firewall'
* Running script '/etc/tor.firewall'
root@Gargoyle:~#Code: Select all
root@Gargoyle:~# cat /etc/config/network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fde1:61f3:dcab::/48'
config interface 'lan'
option type 'bridge'
option ifname 'eth0'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.10.27'
option dns '1.1.1.1 1.0.0.1'
config interface 'wan'
option ifname 'eth1'
option proto 'dhcp'
option ipv6 '0'
option dns '1.1.1.1 1.0.0.1'
option peerdns '0'
config interface 'wan6'
option ifname 'eth1'
option proto 'dhcpv6'
root@Gargoyle:~#