DMZ, loopback web access and dnsmasq problems

[nicram]

Hello!
This is my first post here, i'm sorry if i will miss something or i will make some other mistakes

I'm using TL-WR1043ND v1.8. I installed Gargoyle stable 1.4.4. after freezing of original firmware after few days of router working (same problem with two different routers).

I contacted with TP-Link support, they are very helpfully and very professional i must say, i very like it, but still no solution for me (it must be problem with all my specific configuration).

My connection is PPPoE connected by WAN. I'm using wireless AP mode, 802.11 b/g, WPA-PSK, channel 11. I setup static IP for my computer (192.168.1.108) which is connected by wifi (intel 4965). I setup DMZ for this IP. I also configure DDNS which is working well (no-ip). On my computer there is workin some Apache web server and simple web. The problem is, it do not work when i try to load it using external IP, or domain name (that is pointing to it).

When i try to connect with it directly from the router (i login with ssh, i use telnet on port 80) there is:

Code: Select all

telnet: cannot connect to remote host (78.xx.234.xxx): Connection refused

I of course configure web administration on different port (9090), and didn't enabled remote web access.

From outside world, DMZ works well! I connect from few other computers from few locations and my computer respond well sending the site without any problems. Only my computer can't load page using external IP.

Funny, that SSH using external IP workin fine (i enabled ssh for remote access, and i can connect to router by ssh from my computer).

This is first problem. Second one i have is with dnsmasq. I was wondering if i can check how pppoe connection is going on, and how the srvices workin but when i do logread this is what i found:

Code: Select all

...
Dec 24 01:30:30 berlin daemon.warn dnsmasq-dhcp[9888]: DHCP packet received on eth0.2 which has no address
Dec 24 01:30:32 berlin daemon.warn dnsmasq-dhcp[9888]: DHCP packet received on eth0.2 which has no address
Dec 24 01:30:32 berlin daemon.warn dnsmasq-dhcp[9888]: DHCP packet received on eth0.2 which has no address
Dec 24 01:30:33 berlin daemon.warn dnsmasq-dhcp[9888]: DHCP packet received on eth0.2 which has no address
Dec 24 01:30:33 berlin daemon.warn dnsmasq-dhcp[9888]: DHCP packet received on eth0.2 which has no address
Dec 24 01:30:34 berlin daemon.warn dnsmasq-dhcp[9888]: DHCP packet received on eth0.2 which has no address
..

Many many many of such logs. I restarted the service but it didn't help.

I'm wondering, why is that?
I'm not really Linux guy, i always worked with some bsds, and windows, so if someone can help me, i will be very gratefully

Some more info that may help:
after dnsmasq restart:

Code: Select all

Dec 24 01:32:31 berlin user.notice dnsmasq: DNS rebinding protection is active, will discard upstream RFC1918 responses!
Dec 24 01:32:31 berlin user.notice dnsmasq: Allowing 127.0.0.0/8 responses
Dec 24 01:32:34 berlin daemon.info dnsmasq[10029]: started, version 2.55 cachesize 150
Dec 24 01:32:34 berlin daemon.info dnsmasq[10029]: compile time options: IPv6 GNU-getopt no-DBus no-I18N DHCP TFTP
Dec 24 01:32:34 berlin daemon.info dnsmasq-dhcp[10029]: DHCP, IP range 192.168.1.100 -- 192.168.1.250, lease time 12h
Dec 24 01:32:34 berlin daemon.info dnsmasq[10029]: using local addresses only for domain lan
Dec 24 01:32:34 berlin daemon.info dnsmasq[10029]: reading /tmp/resolv.conf.auto
Dec 24 01:32:34 berlin daemon.info dnsmasq[10029]: using nameserver 217.30.137.200#53
Dec 24 01:32:34 berlin daemon.info dnsmasq[10029]: using nameserver 217.30.129.149#53
Dec 24 01:32:34 berlin daemon.warn dnsmasq[10029]: ignoring nameserver 192.168.1.1 - local interface
Dec 24 01:32:34 berlin daemon.info dnsmasq[10029]: using local addresses only for domain lan
Dec 24 01:32:34 berlin daemon.info dnsmasq[10029]: read /etc/hosts - 3 addresses
Dec 24 01:32:34 berlin daemon.info dnsmasq-dhcp[10029]: read /etc/ethers - 1 addresses

/etc/hosts

Code: Select all

127.0.0.1       localhost.
192.168.1.1     berlin
192.168.1.108   Spitfire

/etc/ethers

Code: Select all

00:13:e8:aa:aa:aa       192.168.1.108

/etc/config# cat network

Code: Select all

config 'interface' 'loopback'
        option 'ifname' 'lo'
        option 'proto' 'static'
        option 'ipaddr' '127.0.0.1'
        option 'netmask' '255.0.0.0'

config 'interface' 'lan'
        option 'ifname' 'eth0.1'
        option 'type' 'bridge'
        option 'proto' 'static'
        option 'ipaddr' '192.168.1.1'
        option 'netmask' '255.255.255.0'
        option 'dns' '192.168.1.1'

config 'interface' 'wan'
        option 'ifname' 'eth0.2'
        option 'proto' 'pppoe'
        option 'username' 'xxx'
        option 'password' 'xxx'
        option 'keepalive' '6 5'

config 'switch'
        option 'name' 'rtl8366rb'
        option 'reset' '1'
        option 'enable_vlan' '1'

config 'switch_vlan'
        option 'device' 'rtl8366rb'
        option 'vlan' '1'
        option 'ports' '1 2 3 4 5t'

config 'switch_vlan'
        option 'device' 'rtl8366rb'
        option 'vlan' '2'
        option 'ports' '0 5t'

/etc/config# cat wireless

Code: Select all

config 'wifi-device' 'radio0'
        option 'type' 'mac80211'
        option 'channel' '11'
        option 'macaddr' 'xxx'
        option 'htmode' 'HT20'
        list 'ht_capab' 'SHORT-GI-40'
        list 'ht_capab' 'DSSS_CCK-40'
        option 'hwmode' '11g'

config 'wifi-iface' 'apcfg'
        option 'device' 'radio0'
        option 'mode' 'ap'
        option 'network' 'lan'
        option 'ssid' 'berlin'
        option 'encryption' 'psk'
        option 'key' 'xxx'

/etc/config# cat dhcp

Code: Select all

config 'dnsmasq'
        option 'domainneeded' '1'
        option 'boguspriv' '1'
        option 'filterwin2k' '0'
        option 'localise_queries' '1'
        option 'rebind_protection' '1'
        option 'rebind_localhost' '1'
        option 'local' '/lan/'
        option 'expandhosts' '1'
        option 'nonegcache' '0'
        option 'authoritative' '1'
        option 'readethers' '1'
        option 'leasefile' '/tmp/dhcp.leases'
        option 'resolvfile' '/tmp/resolv.conf.auto'
        option 'domain' 'workgroup'

config 'dhcp' 'lan'
        option 'interface' 'lan'
        option 'start' '100'
        option 'limit' '150'
        option 'leasetime' '12h'

config 'dhcp' 'wan'
        option 'interface' 'wan

If i should give some more info, please let me know.
Thanks for any kind of reply.
Best Regards

[ispyisail]

I setup static IP for my computer (192.168.1.108)

why not DHCP? less chance of error

[ispyisail]

Can you draw a network diagram and post it?

What about upgrading to
http://www.gargoyle-router.com/phpbb/vi ... f=7&t=2108

Then backup the config and post.

We could then load your config on our routers and see what is going on!

[nicram]

Can you draw a network diagram and post it?

What about upgrading to
http://www.gargoyle-router.com/phpbb/vi ... f=7&t=2108

Then backup the config and post.

We could then load your config on our routers and see what is going on!

Hello!
Thank You for reply
I add attachment with network diagram.
Will http://www.gargoyle-router.com/phpbb/vi ... f=7&t=2108 work with my device without problem? Should i use standard web gui to upgrade? This is my first day using Gargoyle

[ispyisail]

Should i use standard web gui to upgrade?

yes

[ispyisail]

Nice diagram

Why the static IP address on the notebook? The first thing I would do is change it to DHCP for testing

[nicram]

I use static IP because i use some services like VNC, web server, phone remote controll, RDP. Many times i must have access to this computer, so it almost always on. Also static IP is the only way of making DMZ i think, because DMZ is configured by IP, so i make it static for my laptop. It's made static from gargoyle interface, so it's still use DHCP for that (assign by MAC).

Shouls i use factory, or sysupgrade to upgrade it?
Thank You for soo fast reply

[ispyisail]

sysupgrade

[ispyisail]

When i try to connect with it directly from the router (i login with ssh, i use telnet on port 80) there is:

Code: Select all
telnet: cannot connect to remote host (78.xx.234.xxx): Connection refused

telnet on port 80?

With your laptop (I wish your had numbered your devices) your trying to connect to your "gargoyle router" for the command line prompt?

[ispyisail]

have you tried putty with SSH on port 22?