EDIT again ... just to warn anyone that may have this POS build on your EA8500.
You cannot boot back to the other part without losing all nvram settings. After using a backup to reload previous build you can then not use CLI to 'erase nvram' -- it does nothing.
This is the most screw up mess I have ever seen for a dual boot router.
Why you say???
Cause the nvram in this build is doubled soooo it no longer resides where it should so booting back is a totally lost cause. Been tinkering with this for while and my advice is don't put this on your EA8500.
http://svn.dd-wrt.com/ticket/6231#comment:4
BTW the dslreport.com last run above was from the WNDR3700v4 ... I'm glad I had it handy
Looks like they took this build down....off they server.
Wise choice --- thank you.
But nobody seems to bother giving a bit of an explanation?
What's going on here?
Just wondering,
DAC324
Lots problems --- the nvram issue being one and the broken QOS being the other that makes it unusable for me.
The previous build r35244 was better. I did run it for several days but I was not around and didn't touch it. Had some weird shit in its log getting to the point where security issues might actually be a problem plus 'erase nvram' does NOT work with it.
I'm running Kong r34800M on the EA8500 --- NOT SURE WHY but that is the latest Kong build I can run and also use DNSCrypt and everything works thru a reboot.
I've mentioned this in other threads but with my setup (and yea it has been rebuilt from scratch) Kong builds after r34800M will never get DNS after a reboot if DNSCrypt is on but that aint even the bad part --- it also leaves port 80 (from WAN side) open directly to router login page ... meaning anyone hitting my IP goes directly to router login page. Only way to fix it is wait until NTP has correct time then apply settings in services page. That works for 35030M but 34900M there is no way to correct it without disabling DNSCrypt, wait couple minutes then restart it.
Yea lots bad juju where ever you look. I know I sound pissy but really I'm not.
These guys work hard and give us shit for free to play with.
I am thankful Kong supports the EA8500.
Also thankful for the work BS does --- he has a lot to cover and it really isn't surprising many routers run-a-muck..... more about that here iffin you want to read it >> http://svn.dd-wrt.com/ticket/6231#comment:5
Joined: 16 Nov 2015 Posts: 6446 Location: UK, London, just across the river..
Posted: Mon Mar 19, 2018 7:37 Post subject:
mrjcd wrote:
Looks like they took this build down....off they server...
...even the bad part --- it also leaves port 80 (from WAN side) open directly to router login page ... meaning anyone hitting my IP goes directly to router login page. Only way to fix it is wait until NTP has correct time then apply settings in services page. That works for 35030M but 34900M there is no way to correct it without disabling DNSCrypt, wait couple minutes then restart it.
hmmm this story with port 80 WAN has always been like that even on BS builds...
that's why a bloke was talking about mitigating it with iptables rules...
i got this line on all my setups
iptables -I INPUT -s `nvram get lan_ipaddr`/`nvram get lan_netmask` -d `nvram get wan_ipaddr` -j DROP _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
yall may be missing the point....
my port 80 is forwarded to a http server (mrjcd.com).
I have run this setup on various routers for 16 years.
Latest builds with DNSCrypt enabled and upon a reboot will cause port 80 forward broken and directs it to the router login. Something is screwed somewhere.
Using newest builds with only DNS input in main setup page all works fine as should.
DNSCrypt on/off should never have any affect on what port forwards do or what port 80 does anyways.....but something is wrong in the code
it is not a "bug", it is feature...
you can just use "Filter WAN NAT Redirection" option...
Where is this option located? I went through the screens looking for it but must have missed it. _________________ --Netgear R7800--
DD-WRT v3.0-r49492 std (07/14/22)
well if i take down that iptable rule, i'm using i can see my log in page on my wan address
and than go to Filter WAN NAT Redirection even turned on or off if i dial my WAN address it still
gets me to my GUI log in page... so its a bug Filter WAN NAT Redirection has nothing common with this case.. _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Joined: 24 Feb 2013 Posts: 1634 Location: Belgrade
Posted: Mon Mar 19, 2018 13:58 Post subject:
that's not good for sure
I cannot reproduce it on my unit...
@mrjcd
what cat /tmp/.ipt tells you when that happens and before you hit apply on services.asp site?
@Alozaros
are you accessing WAN from within your LAN or from real outside IP (e.g your smartphone when outside of your home network using 3g/4g)?
And why port 80? Default is 8080 ddwrt remote web login?
did you tried Gibson test ?
that's not good for sure
I cannot reproduce it on my unit...
@mrjcd
what cat /tmp/.ipt tells you when that happens and before you hit apply on services.asp site?
@Alozaros
are you accessing WAN from within your LAN or from real outside IP (e.g your smartphone when outside of your home network using 3g/4g)?
And why port 80? Default is 8080 ddwrt remote web login?
did you tried Gibson test ?
I might look into a bit further when I get back.
The real problem here is it is a major disruption to do testing
And just to be clear --- when this happens I am talking about the WAN side (public Internet) ... when it is screwed any link that will hit my WAN IP goes straight to router login.
That's why I am afraid to run latest builds --- if power failure or reboot for any reason it will not recover.
I also could not reproduce this on second EA8500 but only had limited time to mess with it and also using my main local as its WAN is not the same as having a true public WAN ...Ill look into it more when time permits
Joined: 24 Feb 2013 Posts: 1634 Location: Belgrade
Posted: Mon Mar 19, 2018 14:22 Post subject:
it's strange...
I recall that httpd cannot listen on the same port on different interfaces...
e.g. if it listens on port 80 of your LAN (br0) cannot listen on port 80 of your WAN (eth0) at the same time...that's why ddwrt uses 8080 for remote http login...
so, I assume you are somehow hitting routers LAN sysinfo page...
Joined: 16 Nov 2015 Posts: 6446 Location: UK, London, just across the river..
Posted: Mon Mar 19, 2018 17:47 Post subject:
THE EQUIPMENT AT THE TARGET IP ADDRESS
DID NOT RESPOND TO OUR UPnP PROBES!
this is on last Kong build R7000 and R7800
i do have this iptable line now
without it if i test it from an outside IP like 4g or another Ip address outside of my ISP range i dont see my GUI anytime but if i test it from another WAN IP address from the range of my ISP yep i could see it however i cannot test it right now except i test it with 4G.. _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913