Posted: Wed Feb 09, 2022 16:42 Post subject: LAN routing problem on R7000P after r44251
I'm having a problem, where LAN traffic is not routed corretly to a virtual machine running on my server.
Any firmware after r44251 simply doesn't route some packets correctly. I can ping the VM ok, but I cannot access the Home Assistant server running on the VM port 8123. I can access the server hosting the VM and any other physical device on LAN but not the VM.
I can access the VM through Internet, so the VM seems to have some access to the network, but from inside LAN, all I can do is ping it.
I've tried resetting to factory settings after flash but nothing but reverting to max r44251 seems to work.
Joined: 31 Jul 2021 Posts: 2146 Location: All over YOUR webs
Posted: Sun May 22, 2022 14:39 Post subject:
Welcome to forums.
Without knowing your exact setup would be hard to tell, but such 2 year old build you cant restore any backups when moving to current build, after reset a full reconfiguration would be needed from scratch.
Much has changed in DD-WRT since then, so it may jus be a case of making some adjustmnets to your configuration.
Without knowing your exact setup would be hard to tell, but such 2 year old build you cant restore any backups when moving to current build, after reset a full reconfiguration would be needed from scratch.
Much has changed in DD-WRT since then, so it may jus be a case of making some adjustmnets to your configuration.
Please post screenshots of the setup and the output of iptables -vnL attached to your reply.
Thanks for the reply and sorry for taking so long for me to reply. Didn't get a notification of the reply and forgot the thread.
Decided to move routing to an OPNsense router and ran into the same problem. Monitoring OPNsense firewall logs revealed, that TCP/SA packets from VM were dropped. Little searching pointed to an asymetric routing problem. OPNsense FW setting "Bypass firewall rules for traffic on the same interface" fixes things in OPNsense. I guess something is wrong in my VM -> LAN config that causes LAN packets showing up at the firewall.
This is purely speculation since I haven't tested, but maybe something changed in the SPI firewall of dd-wrt after build r44251 that triggers some FW rule if packet is routed asymetrically? Maybe I would have caught this if I'd turned on FW logging when I were figuring this out
And forgot to mention, I did try newer builds after a full reset so I'm quite confident it's not a config issue.
Is the VM guest bridged or NAT'd wrt the primary network?
Many OSes these days (and even servers/appliances) have firewalls that will NOT allow access by a different *private* network other than the one on which it is hosted. The fact a *public* IP from remote access works is yet another sign this is a firewall problem, NOT a routing problem.