Joined: 04 Mar 2021 Posts: 65 Location: Manchester
Posted: Thu Aug 11, 2022 21:11 Post subject: New Build - 08/03/2022 - r49626 Firewall On No Internet
I am using New Build - 08/03/2022 - r49626 and when I turn on the firewall and enable logs, I cannot access the router nor do I have internet access.
SPI Firewall - Enable
Nothing is checked but firewall logs are on and set to high.
Is anyone else experiencing the same issue?
I posted this on the New Build - 08/03/2022 - r49626 forum and a guru asked me to post a new topic which I have.
Cheers lads. _________________ Netgear R7000
DD-WRT DD-WRT v3.0-r50595 std (10/23/22)
Manchester
Enable dnsmasq- Yes
Encrypt DNS- NO
DNSCrypt Resolver- No Using Smart DNS
Cache DNSSEC Data- Yes
Validate DNS Replies (DNSSEC)- NO
Check Unsigned DNS Replies- NO
No DNS Rebind- Enable
Query DNS in Strict Order- Enable
Add Requestor MAC to DNS Query- Disable
RFC4039 Rapid Commit Support- Enable
Maximum Cached Entries- 1500
Joined: 18 Mar 2014 Posts: 12915 Location: Netherlands
Posted: Fri Aug 12, 2022 10:58 Post subject:
Yes but we need some more information
How is your network setup, e.g. is this router connected directly to the internet? if not how is it connected?
Have you reset the router to defaults?
If a router is reset to defaults and connected with its WAN port to the internet or LAN port of other router then it should work right out of the box provided the Local IP address of the router is different from other routers in its third octet.
e.g. if your main router is 192.168.1.1 then the new router has to be 192.168.2.1 _________________ Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399 Install guide R7800/XR500:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614 Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Joined: 31 Jul 2021 Posts: 2146 Location: All over YOUR webs
Posted: Fri Aug 12, 2022 11:31 Post subject:
You likely will need to reset device using the reset button and then access router via http://192.168.1.1 ideally connected wired to a laptop/Desktop PC.
Joined: 04 Mar 2021 Posts: 65 Location: Manchester
Posted: Fri Aug 19, 2022 5:17 Post subject:
Am I able to save my configuration, reset the router and then upload my saved configuration? Will this work? Should I do the reset from the back of the router or from the GUI? Cheers. _________________ Netgear R7000
DD-WRT DD-WRT v3.0-r50595 std (10/23/22)
Manchester
Enable dnsmasq- Yes
Encrypt DNS- NO
DNSCrypt Resolver- No Using Smart DNS
Cache DNSSEC Data- Yes
Validate DNS Replies (DNSSEC)- NO
Check Unsigned DNS Replies- NO
No DNS Rebind- Enable
Query DNS in Strict Order- Enable
Add Requestor MAC to DNS Query- Disable
RFC4039 Rapid Commit Support- Enable
Maximum Cached Entries- 1500
Joined: 18 Mar 2014 Posts: 12915 Location: Netherlands
Posted: Fri Aug 19, 2022 10:27 Post subject:
I glanced through your settings
An R7000 clocked overclocked to 2000 MHz? Now that is a recipe for instability
You have DNS settings which theoretically could work but in practice can give problems e.g.
Encrypt DNS and SmartDNS and you have Strict order enabled (and perhaps have also entered additional settings in the Additional DNSMasq options?)
Joined: 16 Nov 2015 Posts: 6446 Location: UK, London, just across the river..
Posted: Fri Aug 19, 2022 12:51 Post subject:
yep using various DNS encryption will not work as intended...stick to egc advice
yep 'firewall logs are on and set to high' will flood the syslog with garabidge stuff, will not make you more secure...unless you have an external syslog monitor and even thou its too much...and takes resources... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Joined: 04 Mar 2021 Posts: 65 Location: Manchester
Posted: Sun Aug 21, 2022 21:31 Post subject:
I glanced through your settings
An R7000 clocked overclocked to 2000 MHz? Now that is a recipe for instability - It is 1000 MHZ
You have DNS settings which theoretically could work but in practice can give problems e.g.
Encrypt DNS and SmartDNS and you have Strict order enabled (and perhaps have also entered additional settings in the Additional DNSMasq options?) - Nothing in additional settings.
Enable DNSmasq- Yes
Encrypt DNS -Yes
DNScrypt Resolver - Adguard-DNS
Validate DNS Replies (DNSSEC) -Enable
Check Unsigned DNS Replies-Enable
No DNS Rebind-Enable
Query DNS in Strict Order-Enable
These are my settings. What should I change?
My advice disable Strict order and use only SmartDNS with DoT or DoH for safe and encrypted DNS but of course there are other ways- How do I use Smart DNS with DoT or DoH? What is Dot and DoH and where do I find these settings? _________________ Netgear R7000
DD-WRT DD-WRT v3.0-r50595 std (10/23/22)
Manchester
Enable dnsmasq- Yes
Encrypt DNS- NO
DNSCrypt Resolver- No Using Smart DNS
Cache DNSSEC Data- Yes
Validate DNS Replies (DNSSEC)- NO
Check Unsigned DNS Replies- NO
No DNS Rebind- Enable
Query DNS in Strict Order- Enable
Add Requestor MAC to DNS Query- Disable
RFC4039 Rapid Commit Support- Enable
Maximum Cached Entries- 1500
Joined: 04 Mar 2021 Posts: 65 Location: Manchester
Posted: Fri Aug 26, 2022 10:08 Post subject:
How is your network setup, e.g. is this router connected directly to the internet? if not how is it connected? - Main router connected to DDWRT router so DDWRT router is more of a gateway. Internet is connected to the WAN Port from the main router. Firewall s currently on but logging is turned off.
Have you reset the router to defaults? - Yes, it has twice with NVRAM erased and set to defaults.
If a router is reset to defaults and connected with its WAN port to the internet or LAN port of other router then it should work right out of the box provided the Local IP address of the router is different from other routers in its third octet.
e.g. if your main router is 192.168.1.1 then the new router has to be 192.168.2.1 - It works fine, just wondering why when I turn the logs on from Firewall, the router misbehaves. I was adviced setting the logs to high would overload the router. What about setting the firewall logs to low? I hope this information helps and makes my question clearer.
Cheers.
- _________________ Netgear R7000
DD-WRT DD-WRT v3.0-r50595 std (10/23/22)
Manchester
Enable dnsmasq- Yes
Encrypt DNS- NO
DNSCrypt Resolver- No Using Smart DNS
Cache DNSSEC Data- Yes
Validate DNS Replies (DNSSEC)- NO
Check Unsigned DNS Replies- NO
No DNS Rebind- Enable
Query DNS in Strict Order- Enable
Add Requestor MAC to DNS Query- Disable
RFC4039 Rapid Commit Support- Enable
Maximum Cached Entries- 1500
Joined: 16 Nov 2015 Posts: 6446 Location: UK, London, just across the river..
Posted: Fri Aug 26, 2022 14:24 Post subject:
unless otherwise...or you are chasing a specific purpose...you don't need to turn firewall logs at all..
all "important" firewall events will be reported in the general syslog anyway...
your second router is not working...and its set up accordingly...than you have to start sowing pic of your set up, page by page...(remove the sensitive data, like your external IP or passwords/usernames and ect.)
as, it seams as user set up err... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Joined: 04 Mar 2021 Posts: 65 Location: Manchester
Posted: Fri Aug 26, 2022 22:18 Post subject:
Cheers for your help Guru. _________________ Netgear R7000
DD-WRT DD-WRT v3.0-r50595 std (10/23/22)
Manchester
Enable dnsmasq- Yes
Encrypt DNS- NO
DNSCrypt Resolver- No Using Smart DNS
Cache DNSSEC Data- Yes
Validate DNS Replies (DNSSEC)- NO
Check Unsigned DNS Replies- NO
No DNS Rebind- Enable
Query DNS in Strict Order- Enable
Add Requestor MAC to DNS Query- Disable
RFC4039 Rapid Commit Support- Enable
Maximum Cached Entries- 1500