New Build - 08/03/2022 - r49626 Firewall On No Internet

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware
Author Message
manchesterblack
DD-WRT User


Joined: 04 Mar 2021
Posts: 65
Location: Manchester

PostPosted: Thu Aug 11, 2022 21:11    Post subject: New Build - 08/03/2022 - r49626 Firewall On No Internet Reply with quote
I am using New Build - 08/03/2022 - r49626 and when I turn on the firewall and enable logs, I cannot access the router nor do I have internet access.
SPI Firewall - Enable
Nothing is checked but firewall logs are on and set to high.
Is anyone else experiencing the same issue?
I posted this on the New Build - 08/03/2022 - r49626 forum and a guru asked me to post a new topic which I have.
Cheers lads.

_________________
Netgear R7000
DD-WRT DD-WRT v3.0-r50595 std (10/23/22)
Manchester
Enable dnsmasq- Yes
Encrypt DNS- NO
DNSCrypt Resolver- No Using Smart DNS
Cache DNSSEC Data- Yes
Validate DNS Replies (DNSSEC)- NO
Check Unsigned DNS Replies- NO
No DNS Rebind- Enable
Query DNS in Strict Order- Enable
Add Requestor MAC to DNS Query- Disable
RFC4039 Rapid Commit Support- Enable
Maximum Cached Entries- 1500

Smart DNS - YES

server-https https://9.9.9.9/dns-query
server-tls 9.9.9.9:853 -host-name: dns.quad9.net
server-tls 5.2.75.75:853 -host-name: dot.nl.ahadns.net
server-https https://1.1.1.1/dns-query

Additional VPN Configuration-
pull-filter ignore "dhcp-option DNS6 "
pull-filter ignore "dhcp-option DNS "

Dnsmasq Additional Options

server=/pool.ntp.org/9.9.9.9
server=/pool.ntp.org/1.0.0.1
server=/adquard-dns.com/9.9.9.9


BrainSlayer wrote:
we just do it since we do not like any restrictions enforced by stupid cocaine snorting managers
Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12812
Location: Netherlands

PostPosted: Fri Aug 12, 2022 10:58    Post subject: Reply with quote
Yes but we need some more information Smile

How is your network setup, e.g. is this router connected directly to the internet? if not how is it connected?

Have you reset the router to defaults?

If a router is reset to defaults and connected with its WAN port to the internet or LAN port of other router then it should work right out of the box provided the Local IP address of the router is different from other routers in its third octet.
e.g. if your main router is 192.168.1.1 then the new router has to be 192.168.2.1

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
the-joker
DD-WRT Developer/Maintainer


Joined: 31 Jul 2021
Posts: 2146
Location: All over YOUR webs

PostPosted: Fri Aug 12, 2022 11:31    Post subject: Reply with quote
You likely will need to reset device using the reset button and then access router via http://192.168.1.1 ideally connected wired to a laptop/Desktop PC.

Also clearing the browser cache may help CTRL+F5

Then read Broadcom forum FAQ – README and provide information necessary.

_________________
Saving your retinas from the burn!🔥
DD-WRT Inspired themes for routers
DD-WRT Inspired themes for the phpBB Forum
DD-WRT Inspired themes for the SVN Trac & FTP site
Join in for a chat @ #style_it_themes_public:matrix.org or #style_it_themes:discord

DD-WRT UI Themes Bug Reporting and Discussion thread

Router: ANus RT-AC68U E1 (recognized as C1)
manchesterblack
DD-WRT User


Joined: 04 Mar 2021
Posts: 65
Location: Manchester

PostPosted: Fri Aug 19, 2022 5:17    Post subject: Reply with quote
Am I able to save my configuration, reset the router and then upload my saved configuration? Will this work? Should I do the reset from the back of the router or from the GUI? Cheers.
_________________
Netgear R7000
DD-WRT DD-WRT v3.0-r50595 std (10/23/22)
Manchester
Enable dnsmasq- Yes
Encrypt DNS- NO
DNSCrypt Resolver- No Using Smart DNS
Cache DNSSEC Data- Yes
Validate DNS Replies (DNSSEC)- NO
Check Unsigned DNS Replies- NO
No DNS Rebind- Enable
Query DNS in Strict Order- Enable
Add Requestor MAC to DNS Query- Disable
RFC4039 Rapid Commit Support- Enable
Maximum Cached Entries- 1500

Smart DNS - YES

server-https https://9.9.9.9/dns-query
server-tls 9.9.9.9:853 -host-name: dns.quad9.net
server-tls 5.2.75.75:853 -host-name: dot.nl.ahadns.net
server-https https://1.1.1.1/dns-query

Additional VPN Configuration-
pull-filter ignore "dhcp-option DNS6 "
pull-filter ignore "dhcp-option DNS "

Dnsmasq Additional Options

server=/pool.ntp.org/9.9.9.9
server=/pool.ntp.org/1.0.0.1
server=/adquard-dns.com/9.9.9.9


BrainSlayer wrote:
we just do it since we do not like any restrictions enforced by stupid cocaine snorting managers
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12812
Location: Netherlands

PostPosted: Fri Aug 19, 2022 5:34    Post subject: Reply with quote
Unfortunately not, garbage out, garbage in Sad

You have to rebuild manually.

Using the reset button should work.

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12812
Location: Netherlands

PostPosted: Fri Aug 19, 2022 10:27    Post subject: Reply with quote
I glanced through your settings
An R7000 clocked overclocked to 2000 MHz? Now that is a recipe for instability

You have DNS settings which theoretically could work but in practice can give problems e.g.
Encrypt DNS and SmartDNS and you have Strict order enabled (and perhaps have also entered additional settings in the Additional DNSMasq options?)

My advice disable Strict order and use only SmartDNS with DoT or DoH for safe and encrypted DNS but of course there are other ways Smile

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6388
Location: UK, London, just across the river..

PostPosted: Fri Aug 19, 2022 12:51    Post subject: Reply with quote
yep using various DNS encryption will not work as intended...stick to egc advice
yep 'firewall logs are on and set to high' will flood the syslog with garabidge stuff, will not make you more secure...unless you have an external syslog monitor and even thou its too much...and takes resources...

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,AP Isolation,Ad-Block,Firewall
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear R7800 --DD-WRT 55363 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55363 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
manchesterblack
DD-WRT User


Joined: 04 Mar 2021
Posts: 65
Location: Manchester

PostPosted: Sun Aug 21, 2022 21:31    Post subject: Reply with quote
I glanced through your settings
An R7000 clocked overclocked to 2000 MHz? Now that is a recipe for instability - It is 1000 MHZ

You have DNS settings which theoretically could work but in practice can give problems e.g.
Encrypt DNS and SmartDNS and you have Strict order enabled (and perhaps have also entered additional settings in the Additional DNSMasq options?) - Nothing in additional settings.
Enable DNSmasq- Yes
Encrypt DNS -Yes
DNScrypt Resolver - Adguard-DNS
Validate DNS Replies (DNSSEC) -Enable
Check Unsigned DNS Replies-Enable
No DNS Rebind-Enable
Query DNS in Strict Order-Enable
These are my settings. What should I change?

My advice disable Strict order and use only SmartDNS with DoT or DoH for safe and encrypted DNS but of course there are other ways- How do I use Smart DNS with DoT or DoH? What is Dot and DoH and where do I find these settings?

_________________
Netgear R7000
DD-WRT DD-WRT v3.0-r50595 std (10/23/22)
Manchester
Enable dnsmasq- Yes
Encrypt DNS- NO
DNSCrypt Resolver- No Using Smart DNS
Cache DNSSEC Data- Yes
Validate DNS Replies (DNSSEC)- NO
Check Unsigned DNS Replies- NO
No DNS Rebind- Enable
Query DNS in Strict Order- Enable
Add Requestor MAC to DNS Query- Disable
RFC4039 Rapid Commit Support- Enable
Maximum Cached Entries- 1500

Smart DNS - YES

server-https https://9.9.9.9/dns-query
server-tls 9.9.9.9:853 -host-name: dns.quad9.net
server-tls 5.2.75.75:853 -host-name: dot.nl.ahadns.net
server-https https://1.1.1.1/dns-query

Additional VPN Configuration-
pull-filter ignore "dhcp-option DNS6 "
pull-filter ignore "dhcp-option DNS "

Dnsmasq Additional Options

server=/pool.ntp.org/9.9.9.9
server=/pool.ntp.org/1.0.0.1
server=/adquard-dns.com/9.9.9.9


BrainSlayer wrote:
we just do it since we do not like any restrictions enforced by stupid cocaine snorting managers
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6388
Location: UK, London, just across the river..

PostPosted: Mon Aug 22, 2022 8:52    Post subject: Reply with quote
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=332714
_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,AP Isolation,Ad-Block,Firewall
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear R7800 --DD-WRT 55363 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55363 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12812
Location: Netherlands

PostPosted: Mon Aug 22, 2022 9:41    Post subject: Reply with quote
DoT, DoH: https://help.nextdns.io/t/x2hmvas/what-is-dns-over-tls-dot-dns-over-quic-doq-and-dns-over-https-doh-doh3

SmartDNS guide (a sticky in the Advanced Networking forum):
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=323896

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
manchesterblack
DD-WRT User


Joined: 04 Mar 2021
Posts: 65
Location: Manchester

PostPosted: Fri Aug 26, 2022 10:08    Post subject: Reply with quote
How is your network setup, e.g. is this router connected directly to the internet? if not how is it connected? - Main router connected to DDWRT router so DDWRT router is more of a gateway. Internet is connected to the WAN Port from the main router. Firewall s currently on but logging is turned off.

Have you reset the router to defaults? - Yes, it has twice with NVRAM erased and set to defaults.

If a router is reset to defaults and connected with its WAN port to the internet or LAN port of other router then it should work right out of the box provided the Local IP address of the router is different from other routers in its third octet.
e.g. if your main router is 192.168.1.1 then the new router has to be 192.168.2.1 - It works fine, just wondering why when I turn the logs on from Firewall, the router misbehaves. I was adviced setting the logs to high would overload the router. What about setting the firewall logs to low? I hope this information helps and makes my question clearer.
Cheers.
-

_________________
Netgear R7000
DD-WRT DD-WRT v3.0-r50595 std (10/23/22)
Manchester
Enable dnsmasq- Yes
Encrypt DNS- NO
DNSCrypt Resolver- No Using Smart DNS
Cache DNSSEC Data- Yes
Validate DNS Replies (DNSSEC)- NO
Check Unsigned DNS Replies- NO
No DNS Rebind- Enable
Query DNS in Strict Order- Enable
Add Requestor MAC to DNS Query- Disable
RFC4039 Rapid Commit Support- Enable
Maximum Cached Entries- 1500

Smart DNS - YES

server-https https://9.9.9.9/dns-query
server-tls 9.9.9.9:853 -host-name: dns.quad9.net
server-tls 5.2.75.75:853 -host-name: dot.nl.ahadns.net
server-https https://1.1.1.1/dns-query

Additional VPN Configuration-
pull-filter ignore "dhcp-option DNS6 "
pull-filter ignore "dhcp-option DNS "

Dnsmasq Additional Options

server=/pool.ntp.org/9.9.9.9
server=/pool.ntp.org/1.0.0.1
server=/adquard-dns.com/9.9.9.9


BrainSlayer wrote:
we just do it since we do not like any restrictions enforced by stupid cocaine snorting managers
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6388
Location: UK, London, just across the river..

PostPosted: Fri Aug 26, 2022 14:24    Post subject: Reply with quote
unless otherwise...or you are chasing a specific purpose...you don't need to turn firewall logs at all..

all "important" firewall events will be reported in the general syslog anyway...

your second router is not working...and its set up accordingly...than you have to start sowing pic of your set up, page by page...(remove the sensitive data, like your external IP or passwords/usernames and ect.)

as, it seams as user set up err...Rolling Eyes

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,AP Isolation,Ad-Block,Firewall
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear R7800 --DD-WRT 55363 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55363 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
manchesterblack
DD-WRT User


Joined: 04 Mar 2021
Posts: 65
Location: Manchester

PostPosted: Fri Aug 26, 2022 22:18    Post subject: Reply with quote
Cheers for your help Guru.
_________________
Netgear R7000
DD-WRT DD-WRT v3.0-r50595 std (10/23/22)
Manchester
Enable dnsmasq- Yes
Encrypt DNS- NO
DNSCrypt Resolver- No Using Smart DNS
Cache DNSSEC Data- Yes
Validate DNS Replies (DNSSEC)- NO
Check Unsigned DNS Replies- NO
No DNS Rebind- Enable
Query DNS in Strict Order- Enable
Add Requestor MAC to DNS Query- Disable
RFC4039 Rapid Commit Support- Enable
Maximum Cached Entries- 1500

Smart DNS - YES

server-https https://9.9.9.9/dns-query
server-tls 9.9.9.9:853 -host-name: dns.quad9.net
server-tls 5.2.75.75:853 -host-name: dot.nl.ahadns.net
server-https https://1.1.1.1/dns-query

Additional VPN Configuration-
pull-filter ignore "dhcp-option DNS6 "
pull-filter ignore "dhcp-option DNS "

Dnsmasq Additional Options

server=/pool.ntp.org/9.9.9.9
server=/pool.ntp.org/1.0.0.1
server=/adquard-dns.com/9.9.9.9


BrainSlayer wrote:
we just do it since we do not like any restrictions enforced by stupid cocaine snorting managers
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum