Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Author Topic: VMG1312-B10A LAN Routing  (Read 3057 times)

KingJ

  • Member
  • **
  • Posts: 44
  • ¯\_(ツ)_/¯
    • Miscellaneous Knowledge
VMG1312-B10A LAN Routing
« on: February 03, 2018, 11:54:54 PM »

I've just swapped out my VMG1312-B10D for a VMG1312-B10A to see if it performs any better on my line. However, the B10A is having some internal routing issues that the B10D didn't have.

Simply put, the routing table appears to be completely ignored, leaving it unresponsive on the web interface or telnet except if from a host on the same subnet. If you try to access it from any other subnet, although my router routes the traffic to it, no response is sent out from the VMG1312-B10A back to the router again.

I'm completely stumped as to why this might be. All of the settings are identical and the routing table shows the correct entries. For now, i've had to put in a reverse proxy so that I can access the web interface/telnet interface from my PC and MyDSLWebStats monitor respectively, both of which sit on different subnets to the VMG1312-B10A.

I've attached a few screenshots of the configuration/status. I've hit the 3 screenshot limit, so I wasn't able to screenshot the interface group settings - but everything is in the default group except for a WAN group - which contains the VDSL bridge and LAN4.

Has anyone else come across this before? I'm absolutely stumped!
Logged

hushcoden

  • Reg Member
  • ***
  • Posts: 429
Re: VMG1312-B10A LAN Routing
« Reply #1 on: February 04, 2018, 10:44:15 AM »

I am afraid I can't help, but just to share my personal experience with this modem - here the post of the issue http://forum.kitz.co.uk/index.php/topic,20901.0.html

Bottom line, while this seems to be a little beast (rock solid) when used as a 'pure' (bridge) modem (and I am currently using it in bridge mode), it doesn't perform as well as a standard modem/router (i.e. one the issues that I am aware of is the IPv6 feature which it's broken but it works properly in the VMG1312-B10D)

That said, I am sure one of the techies in this forum will be able to shed some light about your problem.
Logged

KingJ

  • Member
  • **
  • Posts: 44
  • ¯\_(ツ)_/¯
    • Miscellaneous Knowledge
Re: VMG1312-B10A LAN Routing
« Reply #2 on: February 04, 2018, 11:23:17 AM »

That is interesting. Although I am using it in bridge mode, that would indeed match up with my difficulties with regards to routing.

Poking around a bit, I noticed that AAISP listed Static Routes as a bug on their wiki. I tried deleting the static route and re-adding it via the CLI, but to no avail. Interestingly the CLI does seem to spit out an error when adding it, even though it still shows up in the routing table.


Code: [Select]
> route add 10.0.0.0 255.0.0.0 gw 10.1.2.1 dev br0

dalStaticRoute_addEntry add a route is OK.
telnetd:error:345.901:changedParamsCallbackFunc:677:The param value is NULL..
=========== Setting success please wait 5 sec ===========
Config saved to flash.
 > route show
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.2.0     *               255.255.255.0   U     0      0        0 br1
10.1.2.0        *               255.255.255.0   U     0      0        0 br0
10.0.0.0        10.1.2.1        255.0.0.0       UG    0      0        0 br0
Logged

KingJ

  • Member
  • **
  • Posts: 44
  • ¯\_(ツ)_/¯
    • Miscellaneous Knowledge
Re: VMG1312-B10A LAN Routing
« Reply #3 on: February 24, 2018, 12:12:59 PM »

Right, i'm not so sure this is a routing issue after all.

For fun, I tried redistributing my OSPF routing in to RIP on my firewall/router just for the Zyxel, and enabled passive RIP on the Zyxel's LAN interface. The Zyxel picked up my full routing table and installed it. However, I still was unable to get a response out of it. Interestingly, when I tried pinging from the Zyxel it did seem to use the route correctly, but never acknowledged the response coming back. A tcpdump on my firewall/router's interface that sits on the Zyxel's subnet showed the ping going out from the Zyxel to the target, and the target responding - but the Zyxel always responded saying that the ping had timed out.

So this got me thinking... clearly the routing is working - but the Zyxel is ignoring the response. Is there some sort of filtering involved?

I already had the firewall disabled, so it couldn't be that. However, there is a "Remote Management" section - which by default only permits access to the Zyxel's services (HTTP, SSH etc) via the LAN. Which got me thinking again - is it dropping any traffic to its services that originate outside of the LAN subnet defined in the Home Networking section? I tried enabling access from the Trust Domain and shoved in my entire local /8. Unfortunately, still no result. I also tried entering a specific /32 from a host that was trying to access it - again no result.

So the next step... drop down on to the busybox shell and examine the iptables rules. There were a huge number of rules shown on the iptables -L output, but at a glance I couldn't see anything amiss. The subnets i'd defined on the Trust Domain had permit entries on the iptables rules so that all seemed correct.

So ultimately, it came down to the nuclear option - disabling all itpables rules. I'm in bridge mode anyway with TR-069 disabled, and the LAN interface of the Zyxel sits on a heavily firewalled subnet, so what would happen if I removed all of the iptables rules and just permitted everything? I ran the following commands to clear all of the IPv4 rules;

Code: [Select]
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -t nat -F
iptables -t mangle -F
iptables -F
iptables -X

And then as if by magic... I could access the Zyxel's web interface, SSH, ping etc from hosts outside of the Zyxel's subnet. Hurrah!

So ultimately, I don't think this was a routing issue, but a firewall issue on the Zyxel itself. Later on, i'm going to try switching back from dynamic routing to static routing and see if that works, and also have a look over the original iptables list and see if there's anything that stands out.

Edit: Yep, switching back from dynamic routing to static routing and it still works.

Edit 2: Of course, this doesn't persist after a reboot! The same faulty ruleset is applied after a reboot.
« Last Edit: February 24, 2018, 12:30:00 PM by KingJ »
Logged

burakkucat

  • Respected
  • Senior Kitizen
  • *
  • Posts: 38300
  • Over the Rainbow Bridge
    • The ELRepo Project
Re: VMG1312-B10A LAN Routing
« Reply #4 on: February 24, 2018, 05:36:00 PM »

I have had a thought . . .

From the Busybox shell you manipulate the iptables rules (both IPv4 & IPv6) to your requirements. What is the result of exiting the shell back to the ZyXEL CLI ' > ' prompt and then issuing a save command? Do the settings now survive a power-cycle?  :-\

The ZyXEL VMG1312 Broadband Router CLI Reference Manual (Version 1.0, 04/22/2013), page 44, shows the following --

                        SAVE

NAME

save – save current configuration to the flash memory

SYNOPSIS

      save

DESCRIPTION

save is a CLI command used to save current configuration to flash memory.

EXAMPLES

° Save all current configuration to flash memory.
     > save

Logged
:cat:  100% Linux and, previously, Unix. Co-founder of the ELRepo Project.

Please consider making a donation to support the running of this site.

KingJ

  • Member
  • **
  • Posts: 44
  • ¯\_(ツ)_/¯
    • Miscellaneous Knowledge
Re: VMG1312-B10A LAN Routing
« Reply #5 on: April 30, 2018, 12:51:49 PM »

My apologies for not replying sooner! I rebooted my modem earlier and needed to look up the commands again...

I've just tried running the iptables commands on the Busybox shell and then dropping back to the Zyxel CLI and running save, but unfortunately it didn't survive a reboot  :no:. No matter though, thanks for the suggestion - it was worth a try and at least I do have a solution even if it means needing to run a few CLI commands every few months!
Logged

burakkucat

  • Respected
  • Senior Kitizen
  • *
  • Posts: 38300
  • Over the Rainbow Bridge
    • The ELRepo Project
Re: VMG1312-B10A LAN Routing
« Reply #6 on: April 30, 2018, 04:53:52 PM »

I had completely forgotten about this thread!

There is just one other variation on the theme and that is to configure the rules from the Busybox shell and then to save the current configuration to ROM-D.
Logged
:cat:  100% Linux and, previously, Unix. Co-founder of the ELRepo Project.

Please consider making a donation to support the running of this site.
 

anything