Tutor
•
5 Messages
Residential gateway firewall preventing internal communication
Hi all,
My Pace 5268AC residential gateway seems to be blocking all outbound internal traffic from my laptop on WiFi to other internal devices on my network for some unknown reason. I can't ping or access my home theater receiver, other computers, my NAS or anything else yet can get online fine from this laptop. Also other wireless devices connected to the same Pace unit can reach other networked devices just fine. The laptop has it's firewall disabled for testing and when I look in the logs of the residential gateway I see entries from it's source IP of .214 to other devices showing it is blocked.
| notice | May 1 16:20:00 | IN=br0 MAC=e0:22:03:9a:85:fd src=192.168.1.214 DST=192.168.1.134 LEN=106 TTL=127 PROTO=UDP DPT=161 Drop traffic to 192.168.0.0/16 |
| notice | May 1 16:21:57 | IN=br0 MAC=e0:22:03:9a:85:fd src=192.168.1.214 DST=192.168.1.216 LEN=52 TTL=127 PROTO=TCP DPT=8009 Drop traffic to 192.168.0.0/16 |
I tried disabling whatever firewall settings I could on the RG and even did a hard reset. Not sure why it's acting like this.
Any suggestions are greatly appreciated.
Thanks!
--Al
lem3
Guru
•
497 Messages
6 years ago
If I understand what you are attempting to do... you can't do that.
The 5268AC does not support "loopback" connections. It will not respond to a WAN request which originates from a device on the internal network.
0
0
skyace888
Tutor
•
5 Messages
6 years ago
0
jdfagan
New Member
•
3 Messages
3 years ago
I have exact same problem. Any resolution or have you learned anything further?
In my case, .74 is my Google WiFi mesh device:
IN=br0 MAC=dc:7f:a4:09:1e:61 SRC=192.168.1.74 DST=192.168.0.0 LEN=44 TTL=126 PROTO=TCP DPT=41794 Drop traffic to 192.168.0.0/16
(edited)
0
0
JefferMC
ACE - Expert
•
32.4K Messages
3 years ago
1) There should be no need to route traffic from 192.168.1.74 to 192.168.1.*, as that should all be on the same logical Ethernet and be switched at layer 2, rather than routed at layer 3. I'm guessing that's why there's a drop rule on traffic to 192.168.*.*
2) Sending a packet to 192.168.0.0 seems odd. Do you have such an address? Do you have your network configured with a netmask of 255.255.0.0?
3) Can you briefly/loosely diagram your network indicating where the traffic at issue is coming from and going to?
0
0
roadapathy
New Member
•
1 Message
7 months ago
I think I understand what skyace888 is talking about and I might have the solution but I can't be certain:
The AT&T router has 4 ethernet ports. If you have a file share, or any kind of PC on port 1 then you -should- be able to access it from PC2 on port 4, right? Somehow the router is blocking this usual traffic. So the router LAN is not acting like a switch but instead of firewall that's blocking everything between the LAN. How do we fix that?
Ok, it doesn't let me attach the image on here so (Edited per community guidelines), I'll have to explain it:
Under "Packet Filter" of the router configuration page you must ENABLE a new filter. We want to allow LAN (ingress) to PASS to LAN (egress) and check the ENABLE box. This will be the top rule so move it to the top. I hope you can decipher what I'm talking about. It's more difficult without being able to add images.
Packet Filter Rules
(edited)
0
0
JefferMC
ACE - Expert
•
32.4K Messages
7 months ago
As I said above, local traffic on a private network doesn't need to be routed, it can be switched. A device that thinks it needs to be routed and directs it to the default Gateway is misconfigured. The router knows this and is configured to drop this traffic.
The OP was 6 years ago. The most recent reply before yours was over 2 years ago. This is a dead horse that doesn't deserve any more bludgeoning.
0
0