Cyber Week Deals: Get $800 off the Google Pixel 6 Pro with FREE Google Pixel A Series White Earbuds!
skyace888's profile

Tutor

 • 

5 Messages

Mon, May 1, 2017 8:32 PM

Residential gateway firewall preventing internal communication

Hi all,

 

My Pace 5268AC residential gateway seems to be blocking all outbound internal traffic from my laptop on WiFi to other internal devices on my network for some unknown reason. I can't ping or access my home theater receiver, other computers, my NAS or anything else yet can get online fine from this laptop. Also other wireless devices connected to the same Pace unit can reach other networked devices just fine. The laptop has it's firewall disabled for testing and when I look in the logs of the residential gateway I see entries from it's source IP of .214 to other devices showing it is blocked.

 

noticeMay 1 16:20:00
IN=br0 MAC=e0:22:03:9a:85:fd src=192.168.1.214 DST=192.168.1.134 LEN=106 TTL=127 PROTO=UDP DPT=161 Drop traffic to 192.168.0.0/16

 

noticeMay 1 16:21:57
IN=br0 MAC=e0:22:03:9a:85:fd src=192.168.1.214 DST=192.168.1.216 LEN=52 TTL=127 PROTO=TCP DPT=8009 Drop traffic to 192.168.0.0/16

 

I tried disabling whatever firewall settings I could on the RG and even did a hard reset. Not sure why it's acting like this.

 

Any suggestions are greatly appreciated.

 

Thanks!

 

--Al

lem3

Guru

 • 

480 Messages

5 y ago

If I understand what you are attempting to do... you can't do that. 

 

The 5268AC does not support "loopback" connections.  It will not respond to a WAN request which originates from a device on the internal network.

Tutor

 • 

5 Messages

5 y ago

No I am not looking to do that at all. This is all internal traffic. One LAN system to another. Internal 192.168.1.x to another 192.168.1.x.

New Member

 • 

3 Messages

1 y ago

I have exact same problem. Any resolution or have you learned anything further?

 

In my case, .74 is my Google WiFi mesh device:

 

IN=br0 MAC=dc:7f:a4:09:1e:61 SRC=192.168.1.74 DST=192.168.0.0 LEN=44 TTL=126 PROTO=TCP DPT=41794 Drop traffic to 192.168.0.0/16

 

notice Sep 9 05:39:05
IN=br0 MAC=dc:7f:a4:09:1e:61 SRC=192.168.1.74 DST=192.168.0.0 LEN=44 TTL=126 PROTO=TCP DPT=41794 Drop traffic to 192.168.0.0/16

 

 

(edited)

JefferMC

ACE - Expert

 • 

25.5K Messages

1 y ago

1) There should be no need to route traffic from 192.168.1.74 to 192.168.1.*, as that should all be on the same logical Ethernet and be switched at layer 2, rather than routed at layer 3.  I'm guessing that's why there's a drop rule on traffic to 192.168.*.*

2) Sending a packet to 192.168.0.0 seems odd.  Do you have such an address?  Do you have your network configured with a netmask of 255.255.0.0?

3) Can you briefly/loosely diagram your network indicating where the traffic at issue is coming from and going to?

 

Need help?
New to the AT&T Community? Start by visiting the Community How-To.
New to the AT&T Community?
Visit the Community How-To.