ASUS RT-AX86U Pro - WAN NAT is broken for non-main VLANs!

[SDF07S]

I was about to start liking this router until I noticed a major flaw. LAN-to-WAN NAT firewall rules do not apply to any wired VLAN's other than the main one. If you look at IPTables via SSH, you can see in FORWARDING chain that LAN-to-WAN port blocking only affects main br0 bridge. That's a major issue. Am I missing something? I want to allow only specific outbounds ports for all clients on all networks. Is there no way to do that? ASUS released 3.0.0.6 firmware that allows creation of VLAN's, but didn't include a way to secure them over WAN.

I am told ASUS Merlin firmware allows for creation of VLAN's via CLI. How difficult is that? I only need a couple of basic untagged wired VLAN's, but want to make sure rules for them apply on boot. I don't use WiFi.

 

[lumia]

I have the same one since it first came out (350-400 euros)
very expensive equipment with mediocre software.
a lot of effort by Merlin and the other plugin developers to improve it.
unfortunately pro doesn't mean professional...but a little more improved for home use.

 

[NoLight]

I have a couple of these to replace my AC68U once I get some time to set them up. Was planning on doing this, so glad to have found this flaw.

 

[SDF07S]

Its a really bad flaw and VPN Fusion is a total mess. For example, you can't put 2 device on the same VLAN and have VPN Fusion enabled for just one of those devices, even though VPN Fuson let's you select device. Don't trust that section of GUI. Always check IPTables via SSH and look at WGCF chain. For experimental purposes, you can see that disconnecting active VPN profile wipes that chain entirely and all "secured" VLAN's/devices lose their tunnels, but continue working (out-of-tunnel) after a short interruption. There is no killswitch. All custom IPTables are wiped on reboot on stock firmware.

Merlin received new ETA from ASUS for 3.0.0.6 firmwre support on RT-AX86U Pro. I hope to enjoy it by Chrtismas. Until then I am not going to reboot this router while it is still connected to the Internet.

 

[bennor]

Merlin received new ETA from ASUS for 3.0.0.6 firmwre support on RT-AX86U Pro.

Where has RMerlin indicated receiving an ETA specifically on the 3006.102.x GPL's for the RT-AX86U Pro?

 

[SDF07S]

I may have been wrong, but I thought this was a response and included WiFi 6/6E router support - https://www.snbforums.com/threads/a...vailable-for-wifi-7-devices.92745/post-935558 . I'll have to get WiFi 7 model if there is no Merlin firmware for RT-AX86U Pro in a month or two.

 

[bennor]

I may have been wrong, but I thought this was a response and included WiFi 6/6E router support - https://www.snbforums.com/threads/a...vailable-for-wifi-7-devices.92745/post-935558 . I'll have to get WiFi 7 model if there is no Merlin firmware for RT-AX86U Pro in a month or two.

Right, he just says he has an ETA, but not for which models. By replying in the WiFi 7 devices thread one can assume he is referring to WiFi 7 devices primarily. As RMerlin indicated in his reply you linked to, Asus has already missed several past ETA's.