How to disable discard service on port 9 - Merlin AsusWRT 386.7.2 on RT-AX86U

[vStache]

I recently discovered that discard service is running on port 9 on Merlin AsusWRT when I tried to setup a PREROUTING rule for port 9 to enable WOL across subnets. On Linux, discard can be disabled by commenting out lines with discard service in /etc/inetd/inetd.conf which does not exist on AsusWRT. AsusWRT doesn’t seem to be running inetd service.

As late as a few weeks back this iptables PREROUTING rule to direct WOL across subnets was working.

I remember doing the following changes to the router in the recent weeks:

Upgrade to Merlin 388.1 and downgrade back to 386.7.2 due to wifi connectivity issues
Upgrade entware to the latest version (have asterisk and nginx services running) using opkg (these services are running on the router for over a year now)
Uninstall smb client from entware using opkg - never used it
Uninstall conmon and vnStat in amtm

I have Skynet firewall, spdmerlin and scmerlin installed and active. But these did no change in a while - many months.

Any help will be greatly appreciated.

 

[ColinTaylor]

SSH into the router and run the following command to see what service is running on that port:

netstat -nltup | grep ":9 "

 

[vStache]

SSH into the router and run the following command to see what service is running on that port:

netstat -nltup | grep ":9 "

Nothing seems to be running at port 9.

The following shows in place of PREROUTING rule and WOL packets do not reach the subnet.

DNAT udp -- any any anywhere 192.168.-.-/25 udp dpt:discard to:192.168.-.-

in response to the command
iptables -vL -t nat

The rule set is

PREROUTING -d 192.168.-.-/25 -p udp -m udp --dport 9 -j DNAT --to-destination 192.168.-.-

in response to
iptables -S PREROUTING-t nat

I changed the actual IP addresses.

 

[ColinTaylor]

Sorry, I don't understand what you're saying. Did you create this PREROUTING rule?

There's no need you hide 192.168.x.x addresses as they're not public. You're just making it harder to diagnose the problem.

 

[vStache]

Sorry, I don't understand what you're saying. Did you create this PREROUTING rule?

There's no need you hide 192.168.x.x addresses as they're not public. You're just making it harder to diagnose the problem.

Thanks for the prompt responses.

Yes. I added the PREROUTING rule.

it shows up as

PREROUTING -d 192.168.110.0/28 -p udp -m udp --dport 9 -j DNAT --to-destination 192.168.110.5

when i use the command

iptables -S PREROUTING -t nat

It shows up as

DNAT udp -- any any anywhere 192.168.110.0/28 udp dpt:discard to:192.168.110.5

when I use the command

iptables -vL -t nat

I kind of see that the PREROUTING may not be needed as it is to the same subnet. But it did not work without that rule. Now it doesn’t work even with the rule.

When it was working dpt:9 was displayed in place of dpt:discard. That’s why I thought that the discard service is causing the issue.

WOL works within the same subnet.

Note: I am sending the WOL command from the subnet 192.168.100.0/25 to the broadcast address 192.168.110.15 on port 9.

 

[ColinTaylor]

Ignore the "discard" text. That just the default translation for "port 9".

I don't understand your subnets. What is 192.168.100.0/25?

Why is your LAN subnet so small (/28)?

 

[vStache]

Ignore the "discard" text. That just the default translation for "port 9".

I don't understand your subnets. What is 192.168.100.0/25?

Why is your LAN subnet so small (/28)?

192.168.100.0/25 (br0) is the main LAN where most of our devices are.

I separated one of the LAN ports on RT-AX86u and created another subnet 192.168.110.0/28 (br10) which is used for the home theater. These devices are isolated from br0 because there are some cloud controlled devices in the theater. There are only 4 or 5 devices on it. WOL is to switch the theater computer on.

Hope that helps.

 

[ColinTaylor]

I separated one of the LAN ports on RT-AX86u and created another subnet 192.168.110.0/28 (br10) ...

Ah, OK. I am unfamiliar with this kind of custom setup, but if it was working before I can't see why it would suddenly stop. Hopefully someone else will have some ideas.

 

[vStache]

Ah, OK. I am unfamiliar with this kind of custom setup, but if it was working before I can't see why it would suddenly stop. Hopefully someone else will some ideas.

Now it works. No idea why it stopped and why it started again.

it didn’t work for the last couple of days.