What's new

[Release] Asuswrt-Merlin 380.68 is available

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

I would like to report BUG regarding "Specified IP and SSH"

I am using Specified IP address field to restrict access from WAN
y4mDAlVhKMTpAfq0ClITx5ZZc8ariZnoi4SzwK8fJkrpC7swCnK_DfA7jumivu3jG1apH48e_R74MXBVptK7oe0PrKW7rurykkgzKmw0BFAZV53BBIkpZqxMfpY3uAVhsQJE8w7OVf0SQnvYFTaFC_1ZJ18cZN0mHp-zJJ9f-Ok1I2gHv_D_x8uZ5peMUWM35uZ_xk14k5iGfBTDh14mn7Aow

however, what is the purpose of SSH if it doesn't do something ?

if you select LAN Only it is closed to Specific IPs, that are allowed and coming from WAN
y4m4Yt9DMIq6NU1yrfoi6zFZZn90WOguNfgoFLJ9ATweyGZSem46ZncHkwVaVweodVUDbuP0WV4YVgTB3ad8cJXC369iJHSpnz7J8iTe9URTEYkDme_PiD4T0RSnyBCqDSfeMG2xEoikgaI37XFbY3c-P94jTTxvB8HukwWOvA63LD1M9DnkyeSwo99PAnYCp5dq2my3oyZVEBDbYlfdHZbjg


if you select LAN + WAN it is open to all IP Addresses, not only Specific IPs listed above
y4mvehYujfU_WhRKBCsR2FNkf9nVfLr2o4o8lE_NN2oKFL-HTBu6bRSn11ojXnrbqmVdSHBVvSxU1kTCtHwph4R4KWuXciM959OR25H0izizRcFIq4OQw2XXc8IMk3jG5_FxoGMgKCHBVZomjjx5PAOYef3Sg5TJM4p7YxYftKirFnJedZIr8QaeIilEZbDyODYuUiR6Jn1rdmINF1Yvr-_Uw



the question is, how to allow only specific IPs to access SSH on Asus Merlin from WAN ?

I have tried this, it doesn't work:

iptables -I INPUT -i eth0 -s X.X.X.X -p tcp --dport 22 -j ACCEPT


regarding this topic, is there an option to use HTTP&HTTPS access, but to allow ONLY HTTPS from WAN - Internet (allow HTTPS traffic on port 8443, deny HTTP traffic on port 8080) and allow HTTPS WAN access only for specific IP addresses

I guess some iptables magic is required there, and I guess I am not the only one looking how to get this done.
 
Last edited:
I would like to report BUG regarding "Specified IP and SSH"

I am using Specified IP address field to restrict access from WAN
y4mDAlVhKMTpAfq0ClITx5ZZc8ariZnoi4SzwK8fJkrpC7swCnK_DfA7jumivu3jG1apH48e_R74MXBVptK7oe0PrKW7rurykkgzKmw0BFAZV53BBIkpZqxMfpY3uAVhsQJE8w7OVf0SQnvYFTaFC_1ZJ18cZN0mHp-zJJ9f-Ok1I2gHv_D_x8uZ5peMUWM35uZ_xk14k5iGfBTDh14mn7Aow

however, what is the purpose of SSH if it doesn't do something ?

if you select LAN Only it is closed to Specific IPs, that are allowed and coming from WAN
y4m4Yt9DMIq6NU1yrfoi6zFZZn90WOguNfgoFLJ9ATweyGZSem46ZncHkwVaVweodVUDbuP0WV4YVgTB3ad8cJXC369iJHSpnz7J8iTe9URTEYkDme_PiD4T0RSnyBCqDSfeMG2xEoikgaI37XFbY3c-P94jTTxvB8HukwWOvA63LD1M9DnkyeSwo99PAnYCp5dq2my3oyZVEBDbYlfdHZbjg


if you select LAN + WAN it is open to all IP Addresses, not only Specific IPs listed above
y4mvehYujfU_WhRKBCsR2FNkf9nVfLr2o4o8lE_NN2oKFL-HTBu6bRSn11ojXnrbqmVdSHBVvSxU1kTCtHwph4R4KWuXciM959OR25H0izizRcFIq4OQw2XXc8IMk3jG5_FxoGMgKCHBVZomjjx5PAOYef3Sg5TJM4p7YxYftKirFnJedZIr8QaeIilEZbDyODYuUiR6Jn1rdmINF1Yvr-_Uw



the question is, how to allow only specific IPs to access SSH on Asus Merlin from WAN ?

I have tried this, it doesn't work:

iptables -I INPUT -i eth0 -s X.X.X.X -p tcp --dport 22 -j ACCEPT


regarding this topic, is there an option to use HTTP&HTTPS access, but to allow ONLY HTTPS from WAN - Internet (allow HTTPS traffic on port 8443, deny HTTP traffic on port 8080) and allow HTTPS WAN access only for specific IP addresses

I guess some iptables magic is required there, and I guess I am not the only one looking how to get this done.
Restrict to LAN only, and use VPN to access from WAN -- much safer. Do not leave web access open from WAN, period -- again use VPN tunnel.
 
Working very well on AC87U, but in bridge mode sending to an AC66U it is slower than ever before. Previous FW no lag. Any ideas what the cause is Merlin?
I've just made a reset to default and manual config.

You rock as always!!!
 
Right after I did a cold reboot the 1900P crashes when using BitTorrent again.

I bet if I switch out the hardware for another new 1900p fMy 2rom best-buy it will do the same thing. I may try testing out if the factory fw does this first. But anyways I'm seeing more reports of others having the same issue so somethings off.

Here's the log output;

Code:
Jul 31 20:00:12 kernel: _ Reboot message ... _______________________________________________________
Jul 31 20:00:12 kernel: <1>Unable to handle kernel NULL pointer derefere�U�: 17 [#1] PREEMPT SMP
Jul 31 20:00:12 kernel: <0>last sysfs file: /sys/devices/pci0000:00/0000:00:0c.0/usb1/1-1/1-1:1.0/IDP     bf74d000     529190
Jul 31 20:00:12 kernel: <4>module:odule:  nf_nat_ftp     bf740000     11 bf739000     4909
Jul 31 20:00:12 kernel: <4>module:  ip6table_mangle     bf733000     934
Jul 31 20:00:12 kernel: <4>mo 30901
Jul 31 20:00:12 kernel: <4>module:  cdc_mbim     bf6f6a2000     10321
Jul 31 20:00:12 kernel: <4>module:  ohci_e:  emf     bf021000     15225
Jul 31 20:00:12 kernel: <4>moduules linked in: ct_notification nntrack_proto_gre wl(P) igs(P) e0: c786e12c  r9 : 00000003  r8 : c786e12c
Jul 31 20:00:12 kernel: <4>r7 : 00000006  r6 :00 bf7bce54
Jul 31 20:00:12 kernel: <0>1840: c96f1850 bf
Jul 31 20:00:12 kernel: <0>18e0: 00000000 cec65b60 00000006
Jul 31 20:00:12 kernel: <0>1960: bf7ca148 c96f0000 ef0 c96e7900 a8fe0726
Jul 31 20:00:12 kernel: <0>1980: 100000 59c23990 c02ce870
Jul 31 20:00:12 kernel: <0>19c0: 7d852326 bf7e51a4 c96f1ba0 c00300000000
Jul 31 20:00:12 kernel: <0>19e0: 00000000 000000 bf7eda6c
Jul 31 20:00:12 kernel: <0>1a20: c96f0000 d2fa40: c96f1a68 000000dd 00000000 000001ab 000015b4 d2f08868 00000a c041de30 cc5f9380 cf84b000 c04 00000000 bf0166bc c037bab0  ^Caba0 cec65d20 000000bb cec9bc00
Jul 31 20:00:12 kernel: c9bc5c cf9f9c60 0b98610a c037bdccc5f9380 cf84f000 c041decc cf9f9f00
Jul 31 20:00:12 kernel: <0>1b40: c786d11e ce046000 c02ea85c c037bab0 00000000 00000480 cde7ff00 c9877f94 c02ea470 c0283a9c c037c30c
Jul 31 20:00:12 kernel: <0>1cc0: c0283a9e788 c0223c88 00000000 c96f1d1c 0 cf84b000 fffffe71
Jul 31 20:00:12 kernel: <0>1d40: 000000 cf84b000 00000000
Jul 31 20:00:12 kernel: <0>1d80: 00 cc5f9000 c037c30c c0283a9c 000e0c c0283a9c 80000000 00000000 c96f1e0c c786e11e 0000000a
Jul 31 20:00:12 kernel: <0>1e0000 c041df3c
Jul 31 20:00:12 kernel: <0>1e60: c96f0000 04b4 00000000 00000001 c96f1ecc c1651c 00000040 0000012c c82164a09611 c037b1e4 cf84b4ac c96f0000 000
Jul 31 20:00:12 kernel: 03c2040 c0411f20 00000000 c03871
Jul 31 20:00:12 kernel: ____________________________________________________________________________

Code:
Jul 31 20:00:12 kernel: _ Reboot message ... _______________________________________________________
Jul 31 20:00:12 kernel: <1>Unable to handle kernel NULL pointer derefere�U�s: 17 [#1] PREEMPT SMP
Jul 31 20:00:12 kernel: <0>last s190
Jul 31 20:00:12 kernel: <4>module:  nls_cp437     bf72c000     934
Jul 31 20:00:12 kernel: <4>module:  xt_length     0     31565
Jul 31 20:00:12 kernel: <4>module:  xhci_hcd     bf678000     51124
Jul 31 20:00:12 kernel: <4>module:  thfsponntrack_proto_gre     bf43e000     32 61445
Jul 31 20:00:12 kernel: <4>module:  ctf     bf000000n cdc_wdm cdc_ncm rndis_host cdc0
Jul 31 20:00:12 kernel: <0>18c0: 00000000 00000000 00000000 00000000 00000000 0000000000000000 00000000 00000000 0000000 00000000 00000000 00000000 00: 00000000 00000000 00000000 000 cf9e1200
Jul 31 20:00:12 kernel: <0>19c0: c8225f80 0000c0059cd4 00000000 cf9e1200
Jul 31 20:00:12 kernel: <0>19e0: c8225f80 c8225f80 cf9e1200 c 00000003 c003bf80 a0000193 c03e4604 c8225240
Jul 31 20:00:12 kernel: <0>1a40: 40000113 cf815060 cf8fdce8 cf8fdbb4 c7e8f11a bf017fc4 cdcdd000 c0074378
Jul 31 20:00:12 kernel: <8 c03896c8 c80ff1e0 00000110 ^Ccd
Jul 31 20:00:12 kernel: <0>1ae0: c02ea470 c037bab0 00 a0fd8742 cec3aa80 00000000 0000528 000004f8 c0379b30
Jul 31 20:00:12 kernel: <0>1b40: 00000500 00000011 feef0110 cec3a3000 c03dc4dc c022ca58 00000001 0 cf96bea0 bf017dac cf8fd800
Jul 31 20:00:12 kernel: <0>1d44 a8fe0726
Jul 31 20:00:12 kernel: <0>1c20: 16f0dfe2 41a80 00000000 00000000 cf8fd800
Jul 31 20:00:12 kernel: 4
Jul 31 20:00:12 kernel: <0>1cc0: c0283a9c fffffe71 16f0 00000000 ce0b89a0 00000000 000 00000000 cf8fd800 c0283a9c c02ae828 c0283a9c c7a6811e
Jul 31 20:00:12 kernel: <0>1d60: c1dd4 c0283a9c 80000000 00000000283a9c 80000000 00000000 c7a6811e ce0b89a0 c041df1c c03dfb7c
Jul 31 20:00:12 kernel: <0>0 00000000 ce0b89a0 c041df6c c8203c0000 00000000 c03c0000 0000001f 00000000 c00678ec 000000b3 c
Jul 31 20:00:12 kernel: ____________________________________________________________________________



Jul 31 20:00:12 kernel: _ Reboot message ... _______________________________________________________
Jul 31 20:00:12 kernel: <1>Unable to handle kernel NULL pointer derefere�U�at virtual address 00000001
Jul 31 20:00:12 kernel: <1>p
Jul 31 20:00:12 kernel: ____________________________________________________________________________

@Merlin does posting these log outputs of the crash not help pin point where to check in the fw coding for an issue?


My 2 cents on this, it appears to be related to the netfilter module in the linux kernel or possibly the USB module. Do you have a lot of open connections and/or IP filter rules defined or a USB storage attached? Try reducing the maximum number of connections per torrent/overall in your BT client to say 200 and see if that resolves the issue. If you have IPv6 enabled, try disabling it and see if it makes any difference. Very difficult to debug kernel panics without a full stack trace and possibly reproducing it.
 
@RMerlin
BUG: RT-AC68U: On 5GHz Wireless General page, if you keep Auto channel selection on and uncheck "Auto select channel including band 1 channels", then Apply, the option is not remembered, the box remains checked.
 
This is interesting. Did the upgrade with an AC87U in AP mode, hit some management issues after so factory reset the device, and reconfigured with the previous configuration, bar leaving it in router mode.

2.4 GHz network is fine, 5 GHz network no longer passes traffic properly. Pings get through but not much else - connection to router GUI is fine, onwards to Internet broken.

It's configured with a static WAN IP address in an RFC1918 network, non-NAT, MTU is set as 1492 which matches the ISP, and it's very odd that all works fine on 2.4 GHz but not 5 GHz, I'd have thought they'd both use the same routing plane.
 
yeah it's odd guys I don't know whats actually making my 1900P's reboot when torrenting . As a temp solution I had to switch back to factory for now, so ppl in the house don't freak out cuz they keep losing connection
 
Last edited by a moderator:
My 2 cents on this, it appears to be related to the netfilter module in the linux kernel or possibly the USB module. Do you have a lot of open connections and/or IP filter rules defined or a USB storage attached? Try reducing the maximum number of connections per torrent/overall in your BT client to say 200 and see if that resolves the issue. If you have IPv6 enabled, try disabling it and see if it makes any difference. Very difficult to debug kernel panics without a full stack trace and possibly reproducing it.


I just have a usb with AB-solutions on it running.
I do have IPv6 enabled
i have 100 max connections pre torrent
I switched to qbittorrent but same issue, not like what progy would make a diff.

just odd that the newest asus factory fw has no issue's with torrenting
 
after flashing to the latest version, I seem to have lost the ability to connect to the router's web gui using say 192.168.1.1 for example. I thought it was just a browser issue, so I tried it in explorer, chrome and then on my AP what was also flashed with the _2 version...I get the same result....anyone else?

The connection just fails, I have other hardware with web based GUI's in the 192.168.x.x domain on my network and can connect to all of them, just not my router or AP....
 
Last edited:
after flashing to the latest version, I seem to have lost the ability to connect to the router's web gui using say 192.168.1.1 for example. I thought it was just a browser issue, so I tried it in explorer, chrome and then on my AP what was also flashed with the _2 version...I get the same result....anyone else?

The connection just fails, I have other hardware with web based GUI's in the 192.168.x.x domain on my network and can connect to all of them, just not my router or AP....

Did you try unplugging the router, remove it from the outlet, let it clear. I would give it a few minutes and see if that helps. If not, try ssh and check to see the http/httpd are listening. Weird issue, if all fails you may have to reset to factory.

Good luck
 
After 9 days of uptime, I have a 93% of memory usage. I've tried to see memory usage per process (with top, it does not show any memory info) but I was unable to do that, I don't know how :(.

cat /proc/meminfo

MemTotal: 515304 kB

MemFree: 36476 kB

Buffers: 2244 kB

Cached: 11704 kB

SwapCached: 0 kB

Active: 22140 kB

Inactive: 9028 kB

Active(anon): 18260 kB

Inactive(anon): 588 kB

Active(file): 3880 kB

Inactive(file): 8440 kB

Unevictable: 0 kB

Mlocked: 0 kB

SwapTotal: 0 kB

SwapFree: 0 kB

Dirty: 0 kB

Writeback: 0 kB

AnonPages: 17228 kB

Mapped: 6920 kB

Shmem: 1628 kB

Slab: 391540 kB

SReclaimable: 864 kB

SUnreclaim: 390676 kB

KernelStack: 752 kB

PageTables: 932 kB

NFS_Unstable: 0 kB

Bounce: 0 kB

WritebackTmp: 0 kB

CommitLimit: 257652 kB

Committed_AS: 32588 kB

VmallocTotal: 1302528 kB

VmallocUsed: 43576 kB

VmallocChunk: 1211288 kB



Free -m

total used free shared buffers cached

Mem: 515304 478744 36560 0 2300 11820

-/+ buffers/cache: 464624 50680

Swap: 0 0 0



I don’t know if it is a normal behaviour but It is weird to me. It is a RT-AC5300
 

Attachments

  • memory.png
    memory.png
    32.5 KB · Views: 464
After 9 days of uptime, I have a 93% of memory usage. I've tried to see memory usage per process (with top, it does not show any memory info) but I was unable to do that, I don't know how :(.

cat /proc/meminfo

MemTotal: 515304 kB

MemFree: 36476 kB

Buffers: 2244 kB

Cached: 11704 kB

SwapCached: 0 kB

Active: 22140 kB

Inactive: 9028 kB

Active(anon): 18260 kB

Inactive(anon): 588 kB

Active(file): 3880 kB

Inactive(file): 8440 kB

Unevictable: 0 kB

Mlocked: 0 kB

SwapTotal: 0 kB

SwapFree: 0 kB

Dirty: 0 kB

Writeback: 0 kB

AnonPages: 17228 kB

Mapped: 6920 kB

Shmem: 1628 kB

Slab: 391540 kB

SReclaimable: 864 kB

SUnreclaim: 390676 kB

KernelStack: 752 kB

PageTables: 932 kB

NFS_Unstable: 0 kB

Bounce: 0 kB

WritebackTmp: 0 kB

CommitLimit: 257652 kB

Committed_AS: 32588 kB

VmallocTotal: 1302528 kB

VmallocUsed: 43576 kB

VmallocChunk: 1211288 kB



Free -m

total used free shared buffers cached

Mem: 515304 478744 36560 0 2300 11820

-/+ buffers/cache: 464624 50680

Swap: 0 0 0



I don’t know if it is a normal behaviour but It is weird to me. It is a RT-AC5300

RT-Ac5300
I have seen tthe same in all versions of Merlin 380-68. That's my initial version. I believe at one time the router hung and needed power restart. As I need this router to run unattended, I have set it to reboot after 7 days. Trialing that now. Otherwise RAM consumption increases daily. I have tried factory reset and restore settings using excellent nvram tool. Still RAM increases. I have about 50 clients, 2/3 are wifi with 5 on the 5GHZ bands and the rest 2.4Ghz.
Wondering if a garbage collection will kick in after 90% or so or I'll just run out of ram and die?
cheers,
 
Last edited:
I just have a usb with AB-solutions on it running.
I do have IPv6 enabled
i have 100 max connections pre torrent
I switched to qbittorrent but same issue, not like what progy would make a diff.

just odd that the newest asus factory fw has no issue's with torrenting


I had the same issue. I have file/torrentserver and it would kill my RT-AC5300 running 380.68_2. I'm not entirely sure what caused the issues, I recently enabled both Adaptive QoS (fq-codel, streaming preset) and installed AB-Solution and decided to disable QoS and remove AB-solutions and then it worked again. So not entirely sure if it was AB-Solutions or Adaptive QoS doing it.
 
Hi all,

hoping for some help here. I'm running the latest Merlin firmware for AC 3100, 380.68_2. Unfortunately my speeds (wireless especially) is super slow. My ISP Modem is configured in bridge mode so the ASUS has a public IP. How can I fix it?

Thanks!
 
Hi all,

hoping for some help here. I'm running the latest Merlin firmware for AC 3100, 380.68_2. Unfortunately my speeds (wireless especially) is super slow. My ISP Modem is configured in bridge mode so the ASUS has a public IP. How can I fix it?

Thanks!

I am also seeing the same thing. WIFI is slowwww
 
Make sure you follow the instructions posted in the Changelog a few version ago: disable Airtime Fairness.
 
I'm getting similar reboot messages (previously reported on here) with my RT-AC68U on 380.68_2 which I've never experienced on earlier versions. At the moment I have regressed to 380.68 to try to isolate where it was introduced.

The interesting thing is that I don't believe I am using torrents on my network. I can't be 100% certain as I have teenagers in the house, but they are currently insisting that they don't use any.

Looking for commonality between those suffering the issue, my connection is PPPoE and I use Adaptive QoS, fq_codel and FreshJRs QoS script with the various Trend Micro AiProtections

I reverted to 380.68 and have had a stable router for over 5 days using the same configuration. I can’t see anything remotely suspicious in the change log for _2 but it seems to be where my problems have started.


Sent from my iPhone using Tapatalk
 

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top