Can't ping LAN from DD-WRT router SSH?

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware
Author Message
nospamboz
DD-WRT Novice


Joined: 18 Dec 2007
Posts: 6

PostPosted: Fri Oct 08, 2010 2:07    Post subject: Can't ping LAN from DD-WRT router SSH? Reply with quote
This problem probably has a simple answer. I tried searching the forums, both internally and via Google, but couldn't find anything related. It's probably too simple. I've been using DD-WRT for years (donated both at top level and directly to Eko), so I'm actually embarassed I can't figure this one out myself.

I've got a wrt610n v1 with BS 14929 K2.6_std_nokaid_small. No DHCP, static IP on 10.0.1.x netmask 255.255.255.0 (a legacy from a different router :^), router is 10.0.1.1. Telnet disabled, SSH enabled. One ethernet connection to a linux box with address 10.0.1.100, rest is wifi.

Overall it works fine. From the LAN I can use the WAN internet fine. The router even does proper WAN-to-LAN port forwarding to the linux box. No special iptables/etc on the router.

I can ssh from the linux box to the router just fine. However, from the router shell, if I try to ping the linux box at 10.0.1.100, the command just immediately returns to the prompt without doing anything. If I try to use the dropbear ssh to go back to the linux box, it just hangs until I ctrl-C. Ping and ssh to the WAN works fine, though.

I investigated this issue because I just set up a PPTP server on my router for my iPhone (server 10.0.1.2, client 10.0.1.10). It works great, and my iPhone accesses my WAN internet fine. My iPhone is jailbroken and has OpenSSH, but, like the router itself, pings and SSH to the linux box 10.0.1.100 (and the rest of the LAN) fail. Interestingly, I can ping and ssh from the iPhone to the router itself (10.0.1.1) fine, as well as to the WAN.

So my question is: Why can't I connect from the router (or PPTP client) to the LAN? And why does it fail, when the router does WAN-to-LAN port forwarding fine?

For what it's worth, here's the routing table from the router "route -n" command. Pardon the formatting. WAN address munged. That first route is indeed repeated in the command output.

Destination Gateway Genmask Flags MSS Window irtt Iface
WAN.GW.IP.ADR 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
WAN.GW.IP.ADR 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
10.0.1.0 0.0.0.0 255.255.255.0 U 0 0 0 br0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 WAN.GW.IP.ADR 0.0.0.0 UG 0 0 0 ppp0

It looks fine to me, assuming the br0 device will send things to the LAN. Is that a valid assumption or not?

Thanks for any help provided.

(Edit: Also tested ping/ssh from linux box [10.0.1.100] to PPTP iPhone [10.0.1.10, connected via 3G/EDGE data remotely]. Linux-to-iPhone works, iPhone-to-Linux fails.)
Sponsor
phuzi0n
DD-WRT Guru


Joined: 10 Oct 2006
Posts: 10141

PostPosted: Fri Oct 08, 2010 3:27    Post subject: Reply with quote
Do you get no output at all or does it display something like "PING [IP address] ..."? When it displays that and returns to the shell then it's usually because there's no route, but your routes look fine as long as you're not doing any policy based routing... You might need to hard reset and start over.
_________________
Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
nospamboz
DD-WRT Novice


Joined: 18 Dec 2007
Posts: 6

PostPosted: Fri Oct 08, 2010 4:09    Post subject: Reply with quote
phuzi0n wrote:
Do you get no output at all or does it display something like "PING [IP address] ..."? When it displays that and returns to the shell then it's usually because there's no route, but your routes look fine as long as you're not doing any policy based routing... You might need to hard reset and start over.


Thanks for replying.

On the router, the only ping output is:

PING 10.0.1.100 (10.0.1.100): 56 data bytes

Then back to the prompt, no delays, no warnings, no errors. From what you say, it's as if there's no route to 10.0.1.100, even though I'm ssh'd in from 10.0.1.100.

No special routing anywhere. No iproute2, iptables, firewall, etc. All LAN members can ping/ssh each other, and can ping/ssh the router. Only the router (and router-connected PPTP clients) can't ping/ssh back.

I wonder if it's some kind of NAT problem, with the router confusing the origin of the involved packets with WAN instead of LAN. Maybe it only happens with static IP setups when the router DHCP server isn't running. Maybe I should try that trick of setting up a single IP DHCP "pool" and reserve that IP for a non-existant MAC address, so the DHCP server runs without doing anything.

I've already been through several 30-30-30 resets trying to figure this out. Maybe I could try a different build. However, because it's only an issue for PPTP access, I'll see if I can get the linux box working as a PPTP server instead of the DD-WRT router, as a workaround. If that works, I'll just put this down as a DD-WRT vagary.

Thanks again.
phuzi0n
DD-WRT Guru


Joined: 10 Oct 2006
Posts: 10141

PostPosted: Fri Oct 08, 2010 6:59    Post subject: Reply with quote
Hmm, you didn't do anything to the ARP table either did you? Some people mess with static ARP entries for WOL which can screw things up.

I'm not sure if there's any situation with the other end being firewalled that could make ping exit immediately, normally it would appear to hang and then give you the error count when it terminates. You could check iptables on your server and try making it accept all input/output temporarily.

_________________
Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
nospamboz
DD-WRT Novice


Joined: 18 Dec 2007
Posts: 6

PostPosted: Fri Oct 08, 2010 9:29    Post subject: Reply with quote
phuzi0n wrote:
Hmm, you didn't do anything to the ARP table either did you? Some people mess with static ARP entries for WOL which can screw things up.

I'm not sure if there's any situation with the other end being firewalled that could make ping exit immediately, normally it would appear to hang and then give you the error count when it terminates. You could check iptables on your server and try making it accept all input/output temporarily.


Good idea on the ARP tables, but "arp -a" on the router shows all the LAN connected hosts, which you would expect.

And I'm not using iptables on any host (not even my iPhone :^). When the iPhone is connected on the LAN side via wifi, I can't ping/ssh to it from the router, even though I can from any other LAN host. The problem is on the router, I'm sure.

---

Oh my, I solved the problem! Even though I had the firewall disabled on the router, all the "Block WAN requests" items were checked, though they were greyed out by the web interface. I enabled the firewall long enough to uncheck them, diabled the firewall again, and now everything works, even via PPTP! I assumed that with the firewall disabled, the "Block WAN" items would be disabled as well, but I guess they were still operative at some level. Moreover, they blocked access from the router as well as the WAN.

There has to be a bug in that result somewhere, unless my understanding of where the WAN stops and the LAN starts is awry.

Anyway, thanks for giving me more things to think about. :^)
Bib
DD-WRT Guru


Joined: 07 Jul 2008
Posts: 629
Location: France

PostPosted: Sat Aug 29, 2015 18:27    Post subject: Reply with quote
I allow me to update this thread because it's the one I found goorching "ddwrt can't ping the lan" (so please, no irony Wink ).
I experienced the very same symptom with 14896 which is very close to your 14929.
The culprit is "Filter WAN NAT Redirection" enabled.
In addition of breaking lan icmp, this filter also broke lan udp I used to set the date/time from an internal NTP server.
If I don't post more here one can say re-creating my wol entries didn't broke icmp & udp from lan ip to lan net.

I have now to search how to fix this wan nat redir filter.

Bye guys

_________________
): FoReVeR nEwB Sad
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum