AX53 routing/firewall bug (AX3000)

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

AX53 routing/firewall bug (AX3000)

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
AX53 routing/firewall bug (AX3000)
AX53 routing/firewall bug (AX3000)
2024-05-15 12:48:42 - last edited 2024-05-16 02:16:09
Model: Archer AX53  
Hardware Version: V1
Firmware Version: 1.2.2 Build 20230627 rel.39033(4555)

Hi,

 

I have found a small bug in the AX3000 router. I have a internal network (with a different IP space than the router) under the LAN of the router. There is also a different router between this network and the TP-Link router. So something like this:

 

PC (10.10.10.5) --------- (10.10.10.1) ROUTER (192.168.0.100) -------------- (192.168.0.1) AX53 ROUTER (DHCP) ------------ INTERNET

 

After adding a static route to this 10.10.10.0/24 Lan to the AX router, I'm able to ping the AX53 router from the PC, BUT by default I can't ping or connect to the "outside world" from the PC.

I can make it work if:

a) I maintain the same ping command open (ping -t in Windows) and...

b) Switch the "Respond to pings from WAN" on or off.

 

Switching that setting seems to flush the conntrack table (according to the log) and the pings go throught temporaly. If I interrupt the ping and start it again it doesn't work until I switch again the "Respond to pings from WAN" setting.

I have tried to set the SPI Firewall off without results.

I'm sure this is not a common set up for this kind of router but I think it is clearly a bug nonetheless.

 

It would be nice to get this solved in a firmware update. We own 20 of these devices :)

  0      
  0      
#1
Options
2 Reply
Re:AX53 routing/firewall bug (AX3000)
2024-05-16 07:59:10

  @cfinnberg 

 

Your topology is simply a double NAT situation, which is not uncommon.  Connecting the PC to the internet should work fine without any static routes or changing the “Respond to Pings from WAN” setting.  The SPI firewall only affects incoming connections that are not associated with an established connection.  That being said, several questions come to mind:


1. Why do you need a second router?
2. Why not assign the 10.10.10.0/24 LAN to the AX router?

 

  0  
  0  
#2
Options
Re:AX53 routing/firewall bug (AX3000)
2024-05-16 08:39:06

  @jra11500 Thanks for your answer.

 

In this case is not a double NAT. That's why I'm adding the route to the AX53. The internal router does not do NAT.

 

But you are probably right that there are some valid questions... I tried to simplify a more complex situation to the minimal setup to see the error. The internal network is composed of several subnets and the internal router handles them. The AX53 is only used for the Internet connection.

 

That said, without arguing is this setup better or worse, it is technically a valid one and the AX53 should behave correctly... and it doesn't.

  0  
  0  
#3
Options