dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
1815

Wapcaplet
join:2005-03-31
Pasadena, CA

Wapcaplet

Member

[trueSTREAM] 5031NV forgets DMZplus setting & reverts to default firewall

I've discovered an issue with the Pace 5031NV's DMZplus firewall setting not sticking, and it will revert to the default (locked-down) setting when it shouldn't, either when the 5031NV's web pages are accessed, or even by itself.

I have a Linksys E3000 with Tomato RAF firmware behind my 5031NV, and I've successfully set the firewall to DMZplus mode with the E3000 in the DMZ. The 5031NV's IP address range is set to default (192.168.1.254, with DHCP addresses between .64-.253), and the E3000's LAN address is 192.168.0.1. The E3000 normally grabs the public IP from the 5031NV once DMZplus mode is turned on. I have the wireless disabled on the 5031NV (seems like all my neighbors in my apartment building have a 2.4GHz wireless network, so I use the E3000's 5GHz band). The E3000 issues IP addresses to my network in the 192.168.0.x range.

However, the 5031NV will revert to the default firewall setting (which closes all the ports) when either of two things happen. First, it happens whenever I browse certain web pages of the 5031NV, such as the LAN settings or the firewall settings. I've confirmed this by setting up an incoming SSH connection to my home server, and as soon as I load certain web pages on the 5031NV, the SSH connection is terminated and the firewall reverts to the default.

Second (and this is the weird one), the firewall has reverted to the default setting by itself around 7PM for two nights in a row. Of course, I suspected that the DHCP lease had expired on the E3000's WAN port, but the public IP DHCP lease from the 5031NV is only 10 minutes, and it's renewed the lease like clockwork all day without issue.

Has anyone ever seen these issues with the 5031NV? Is it a known bug? Is there a workaround? This is really annoying, and I can't see myself having to reset the firewall settings every day.
MikeRich88
join:2003-05-04
Houston, TX
ARRIS BGW210-700
ARRIS SB6190

MikeRich88

Member

I have a similar setup (trueSTREAM, 5031NV and an Airport Extreme) for the exact same reason - 2.4 GHz overcrowding. So far, I haven't seen DMZplus switch off on it's own - but it took a good 2-3 minutes and several page reloads just to check the Pace's firewall settings. Other settings pages often take arbitrary amounts of time to load as well - I have noticed the slow config pages on four different models of 2Wire/Pace devices going back to 2007.

I think the gateway's DNS server also suffers from these arbitrary delays, as well as other problems (randomly failing to resolve a valid query which should return a result). Saturday I was at my mom's (she has U-Verse TV+Internet so it's a different model but still 2Wire/Pace gateway) and fixed her "broken Facebook games" by changing her laptop's DNS to 8.8.4.4. 20 minutes ago, I had trouble with random features of Target.com, which were also fixed with exactly the same remedy.

Wapcaplet
join:2005-03-31
Pasadena, CA

Wapcaplet

Member

said by MikeRich88:

I have a similar setup (trueSTREAM, 5031NV and an Airport Extreme) for the exact same reason - 2.4 GHz overcrowding.

Incidentally, is your Airport Extreme set to a different subnet than the 5031NV? I think everything was working in my setup when my entire network was on 192.168.1.x, but after I switched my LAN to 192.168.0.x, the problems started. I need to do more testing on this. You're right about the sluggishness of the 5031NV's interface -- troubleshooting my issue is taking much longer because of it.

I originally shifted my LAN to a different subnet so I could access the 5031NV through the E3000's WAN interface (the Tomato firmware interface has a checkbox that lets you do this, but it requires the gateway/modem be on a different subnet to access it). However, I think I can set a manual entry in the E3000's routing table that would allow access to the 5031NV's web interface even when the 5031NV and E3000/LAN are on the same subnet.

DSL Robot
Premium Member
join:2000-12-23
Carson, CA

DSL Robot to Wapcaplet

Premium Member

to Wapcaplet
I also have a 5031NV and I had an issue where it would not keep my settings for cascaded router after I made changes. I would enter the settings and save. Success was reported, but all fields that I entered were emptied.

I cleared out the device list and that seemed to help. It has been solid ever since (about 6 weeks now). During my initial setup, I had the wrong address for my static IP block, and after troubleshooting, there were several devices in the device list that were no longer valid.

It may not help your situation, but maybe you could try clearing out the device list:

1. Disconnect the router and any other devices from the gateway.
2. Clear the device list in the gateway (from the Home -> Restart your System page).
3. Reboot the gateway (from the Home -> Restart your System page).
4. Configure your setup again.

Wapcaplet
join:2005-03-31
Pasadena, CA

Wapcaplet

Member

said by DSL Robot:

I cleared out the device list and that seemed to help.

Thanks -- I've actually done this repeatedly whenever I need to reset the DMZplus settings. The 5031NV complains that the E3000 is set to a static IP whenever I try to re-establish DMZplus mode after it fails, even though the E3000 is still set to obtain an IP through DHCP, and the 5031NV won't allow DMZplus if it thinks the target is set to a static IP (more annoying "features" of the 5031NV). Clearing the 5031NV's device list and rebooting the E3000 usually fixes this and allows me to set up DMZplus again.
Wapcaplet

Wapcaplet

Member

...and I just had my third night in a row of DMZplus turning itself off around 7PM. Tonight it happened sometime between 6:40 and 6:55. As soon as I noticed the firewall was blocking everything again, I looked at my E3000's status page -- currently the E3000's WAN IP is 192.168.1.66 (one of the internal IP addresses from the 5031NV's DHCP server) instead of the public IP normally assigned to me.

DSL Robot
Premium Member
join:2000-12-23
Carson, CA

DSL Robot to Wapcaplet

Premium Member

to Wapcaplet
I wonder if you could use the Cascaded Router feature. It passes everything through and I did not need to change any firewall settings in the 5031NV.

I posted some info on how I set it up for using static IPs.

»[trueSTREAM] Using static IPs with Pace 5031NV gateway

I think you are using a dynamic IP, so I'm not sure if that would work with Cascaded Router or not. Maybe you already tried that.

Wapcaplet
join:2005-03-31
Pasadena, CA

Wapcaplet

Member

said by DSL Robot:

I think you are using a dynamic IP, so I'm not sure if that would work with Cascaded Router or not. Maybe you already tried that.

Yeah, I have a dynamic IP. I haven't tried the Cascaded Router mode, as I'm not sure what values to use. Every online reference I've seen about the Cascaded Router settings on the 5031NV involve static IPs.

DSL Robot
Premium Member
join:2000-12-23
Carson, CA

DSL Robot

Premium Member

Sorry, I found a web page in an AT&T forum where it states that Cascaded Router and Additional Network are only for use with static IPs.
MikeRich88
join:2003-05-04
Houston, TX

MikeRich88 to Wapcaplet

Member

to Wapcaplet
It's my experience with U-verse that even dynamic IPs are more like almost-static. That is to say, they almost never change. I wonder if you could try to set up the cascaded router feature making that assumption.

Wapcaplet
join:2005-03-31
Pasadena, CA

1 recommendation

Wapcaplet

Member

I figured out the solution. The Tomato firmware allows you to enter the IP address of the gateway in order to access the gateway through the router's WAN port. I used to have Fusion with a Comtrend CT-5072T modem, and the only way to see the modem's stats was to enter its IP address in Tomato's "Route Modem IP" field. So, of course, I entered the 5031NV's IP address (192.168.1.254) in the same field once my trueSTREAM service was up and running.

Turns out that was the problem. As soon as I left the "Route Modem IP" field blank, the DMZplus settings stuck, and everything has been working as it should for the past week. Unlike the CT-5072T, the 5031NV doesn't need an entry in the "Route Modem IP" field to access the web interface through the router's WAN port.