GL-SFT1200 wifi not surfable :-(

rolelael · September 30, 2023, 9:33am

Hi, I just got the 1200. Worked fine at my place ( connected it to a deco X50 via an utp , towards the wan port of the GL ) . I got the 2 wifi’s enabled and could surf ok ( via the 192.168.8.x network )

Now I placed it at my daughters student dorm … where there is a captive portal on the network.

Got no login portal at first, then I disabled rebind attack protection , portal showed up and I authenticated… But I cannot surf … If I do a nslookup I get an ip ( example google.com ) . but cannot ping it.

If I go in luci into the diagnostics, I get a reply ( ping ) and also tracert is showing good results. So it seems the router itself is functioning ok, but surfing via the wifi’s is not.

Nothing else modified, default config ( except the rebind attach protection )

Any ideas?

In the systlog there is nothing obvious to see ( I see fwds of dns request etc )

Sat Sep 30 17:20:55 2023 daemon.info dnsmasq[29121]: 50 192.168.8.247/63018 forwarded xxxxxxxxx to 192.168.150.1
Sat Sep 30 17:20:55 2023 daemon.info dnsmasq[29121]: 50 192.168.8.247/63018 reply xxxxxx t is
reply xxxxxxxxxx is 17.57.146.163

rolelael · September 30, 2023, 3:40pm

OK I got it to work met custom cmd in the firewall section

I added
iptables -t mangle -I POSTROUTING -j TTL --ttl-set 65
iptables -t mangle -I PRETROUTING -j TTL --ttl-set 65

I found out that postrouting only didn’t do the trick

Seems that for packets going to the next hop you get 64-1 = 63 . provider checks on TTL in my case it seems …

Any feedback would be welcome

limbot · October 1, 2023, 6:49am

Is is a captive portal or is it an EAP network (requires a username and login)?
If EAP I cdon’t believe the SFT1200 will support EAP networks, you’d need one of the Qualcomm based Gl.Inet units.

rolelael · October 1, 2023, 7:20am

It’s is a EAP network, via wifi

If I connect the router via its wan port to the utp outlet of the wifi ‘AP’ I need to put user and pwd in a captive portal. So it’s both
Anyways its solved bij alterning the iptables. Works smooth

rolelael · October 1, 2023, 7:27am

Drawning

WALL Mounted AP/Roter ( 1 UTP , POE occupied from main network I guess, 3 x UTP ) → CAT5 → GL WAn’s port ( 2 x ssid active )

When conneting a wireless device to the gl router, I got the captive portal for entering user & pwd . But I could not surf any other pages

Diagnostics on luci showed me I coud ping, tracert etc every single website. So it seems the router is ok. Then I start digging and found the TTL issue. So my provider has NAT checking on, so I added ttl 5 to the custom rules et voila… I can now sirf via any wireless device. Credential in portal never asked again (since I guess the main network looks for the MAC whom entered the creds, and thats the GL )