Unable to receive traffic from WAN

Technical Support for Routers
1

On my v2 Mango, I am trying to run rsyslog and accept syslog traffic from the WAN on port 514.

I’ve tried to open port 514 three ways:

  • On the gl-iNet UI using “Open Ports on Router” on the Firewall tab
  • On the gl-iNet UI to set a forwarding rule using “Forward Ports” on the Firewall tab
  • In Luci as a firewall rule to allow traffic to “this device” on UDP port 514.

To test, I ran netcat to listen on UDP port 514. I can see any syslog traffic originating in the Mango and sent from the LAN. I see nothing when sent the WAN address from the WAN side.

I also ran tcpdump on the Mango and DO see the incoming UDP requests from both the LAN and WAN, but nothing shows on the netcat command. This is the exact behavior when actually running rsyslog and looking at the log files. (Just faster/easier to use netcat.)

Is there some special way to configure the Mango to accept incoming traffic on the WAN port for a UDP listener?

2

Can you explain what you want to achieve? You want to push log from mini router to remote server or you have an internal log server and want to receive logs ?

3

Your second option is closer. I want to receive syslog messages over the WAN port and log them locally on the Mango.

This is a double router situation.

Router 1 is the ISP router (LAN network: 192.168.252.0/24). It is publishing syslog messages. I am interested in capturing the published ISP connection messages in a log.

Router 2 is a Mango. Its WAN port is connected to a LAN port on the ISP router with static IP address 192.168.252.210 which is the ISP router’s syslog destination. Using the standard syslog UDP port 514. The Mango’s LAN network is 192.168.251.0/24 and the Mango is 192.168.251.1.

I am running rsyslog daemon on the Mango and recording syslog traffic to an attached USB device.

I opened port 514 on the Mango to allow traffic in using the gl-iNet UI.

Screen Shot 2021-08-18 at 9.24.51 AM
Screen Shot 2021-08-18 at 9.24.51 AM1290×478 39.2 KB

Everything is set up. Rsyslog captures and records all the Mango messages. If I use netcat to send a message to the Mango router from a Mango LAN port, it is recorded. If I send a message from an ISP LAN port to the Mango’s WAN address, it is NOT recorded. I have verified that the messages are NOT received by using a netcat listener instead of rsyslog.

Rsyslog, by default listens on all interfaces. I tried using netcat, specifying the IP bind address for the Mango’s WAN port, but no difference.

I also ran tcpdump on the Mango and it does show receipt of the message on the WAN port, but I cannot tell if it’s getting through the firewall.

Attached is an IPTABLES dump and a copy of the UCI configuration. One particular section:
glfw.globals=globals
glfw.globals.enabled=‘1’
glfw.@opening[0]=opening
glfw.@opening[0].name=‘syslog’
glfw.@opening[0].port=‘514’
glfw.@opening[0].proto=‘UDP’
glfw.@opening[0].status=‘Enabled’
suggests that port 514 is open into the Mango.

Just looks like traffic isn’t getting into the Mango.

BTW… I’m also running an OpenVPN server on the Mango (hence the extra interfaces) with a port forwarding rule on the ISP router to forward its traffic to the Mango (same IP address as syslog) and that is working just fine.

Just trying to figure out what is happening here. Or what the next steps in troubleshooting should be.

Thanks

Club Mango Info.txt.zip (8.7 KB)

4

OK… did the thing when nothing else works.

Did a hard reset and reconfigured everything.

Now I’m receiving the traffic from the WAN port.

Let’s close this out. Something somewhere went “blip” and it’s gone noew.

Thanks to any who spent any time on this report.

1 Like