# No access from wan after update

## DaQatz

I recently updated one of my systems, afterward I found that I couldn't access it from outside my network.

It's behind a router with OpenWRT installed.

Ports I tried are forwarded.

If I put another computer in the network on it's ip, the existing forwarding works.

If I change it's a local network ip and, re-foward the ports nothing changes.

I first noticed it attempting to ssh. However after testing all of it's other services http,vnc,etc... it's all the ports not just one service.

iptables is installed, but no rules have been entered.

Lan side access appears to work fine.

Shaking a dead chicken at it, and chanting lullabies in Norwegian had no affect.

Just looking for advice, and other things I can try.

----------

## NeddySeagoon

DaQatz,

No access from just the WAN or from the LAN too ?

What does

```
ifconfig -a
```

 show?

The output of 

```
route -n
```

 might help too

----------

## DaQatz

ifconfig -a

```

bond0     Link encap:Ethernet  HWaddr 00:00:00:00:00:00

          BROADCAST MASTER MULTICAST  MTU:1500  Metric:1

          RX packets:0 errors:0 dropped:0 overruns:0 frame:0

          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:0

          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

eth0      Link encap:Ethernet  HWaddr 00:22:15:b4:00:32

          inet addr:192.168.1.*Censored*  Bcast:192.168.1.255  Mask:255.255.255.0

          inet6 addr: *Censored* Scope:Global

          inet6 addr: *Censored* Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:24834 errors:0 dropped:0 overruns:0 frame:0

          TX packets:27139 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000

          RX bytes:1559187 (1.4 MiB)  TX bytes:1711141 (1.6 MiB)

          Interrupt:41 Base address:0x4000

lo        Link encap:Local Loopback

          inet addr:127.0.0.1  Mask:255.0.0.0

          inet6 addr: ::1/128 Scope:Host

          UP LOOPBACK RUNNING  MTU:16436  Metric:1

          RX packets:4131 errors:0 dropped:0 overruns:0 frame:0

          TX packets:4131 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:0

          RX bytes:179444 (175.2 KiB)  TX bytes:179444 (175.2 KiB)

sit0      Link encap:IPv6-in-IPv4

          NOARP  MTU:1480  Metric:1

          RX packets:0 errors:0 dropped:0 overruns:0 frame:0

          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:0

          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

tunl0     Link encap:IPIP Tunnel  HWaddr

          NOARP  MTU:1480  Metric:1

          RX packets:0 errors:0 dropped:0 overruns:0 frame:0

          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:0

          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

vboxnet0  Link encap:Ethernet  HWaddr 0a:00:27:00:00:00

          BROADCAST MULTICAST  MTU:1500  Metric:1

          RX packets:0 errors:0 dropped:0 overruns:0 frame:0

          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000

          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

```

route -a

```

Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

127.0.0.0       -               255.0.0.0       !     0      -        0 -

192.168.1.0     0.0.0.0         255.255.255.0   U     3      0        0 eth0

```

 *Quote:*   

> No access from just the WAN or from the LAN too ?

 

I can access the system fine from any other system on the lan. It appears to be only incoming connections from the wan that are affected.

----------

## NeddySeagoon

DaQatz,

That all looks in order.

It would be interesting to run tcpdump to see if WAN packets ever reach your system and if their is a response.

You bond0 appears to not be up.  Depending on what you have in /etc/rc.conf that may prevent services like ssh, that depend on networking, from being started.

See the part that says

 */etc/rc.conf wrote:*   

> # Do we allow any started service in the runlevel to satisfy the dependency
> 
> # or do we want all of them regardless of state? For example, if net.eth0
> 
> # and net.eth1 are in the default runlevel then with rc_depend_strict="NO"
> ...

 

You may need 

```
rc_depend_strict="NO"
```

----------

## dtlgc

After an exhaustive upgrade of openrc and baselayout2, this issue is my final milestone...

I had to add a manual start file in /etc/local.d/tmp_eth0.start

which simple contains /etc/init.d/net.eth0 start

and a couple of other items that did not start due to eth0 not being present ie. /etc/init.d/mysql restart

I have tried net.eth0 at both default and boot runleves to no avail....

I see it coming up during boot as the lightblue symlink, but does not have an [ok] .... just blank

any other suggestions?

----------

