My Telstra Smart Modem Gen 2 ( ARCADYAN) Firewall appears to be blocking internal SMB (port 445) packets between the WiFi and Wired networks.
Gateway is Gen 2 Arcadyan LH1000 Firmware 0.07.05r
I have a new Synology NAS connected to the gateway via Ethernet. There is also a Windows 10 (Pro 1903) laptop connected via ethernet.
These 2 boxes happily connect for SMB access to the NAS.
I have another 2 Wireless laptops (Win 10 as well) but they cannot connect via SMB (SMB1 is disabled on Win10, NAS set for SMB2/3) and port 445 is blocked to the NAS (Windows firewall disabled, port tested via Powershell ' test-netconnection <NAS IP address> -port 445' )
If I connect the non-working laptops via ethernet – SMB and the port test work!
If I disable the Gateway Firewall and stay on the wireless network – SMB and the port test also work.
The Gateway Firewall is normally set to 'Defense Strength' Normal.
It's as if the Gateway firewall is isolating SMB traffic between the Wifi and Wired networks (I've confirmed I'm on the normal 5GHz wireless network, not the guest network).
(The wireless laptops however can happily SMB connect to the wired laptop – it's just the wired Synology NAS they can't connect to via SMB)
Was this helpful?
Coming back to test this further after being away...
If I attempt a SMB connection from a wireless MAC to a wired NAS:
With Gateway Firewall ON at either Normal or Low setting: SMB connection fails.
With Gateway Firewall OFF: SMB connection success
If I then disconnect SMB share, turn Firewall ON and try SMB connection again - it works, but then disconnects after several minutes, and can't be reconnected.
It's as if Firewall initially allows SMB wireless/wired connection, but then over time determines it shouldn't be allowed and drops/blocks the connection.
There's nothing in the normal Gateway log display - hence I'm trying to see the actual Firewall logs to see why it's dropping/blocking the connection.
Anyone figured out how to view the firewall log files?
Have you tried turning off band steering? If you see a 2.4 and 5 network, then steering is off. If you only see the one network for your home (not guest), then steering is on.
Have you tried turning off IPV6?
I had issues with some MAC O/S devices and SMB which was related to Link-local only (TCP/IP).
Also, 445 was used for WannaCry, so there might be some element of security you have already installed but maybe overlooked it running interference.
Thanks for the suggestions.
Same issue with band-steering turned off or on, and same issue with IPV6 turned off or on at the router level.
I'm aware of the WannaCry issues with 445 and SMB1. The Windows machines are using SMB2/3 and the issue goes away on both the Mac and Windows machines if I either:
a) connect them via a wired connection (same network as the NAS) or
b) turn gateway firewall off
It keeps pointing to the Gateway Firewall isolating SMB traffic between wired and wireless networks after a certain time.
I'm hesitant to ring Telstra support to discuss/log this issue, as it's not related to Internet access specifically, so I feel like I'm going to spend lots of time getting nowhere - hence looking for crowd-support for someone who may have figured out how to get the firewall logs.
I just wanted to let you know that I have the same issue. When my laptop is connected via ethernet I can connect to the NAS, but not via WiFi UNLESS I disable the Router's firewall first.
While it is not a solution, my workaround is to re-purpose an old router as an alternative WiFi access point to the network, allowing me WiFi access to the NAS without issue.
I too am reluctant to contact Telstra support.
If enough people contact Telstra support the problem might get fixed in a future firmware update. You will probably get redirected to platinum support but because it is a Telstra equipment fault the fee should be waived. This problem should have been picked up in testing before modem was released but now the only way Telstra will becomes aware off this type of fault is through customers reporting a fault.
I received my Arcadyan LH1000 during the weekend.
I used ftp to transfer files between two linux boxes, one wired, the other wifi. I was impressed by the file transfer jumping from 11MBps to 28MBps but then noticed that after a transfer I lost ftp & ssh access to the box on wifi.
Hours later I realized it was the new Modem. It was doing some sort of internal dos protection. Some time later I had proved that only by switching the firewall off could stop it so I came here and read the two threads on the blocking.
Then I tried something stupid. I disabled the firewall, proved again that everything worked with it off. Then back on with Normal, DoS protection, and Answer Internet ping ticked and a DMZ set up for 10.0.0.9 (I use the old 10 addressing from my previous modem).
NO BLOCKING !!!!
Since then I've isolated it down to two surprising ticks. Here's the process (do both steps please):
1. Turn the firewall off & prove that everything works in that mode
2. Enable the firewall but with DoS protection and Answer Internet ping ticked
That's it - setting DoS protection on seems to cause the firewall between wired and wifi to correctly deal with local traffic.
Hope it works for others.
No. Don't waste your time. This and another experiment failed after a while.
It seems that the only option is to wait for a fix.
Just a little more information.
I have reported this as a fault. My report was that
- there appears to be a (mistaken) rate limiting / dos protection effect between the physical ports & the wifi network on the modem's lan.
- for me the rate limiting cuts in when I run an ftp transfer from a device on phy0 to a device on wifi
- that transfer is fine but after it I can't ping, ssh, or ftp from that physical port to the wifi device
- but if i move my cable to one of the other 3 phy ports I can immediately start again (so its physical port linked (not mac or ip linked))
- it shuts me out on that port for about 5 minutes then it works again.
- the only way to stop this happening seems to be to switch the modem's firewall to disabled but I'm not comfortable doing that for an nbn connection.
If tech support doesn't call me in a few days I'll switch back to the old ugly router because it affects me often enough to be frustrating.
Thanks for these details john_99. We would need a technician to check the modem and line with you. Please let us know if you have not received a call in regards to this. They can also be contacted on 133 933 if you wish to see if this can be resolved now.
Sorry for any frustration caused.
Need help? Check out our Community Wiki or Support Portal || Looking for a new mobile? Order online today || Get help with any Tech at Home with Telstra Platinum || Don't forget to tag answers as Accepted Solutions and give a Like to the member(s) who helped you out.
All moderation actions are supported by the CrowdSupport Community Guidelines
John_99 - thanks heaps for doing the extract diagnosis work.
For kicks I tried the DOS and Answer Internet Ping anyone, and same issue - didn't fix it.
I've been looking for work-arounds, and I've found another device (Raspberry Pi) has issues with SMB, but it works ok if I use NFS to access the NAS. I haven't found an alternative to SMB for the Windows based devices.
Unfortunately I don't have another router to fall back to.
I haven't gone through and logged a call on this - but I have a repeatable scenario which shows it is related to the Arcadyan firewall and it's handling of particular traffic between Ethernet and Wifi internal networks.
For me the use of SMB file shares activates the issue. 'Resolved' by switching off the firewall, or plugging into Ethernet.
Is there a way to bypass the usual help-desk which are mainly focused on helping us restore Internet connectivity - this issue is purely internal networks and related to the Arcadyan internal functions.
From memory this is a know but that will be fixed in a future firmware update. There isn't a team you can directly call to speak to about these issues.
Update to my previous post, this wasn't known issue. I've reported the issue and its been sent off to be tested and evaluated. Once its been confirmed as an issue a fix will be applied in a future firmware update.
Many thanks for taking the time to do that.
Obviously if they need any further tech details re scenarios, I'm happy to assist.
I'm having the same issue - Can't transfer large files from my Laptop to my NAS .
I don't want to turn my firewall off.
So looking at this there are no solutions .
Would it be better to get Telsta to swap out the modem with a Technicolor DJA0231?
I can't say if a Technicolour would help/work.
I'm just hoping Telstra have been able to replicate and working on a fix.
Though we don't get to see much visibility as to what's being worked on or 'known defects'.
Need a hand or want to share your expertise?
Register for CrowdSupport and get involved