ASUS – DSL-AC88U / DSL-AC3100 Firmwares (beta's) etc. Looks like a new Beta Release for the DSL-AC88U is available, this version has Telnet enabled and improved 2.4GHz wifi (I believe). DSL-AC88U_v9.10.06_build581_debug.w.zip https://www.asuswebstorage.com/navigate/s/604D61534F2541D1B3CE1CC031A697E4Y UK Sentinel In a completely...

[jetspeed]

UK Sentinel wrote:

Does this work. or are you looking to create a singular static route ? Not sure if the DSL-AC88U has this option, but under LAN > DHCP Server is there an option to set DNS and WINS Server setting. this should then configure DNS queries obtained via DHCP to the DNS IP address of your Pi Hole IP Address. Then block port 53 ?

I’ve already have set the DNS server of the router to my Pi Hole, but how do I block port 53?

Share the knowledge

You need to login in order to vote

[UK Sentinel]

I see, so your DNS Services is now using something like DNS server Port 443 and you are looking to blocking port 53 to stop apps etc. chatting via DNS on port 53 ?

IS that correct ? as if so then I think the DSL-AC88U firmware does not allow telnet access, to close port 53 or use Iptables, but I will look into this more later today?

Share the knowledge

In a completely sane world, madness is the only freedom (J.G.Ballard).

You need to login in order to vote

[bwj]

This router/modem (Asus DSL-AC88U) has become a really dissapointing piece of expensive kit to the extent that I might go back to the Homehub.

Can anyone help with appropriate settings for ipv6?

Unlike the previous iteration of the router (AC-68U) this one doesn’t give any options to change the lan prefix length to coordinate with BT as /56 rather than /64

I have it set in native mode and have tried messing around with the other settings (eg Static Ip) to no avail.

Share the knowledge

You need to login in order to vote

[KingfisherUK]

bwj wrote:

Can anyone help with appropriate settings for ipv6? Unlike the previous iteration of the router (AC-68U) this one doesn’t give any options to change the lan prefix length to coordinate with BT as /56 rather than /64 I have it set in native mode and have tried messing around with the other settings (eg Static Ip) to no avail.

 

I fought with IPv6 on this router for months and in the end I gave up – it simply doesn’t work on BT Openreach services, either with the built in modem or an external Openreach one.

Oddly enough, I also have a Billion 8900AX-1600 R2 which has the same chipset and the same IPv6 issues…

Share the knowledge

You need to login in order to vote

[UK Sentinel]

As @KingfisherUK said, IPv6 /56 for UK (BT) usage does not work well, ASUS are fully aware of this issue and hopefully will be fixed in next firmware release (whenever that is)

Share the knowledge

In a completely sane world, madness is the only freedom (J.G.Ballard).

You need to login in order to vote

[UK Sentinel]

@jetspeed – Ok, I believe the following will block all port 53 requests from LAN to WAN, but never tested this on the DSL-AC88U.

Go to Firewall > Network Services Filter to block port 53 TCP and UDP. as Network Services Filter only impacts LAN to WAN traffic and this should create entries in the iptables automatically.

For ASUS, I believe all ports from WAN to LAN are closed by default, so ports are only opened by LAN traffic heading to default gateway , (UPnP – Port Forwarding) etc.

Let us know how this goes ?

 

 

Share the knowledge

Attachments:

1. 

   port53-block.png
   

In a completely sane world, madness is the only freedom (J.G.Ballard).

You need to login in order to vote

[jetspeed]

UK Sentinel wrote:

@jetspeed – Ok, I believe the following will block all port 53 requests from LAN to WAN, but never tested this on the DSL-AC88U. Go to Firewall > Network Services Filter to block port 53 TCP and UDP. as Network Services Filter only impacts LAN to WAN traffic and this should create entries in the iptables automatically. For ASUS, I believe all ports from WAN to LAN are closed by default, so ports are only opened by LAN traffic heading to default gateway , (UPnP – Port Forwarding) etc. Let us know how this goes ?

Thank you! This looks like what I’m after, but somehow can’t add port 53 without first adding a source IP? When adding port 53, it just disappears – no error message, no nothing.

I’m using FW503 and screen looks slightly different?

Share the knowledge

Attachments:

1. 

   Screenshot_2019-10-18.png
   

You need to login in order to vote

[UK Sentinel]

That is disappointing, try a different browser.

and try newer firmware – Version 1.10.06_Build591

I managed to get it to work on RT-AC86U and an RT-AX88U simulator online

not sure if 0.0.0.0 would work for Source IP address ?

http://demoui.asus.com/

If these options does not work, then alas no other option available to block port 56 from UI, hopefully ASUS will fix also in next firmware (big list they have)

 

Share the knowledge

Attachments:

1. 

   blockport56-1.png
   

In a completely sane world, madness is the only freedom (J.G.Ballard).

You need to login in order to vote

[jetspeed]

UK Sentinel wrote:

That is disappointing, try a different browser. and try newer firmware – Version 1.10.06_Build591 I managed to get it to work on RT-AC86U and an RT-AX88U simulator online not sure if 0.0.0.0 would work for Source IP address ? http://demoui.asus.com/ If these options does not work, then alas no other option available to block port 56 from UI, hopefully ASUS will fix also in next firmware (big list they have)

No go captain, I’m on record 56 days online streak with FW503! All the later ones, I couldn’t get a few weeks before it would lock up or have DNS failures.

Tried Chrome and Firefox, same deal.

I put my own PC’s as the source and tried a nslookup but it seemed to resolve fine and didn’t appear to block anything?

Anyway, I think I give up and wait for the next FW.

Thank you for the assist.

Share the knowledge

You need to login in order to vote

[UK Sentinel]

56 days, that is a first for the DSL-AC3100 / 88U

Share the knowledge

In a completely sane world, madness is the only freedom (J.G.Ballard).

You need to login in order to vote

[Mike R]

Hi getting BT ultrafast 2 FTTP installed on Monday,I thought my DSL-AC88U would work (Would rather not use the BT Super Hub 2 BT sent)  but reading this thread im having doubts.Can you folk give me any tips/advice to get it working please.

Share the knowledge

You need to login in order to vote

[jetspeed]

UK Sentinel wrote:

56 days, that is a first for the DSL-AC3100 / 88U

No, it’s my own record, but I think another of your regular users did something like 90??

Share the knowledge

You need to login in order to vote

[pavlf]

Yes, that was me. I went to something like 120 or so in the end. I would have been well on the way again if builders hadn’t cut through the power the other day.

Share the knowledge

You need to login in order to vote

[jetspeed]

pavlf wrote:

Yes, that was me. I went to something like 120 or so in the end.

It seems like we’re the only ones left using this. Let’s have a friendly competition. I’ll let you know when I break your record ;)

Share the knowledge

You need to login in order to vote

[pavlf]

OK, you’re on! I’m at 10 days 22 hours at the moment. I’m sure to make it to February without any new firmware appearing so I might be get past 120 days! The trick, as far as I can tell, is to turn everything off. No AI. No VPN & hardly any wifi devices. I do use it to stream music and to run torrents, but other than that it doesn’t do anything complicated.

Share the knowledge

You need to login in order to vote

[Author]

Posts