cancel
Showing results for 
Show  only  | would you rather see results for 
Did you mean: 
Need help?

Port Forwarding on New Sagemcom Fast 5364 Issue

Reply
23 REPLIES 23
Highlighted
First Timer

Hi,

      I was upgraded yesterday to Talktalk Fibre Broadband from ADSL. On my ADSL I had a Draytek 2830n Router which worked great in very possible way.

The new Sagemcom 5364 works great for browsing and I get my 40mps as promised but I do use port forwading and so far have not managed to get it to work at all.

Has anyone out there tried this and had any succes.

Help required

 

Thanks

Steve D

Highlighted
Community Star

Yes, it works perfectly. What TCP or UDP ports are you trying to forward?

Highlighted
First Timer

Hi Keith,

            Been trying to get port 5900 using TCP for VNC.

I have tried everyting including opening port on Firewal and putting the local IP in the DMZ but still nothing gets through. Also tried port 21 and tested with an online port checker which showed ports as closed?

Thanks for your response.

 

Regards

Steve D

Highlighted
Community Star

I have just knocked up this rule, fully tested it & worked first time:-

 

5900.png

Be aware that you will need to set up a static IP address on the device itself as this router does not currently DHCP reserved IP addresses & this must also be outside of the DHCP server’s IPv4 address pool (address range). This can be checked here:-

 

Dashboard > See Wi-Fi Settings > Manage Advanced Settings > TalkTalk WiFi hub > DHCP

 

Have you allowed an inbound rule in the PC's personal firewall?

 

Of course, once you have it working you will need to configure DDNS.

Highlighted
First Timer

Hi Keith,

             Many thanks again for the response.

Looking at your screen shot that is indeed how I have set the PF up.

The PC has a static IP and all this has worked fine with my previous Draytek 2830 and a CISCO877w before that.

I have set the Dynamic DNS up and it is working fine with my account on noip.com.

Might I ask if you can ping your router/public IP address as so far with the router PING set as ON I have not been able to do so. Can I also ask what level of Firmware your router shows and if you have updated it?

Think I am going to back up the router settings and try a factory default as runnung out of idea's

 

Regards

Steve D

Community Star

TalkTalk totally control the firmware deployment, you cannot change it yourself. There is currently only the one firmware version, so we both have the same version.

 

How are you trying to ping the router via its public address, if it is from a client on the local lan, then you won't be able to as TalkTalk always block traffic going out & back in as this loopback traffic (even just a PING) is classed as a security issue.

 

 Have you tried rebooting the PC, as its ARP cache may have the default gateway's old router's MAC address in it, rather than learning the Sagemcom's?

Highlighted
Popular Poster

"TalkTalk totally control the firmware deployment, you cannot change it yourself"

 

Really? That's annoying.

Avast is telling me I need to update the firmware for security reasons.

Highlighted
Community Star

What is Avast telling you then? There is one known problem to do with the version of DNSMasq used, but that is totally negated by other security measures within the router, so it is not vulnerable to this at all.

Highlighted
Popular Poster

Hey @KeithFrench

 

Do you know of any other firmware bugs? I'm asking because I might of experienced a firmware bug where the hub becomes really slow after 4-5 days until it's rebooted.

 

When I say "slow" I don't mean my connections speed. I mean that it's as if somethings stuck running at 100% on the hub and that's making it slow to respond to all of the connected devices. It'll even take 20-30 seconds to display the hubs own admin panel, which will normally load instantly.

 

I'd love to have access to the bug tracking area as I've already found dozens of issues. I'm not your typical home user either, so I can get technical and provide a lot of information.

Highlighted
Popular Poster

Hi Keith,

 

Avast says:

 

DNS: Device is vulnerable to attacks

Type: DNS

Port: 53

Vulnerability ID: CVE-2017-14491

 

Some of the vulnerabilities may be patched in new versions of the device firmware or system update. Applying the latest firmware or system update may solve the issue.

 

Severity: High

 

 

Highlighted
Popular Poster

Vulnerability ID: CVE-2017-14491



A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash or, potentially, execute arbitrary code.


https://forum.avast.com/index.php?topic=215664.0

 

It might be the same dnsmasq issue that Keith mentioned. If it is then the devs should make an effort to fix the issue.

Highlighted
Community Star

@TechGuy @Antonym

 

Please be aware that this is someone else's thread & not yours, you should really create your own threads if you have issues.

 

However, I will try & quickly address some of them now.

 

The DNSMsq version is NOT a problem, as I said earlier there are extra security measures already in place in the hub that counteract this, although the version of DNSmasq is due to be updated later in the year. So currently there is NO problem that needs fixing with this.

 

I did find a few bugs myself & have made numerous suggestions to the developers, all of which have been accepted & are due to be implemented over the next couple of firmware releases.

 

@TechGuy for your slow problem, you will need to create your own thread as TalkTalk insist on one thread per customer per problem.

Highlighted
Popular Poster

@KeithFrench wrote:

 The DNSMsq version is NOT a problem, as I said earlier there are extra security measures already in place in the hub that counteract this, although the version of DNSmasq is due to be updated later in the year. So currently there is NO problem that needs fixing with this.


I'm a developer myself, so although the hub might have "extra security measures" I know that it's good practice to update anyway, especially when it's a security related bug and it's still being detected. So they should update dnsmasq sooner rather than later.

 

 


@KeithFrench wrote:

@TechGuy for your slow problem, you will need to create your own thread as TalkTalk insist on one thread per customer per problem.


My question was specifically to you since you seem to have access to firmware bug reports and you can contact the developers. I was simply looking for a quick yes or no answer.

 

I known that off topic posts within threads are frowned upon, but I'd rather not start my own thread because I don't need TalkTalk's help. I already know for a fact that this is a firmware related bug and that a replacement hub wouldn't fix the issue unless the replacement hub come with a newer firmware, which I doubt it would.

 

If you don't know if this is a known bug then I guess I'll just contact Sagemcom to get the firmwares source, excluding proprietary code.

Highlighted
Community Star

I think you need to take your concerns about DNSmasq to the OCEs, which will require you starting your own thread. They have assured a couple of other customers about this is risk whatsoever, as they have other countermeasures built into the router. Although I do know what they are, I am not at liberty to tell you, that must only come from TalkTalk.

 

What I have passed across to the developers is only via the OCEs, how can I start an official bug report, I am just a customer.

 

If you do create your own thread about this bug & you give me the URL of it, I will be happy to pass it over to the OCEs for you.

Highlighted
Community Team - TT Staff

Hi @TechGuy

 

Definitive answer you are looking for is No.

 

Our devices teams are aware, there are sufficient countermeasures in place to prevent a buffer overflow and our developers are confident that no vulnerability can be exploited.

 

An update is planned for later in the year.

 

Thanks

 

Karl.

Highlighted
Popular Poster

@OCE_Karl wrote:

Hi @TechGuy

 

Definitive answer you are looking for is No.


I guess I'll keep trying to find the cause of the issue. If I do then I'll create a thread containing my device info and steps to recreate the bug.

 

At the moment I know that the issue isn't caused by the hubs modem because even if I use the Openreach modem and connect that to the hub then the hub will still become slow after almost a week.

 

All 8+ devices in my home are connected via WiFi and only 2 of them will use 5 GHz, although one of them seems to favour 2.4 GHz a little more. Either way, the channels are optimised for my area and the signal strength is excellent at -38 dBm to -46 dBm.

 

So far the issues occurred twice and both times it happened not long after successfully downloading large games from Steam. That's when the hub will become slow to access from every device that's connected to it until it's rebooted.

 

I've also got a simple feature request to go with my others. Please could you invert the hubs log? Currently it's displayed oldest to newest, which means that you often need to press the next button 80+ times to get to the new information.

 

Thanks.

Highlighted
Community Star

@TechGuy

 

The whole subject of the system log was one of the first bugs I raised with the developers. Not only does it need better navigation in respect of first & last page buttons. The system log level labels are wrong (Debug & higher should read debug & lower etc). No way to save the log to a PC, no way to clear the log & no output to a syslog server.

 

All of which have been accepted.

Highlighted
First Timer

Hi All,

        As the originator of this post and being an IT engineer for over 20 years I find all this most interesting.

I would like to add I decided not to trust the afore mentioned router even though I got the port forwarding to work after an online chat with a Talktalk representative who promised to email me some notes on configuring said router. After two months I am still waiting for them to arrive!!

As my Draytek 2830 router did not support the Fibre line protocol of VDSL2 I purchased a Draytek Vigor130 and set this up as a modem/bridge and connected this to the WAN2 port on the 2830.

I now have back all the functionality I had before I upgraded from ADSL2 with the speed of a Fibre connection.

 If anyone would like the configuration information of this I will be happy to post it here for them to follow. Likewise if anyone would like a Free Sagemcom Fast 5364 router I will be happy to send it to them provided they pay the postage.

 

Good luck with resolving the issues you have.

Highlighted
Popular Poster

@KeithFrench

Yep. Trying to diagnose an issue is really tedious at the moment, so hopefully the whole logging area is improved in a future update.

 

The hubs supposed to offer a system log, a firewall log and a UPnP log. Only the operator log works correctly on TalkTalks firmware and the others are currently hidden.

  

@steved131

I had a similar setup with an Openreach modem and a Billion router. It's been perfect for years, but I got the new TalkTalk hub because I wanted to put the hubs WiFi range to the test and I also liked the idea of having an all in 1 box.

 

I miss a lot of the options that my Billion router has, but I'm waiting to see if TalkTalk improves the hub. If they don't and there's still a lot of features that are hidden or removed then I'll probably revert to my older setup too.

 

I'm sure someone here will take you up on your offer.

Highlighted
Community Star

Hi @TechGuy

 

The system log I think is what is curiously called the operator log and is working. The security log is probably built into the system log in line with other domestic routers (although it is admittedly difficult to tell due to the currently poor navigation of it). The uPnP log may be something they might implement in the future, but then again why shouldn't it also be included in the system log?

 

Although you have found these hidden pages, they are not of any use as they don't do anything in this release. However, if you had a different login level such as the developers might have, then it might give additional logs.