I just discovered that management is available via the main wireless interface on some NAT mode SMs. This is with the separate management interface enabled! No VLANs in use. The GUI loads when going to either IP of the SM. If I reboot the SM, then it is only accessible via the separate management interface as expected. If the config is changed and a reboot is NOT required, that's when the GUI is then accessible on the public side. Just tested it again. Rebooted again. No access via public after the reboot. I'm also using DMZ on every single SM, so I'm doubly confused. The SM GUI should NEVER load on the public interface.
OK, I tried the no-reboot config change on a couple others and it didn't happen. Now I'm triply confused. So.. I have no idea what triggers this.
Thanks for highlighting this, George. We're looking into it now.
@George Skorup wrote:
OK, I tried the no-reboot config change on a couple others and it didn't happen. Now I'm triply confused. So.. I have no idea what triggers this.
Can you give us an example of a no-reboot config change you made that triggered it on the first SM?
OK, got it to happen again. Now I remember what I did on the first SM. I set the readonly account password and saved. Forgot to check the network settings. We're moving the LAN DHCP DNS to our internal anycast resolver as primary and Google's 8.8.8.8 as secondary.
This is on a sector with 13 SMs that I forgot about and just recently upgraded all of the radios from 2.6.2.1 to 3.2.2. Since we can set the LAN DHCP pool start and end the same for a 1-address pool now with 3.2.2, that's one of the things I changed on the network page. Also the DNS servers as mentioned above. And that's it.
So I did all that, clicked saved and the SM de-registered. As I'm waiting for it to scan and re-register, I start a continuous ping in the background to the public IP. It registers and I get 4 ICMP replies, then timeouts. I'm guessing at that point it starts sending traffic to the DMZ host. BUT.... if I go to the public in in my browser, the ePMP GUI login comes up.
The SM has an uptime of about 1 day and 12 hours. It has been in session now for about 18 minutes. ICMP to the public IP times out, but the GUI still loads.
I will leave it as-is. Let me know if you want any logs or debug from it. Or if you guys can reproduce it, that would probably be easier.
Yup. We've reproduced it and the workaround is to reboot the SM. We'll start figuring out a fix. Thanks, George.
1 Like