Allow wwan to accept incoming traffic

I am trying to connect to OpenWRT 21.02.3 on a raspberry pi 3 (B), over wifi, so I can control it via SSH.

I want to use this as a ethernet sniffer, not really a router, so I can't connect over wan, I need to connect over wwan. Also, this means it will never be on the public internet, so I'm not really worried about security.

I successfully connected the OpenWRT machine to wifi using this guide: https://openwrt.org/docs/guide-user/network/wifi/connect_client_wifi, and it can access the internet completely fine (it can ping, download sites, etc).

However, I can't even ping it from other machines on my wifi.

When I run tcpdump net 10.0.0.102 (.102 is my desktop machine) I see the incoming ICMP packets, but OpenWRT doesn't respond:

03:45:33.417588 IP 10.0.0.233 > 10.0.0.102: ICMP echo request, id 1, seq 505, length 40
03:45:38.065583 ARP, Request who-has 10.0.0.102 (MAC_ADDRESS (oui Unknown)) tell 10.0.0.233, length 28
03:45:38.065626 ARP, Reply 10.0.0.102 is-at MAC_ADDRESS (oui Unknown), length 28
03:45:38.077493 IP 10.0.0.233 > 10.0.0.102: ICMP echo request, id 1, seq 506, length 40

I tried to allow pings in the firewall, but clearly I did something wrong. I restarted the OpenWRT machine after changing the firewall, so I assume my updated rules are actually being applied.

config defaults
	option syn_flood '1'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'

config zone
	option name 'lan'
	list network 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'

config zone
	option output 'ACCEPT'
	option forward 'ACCEPT'
	option masq '1'
	option mtu_fix '1'
	option name 'wwan'
	option network 'wwan'
	option input 'ACCEPT'

config forwarding
	option src 'lan'
	option dest 'wan'

config forwarding
	option src 'wwan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-Ping'
	option src 'wwan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option src_ip 'fc00::/6'
	option dest_ip 'fc00::/6'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config rule
	option name 'Support-UDP-Traceroute'
	option src 'wan'
	option dest_port '33434:33689'
	option proto 'udp'
	option family 'ipv4'
	option target 'REJECT'
	option enabled 'false'

config include
	option path '/etc/firewall.user'

EDIT:
Here's my /etc/config/network:

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd8a:0114:c6dc::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth0'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option ipaddr '10.0.0.1'

config interface 'wwan'
	option proto 'dhcp'

You left out your network config. No one here can just magically guess how you've set your network up.

Classic case of overlapping network. Change the lan interface into another subnet, as 10.0.0.0/24 is used by wwan.

Thanks @trendy, I just changed option ipaddr '10.0.0.1' to option ipaddr '10.25.0.1' and it's fixed!

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.