Blocked installing on a raspi pi3 B+

azeri · July 12, 2019, 11:54am

blocked installing on a raspi pi3 B+

To use a raspi pi3 B+ I decompress this image to a microSD:

openwrt-18.06.4-brcm2708-bcm2710-rpi-3-ext4-factory.img

I have to use a USB LAN card to configure the openwrt wan

configured openwrt to have internet access to download and install packages

configure vodafone router with IP 192.168.1.2

And the interface of raspi eth0

IPv4 gateway 192.168.1.2

Use custom DNS servers 192.168.1.2

root@OpenWrt:~# opkg update

Installed kernel module for USB LAN Realtek R8152

root@OpenWrt:~# opkg install kmod-usb-net-rtl8152

Package kmod-usb-net-rtl8152 (4.9.184-1) installed in root is up to date.

[ 490.690165] usb 1-1.1.3: reset high-speed USB device number 5 using dwc_otg
[490.913858] r8152 1-1.1.3:1.0 eth1: v1.08.9

I add a wan interface

wan eth1

Name of the new interface wan
Protocol of the new interface DHCP client
Cover the following interface eth1

---- To access the internet through the wan ----

eth0 reconfiguration

IPv4 gateway noneIP

Use custom DNS servers noneIP

I connect the output of the internet router vodafone to eth1 (usb lan)

According to what I have read and understood from the documentation on the network and firewall I think the config is fine. But when I connect the internet router of the vodafone provider to the eth1 card (usb lan) I don't get a ping or a traceroute. By web from my computer connected (through a swich) to the OpenWrt either.

I do not have experience in linux router, if in debian but I get lost with the two cards and the router ... I do not see how to route the traffic between the two. I have put as it comes in the documentation

I also have no experience with iptables, I tried to configure the firewall in different ways without success

Can you tell me what I'm doing wrong and what I have to read to do well ? I would appreciate your help.

rename the eth0 as br-lan this is significant ??? refers to bridge? is configured as static, but the type is bridge. i don't understand. this is correct, is it how it has to be?

    option type 'bridge'.
    option ifname 'eth0'.
    option proto 'static'.

18.431997] br-lan: port 1(eth0) entered blocking state
18.447619] br-lan: port 1(eth0) entered forwarding state

Honestly I'm blocked and frustrated, reading the documentation I haven't solved it.

What do I have to correct? What should I read?

The network and firewall config below. With the firmware of the wireless card I don't advance either, but below:

root@OpenWrt:~# cat /etc/config/network

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd80:619b:096a::/48'

config interface 'lan'
        option type 'bridge'
        option ifname 'eth0'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config interface 'Wan'
        option proto 'dhcp'
        option ifname 'eth1'
        
root@OpenWrt:~# cat /etc/config/firewall 

config defaults
        option syn_flood '1'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        option network 'lan'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        option network 'wan wan6 Wan'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option src_ip 'fc00::/6'
        option dest_ip 'fc00::/6'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config include
        option path '/etc/firewall.user'

--- for the wireless I do this and it doesn't work ---

I install brcmfmac packages for raspi pi3 B+ wireless

brcmfmac-firmware-43430-sdio (this isn't it, but just in case, I can't find another one)

brcmfmac-firmware-usb

kmod-brcmfmac

Skip kernel error

7.841547] brcmfmac: brcmf_fw_alloc_request: using brcm/brcmfmac43455-sdio for chip BCM4345/6
[ 7.855735] brcmfmac mmc1:0001:1: Direct firmware load for brcm/brcmfmac43455-sdio.bin failed with error -2
7.870213] brcmfmac mmc1:0001:1: Falling back to user helper
[ 7.886743] firmware brcm!brcmfmac43455-sdio.bin: firmware_loading_store: map pages failed
12.871650] usbcore: registered new interface driver brcmfmac
13.921862] brcmfmac: brcmf_sdio_htclk: HT Avail timeout (1000000): clkctl 0x50

can't find for firmware: brcmfmac43455-sdio.bin

What package did I install? Can I install from another repository?

it seems that the debian firmware-brcm80211_20190114-1_all.deb package contains the firmware.

This is a raspian, I think. In theory copying the file can be installed with dpkg -i package

I'm a little afraid to mix things would have to put dpkg, apt, etc. and I can break something ....... I'm just saying because that's what occurred to me.

Thank you so much for your attention.

mk24 · July 12, 2019, 12:28pm

Your WAN and LAN have to be different IP subnet ranges. It won't work to have both 192.168.1.X.

Firmware load fail error -2 is file not found. This could be normal as several different file names are tried and only one will be found and loaded. The Pi3 build should include firmware for the onboard wifi chip. Does the wifi work?

azeri · July 12, 2019, 4:31pm

You can explain to me how to assign another subnet to the wan.

In the file /etc/config/network ???

I find myself shrinking, I don't feel comfortable, I'm still, I'm doing it, I'm new to openwrt, things aren't where they should be...... I mean a debian (this is raspbian retouched, right?)

For example: I can't find the openssh-server configuration file should be in /etc/ssh but here I can't find it.

A newbie is just that :=)

mk24 · July 12, 2019, 5:24pm

The subnet of the WAN is set by the upstream main router, modem / router, etc. So either change that or change the LAN to something outside 192.168.1.X, such as 192.168.2.1.

People typically don't route with a desktop distribution. A desktop is merely a LAN device.

OpenWrt's default SSH server is dropbear, not OpenSSH. Configured with /etc/config/dropbear, keys etc. are in /etc/dropbear.

azeri · July 14, 2019, 3:43pm

In case of installing openssh-server - 7.7p1-1 - OpenSSH server

Is uninstalling this package enough?

root@OpenWrt:~# opkg list-installed | grep -e dropbear
Dropbear - 2017.75-7.1

Then openssh-server - 7.7p1-1 - OpenSSH server

install the configuration files in the usual place /etc/ssh/ ???

thank you