Hello All,
Can anyone help me with OpenWrt network configuration
My router can ping local hosts but not internet. Yet it is able to resolve domain to IP address. It is having static WAN IP.
root@OpenWrt:~# ping google.com
PING google.com (172.217.161.14): 56 data bytes
^C
--- google.com ping statistics ---
2 packets transmitted, 0 packets received, 100% packet loss
root@OpenWrt:~# nslookup google.com
Server: 127.0.0.1
Address 1: 127.0.0.1 localhost
Name: google.com
Address 1: 2404:6800:4002:807::200e del03s10-in-x0e.1e100.net
Address 2: 172.217.161.14 del03s10-in-f14.1e100.net
root@OpenWrt:~#
Configuration files are below:
root@OpenWrt:~# cat /etc/config/network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fddf:4189:6fb7::/48'
config interface 'lan'
option ifname 'eth0 wlan0'
option force_link '1'
option type 'bridge'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
config interface 'wan'
option ifname 'eth1'
option proto 'static'
option ipaddr '10.119.82.190'
option netmask '255.255.255.0'
option gateway '10.119.82.111'
option dns '103.48.109.11 8.8.8.8'
config interface 'wan6'
option ifname 'eth1'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '0 1 2 3 4'
root@OpenWrt:~#
root@OpenWrt:~# cat /etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option channel '11'
option hwmode '11g'
option path 'platform/ar933x_wmac'
option htmode 'HT20'
option txpower '16'
option country 'IN'
config wifi-iface
option device 'radio0'
option mode 'ap'
option ssid 'OpenWrt'
option encryption 'psk2'
option network 'lan'
option key 'XXXXXX'
root@OpenWrt:~#
root@OpenWrt:~# cat /etc/config/firewall
config defaults
option syn_flood 1
option input ACCEPT
option output ACCEPT
option forward REJECT
# Uncomment this line to disable ipv6 rules
# option disable_ipv6 1
config zone
option name lan
list network 'lan'
option input ACCEPT
option output ACCEPT
option forward ACCEPT
config zone
option name wan
list network 'wan'
list network 'wan6'
option input REJECT
option output ACCEPT
option forward REJECT
option masq 1
option mtu_fix 1
config forwarding
option src lan
option dest wan
# include a file with users custom iptables rules
config include
option path /etc/firewall.user
root@OpenWrt:~#
root@OpenWrt:~# cat /etc/config/dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
option localservice '1'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv6 'server'
option ra 'server'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
root@OpenWrt:~#
root@OpenWrt:~# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.119.82.111 0.0.0.0 UG 0 0 0 eth1
10.119.82.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 br-lan
root@OpenWrt:~#
root@OpenWrt:~# arp
IP address HW type Flags HW address Mask Device
192.168.1.245 0x1 0x2 30:b5:c2:19:9c:ad * br-lan
192.168.1.189 0x1 0x2 0c:f3:46:10:2d:8d * br-lan
10.119.82.111 0x1 0x2 00:1b:21:bc:f6:05 * eth1
root@OpenWrt:~#
root@OpenWrt:~# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
delegate_input all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
delegate_forward all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
delegate_output all -- anywhere anywhere
Chain delegate_forward (1 references)
target prot opt source destination
forwarding_rule all -- anywhere anywhere /* user chain for forwarding */
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
zone_lan_forward all -- anywhere anywhere
zone_wan_forward all -- anywhere anywhere
reject all -- anywhere anywhere
Chain delegate_input (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
input_rule all -- anywhere anywhere /* user chain for input */
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
syn_flood tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN
zone_lan_input all -- anywhere anywhere
zone_wan_input all -- anywhere anywhere
Chain delegate_output (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
output_rule all -- anywhere anywhere /* user chain for output */
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
zone_lan_output all -- anywhere anywhere
zone_wan_output all -- anywhere anywhere
Chain forwarding_lan_rule (1 references)
target prot opt source destination
Chain forwarding_rule (1 references)
target prot opt source destination
Chain forwarding_wan_rule (1 references)
target prot opt source destination
Chain input_lan_rule (1 references)
target prot opt source destination
Chain input_rule (1 references)
target prot opt source destination
Chain input_wan_rule (1 references)
target prot opt source destination
Chain output_lan_rule (1 references)
target prot opt source destination
Chain output_rule (1 references)
target prot opt source destination
Chain output_wan_rule (1 references)
target prot opt source destination
Chain reject (3 references)
target prot opt source destination
REJECT tcp -- anywhere anywhere reject-with tcp-reset
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain syn_flood (1 references)
target prot opt source destination
RETURN tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 25/sec burst 50
DROP all -- anywhere anywhere
Chain zone_lan_dest_ACCEPT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain zone_lan_forward (1 references)
target prot opt source destination
forwarding_lan_rule all -- anywhere anywhere /* user chain for forwarding */
zone_wan_dest_ACCEPT all -- anywhere anywhere /* forwarding lan -> wan */
ACCEPT all -- anywhere anywhere ctstate DNAT /* Accept port forwards */
zone_lan_dest_ACCEPT all -- anywhere anywhere
Chain zone_lan_input (1 references)
target prot opt source destination
input_lan_rule all -- anywhere anywhere /* user chain for input */
ACCEPT all -- anywhere anywhere ctstate DNAT /* Accept port redirections */
zone_lan_src_ACCEPT all -- anywhere anywhere
Chain zone_lan_output (1 references)
target prot opt source destination
output_lan_rule all -- anywhere anywhere /* user chain for output */
zone_lan_dest_ACCEPT all -- anywhere anywhere
Chain zone_lan_src_ACCEPT (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain zone_wan_dest_ACCEPT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain zone_wan_dest_REJECT (1 references)
target prot opt source destination
reject all -- anywhere anywhere
Chain zone_wan_forward (1 references)
target prot opt source destination
forwarding_wan_rule all -- anywhere anywhere /* user chain for forwarding */
ACCEPT all -- anywhere anywhere ctstate DNAT /* Accept port forwards */
zone_wan_dest_REJECT all -- anywhere anywhere
Chain zone_wan_input (1 references)
target prot opt source destination
input_wan_rule all -- anywhere anywhere /* user chain for input */
ACCEPT all -- anywhere anywhere ctstate DNAT /* Accept port redirections */
zone_wan_src_REJECT all -- anywhere anywhere
Chain zone_wan_output (1 references)
target prot opt source destination
output_wan_rule all -- anywhere anywhere /* user chain for output */
zone_wan_dest_ACCEPT all -- anywhere anywhere
Chain zone_wan_src_REJECT (1 references)
target prot opt source destination
reject all -- anywhere anywhere