Can ping WAN gateway but not internet

nbuser · May 10, 2020, 4:29pm

Hello All,

Can anyone help me with OpenWrt network configuration

My router can ping local hosts but not internet. Yet it is able to resolve domain to IP address. It is having static WAN IP.

root@OpenWrt:~# ping google.com
PING google.com (172.217.161.14): 56 data bytes
^C
--- google.com ping statistics ---
2 packets transmitted, 0 packets received, 100% packet loss
root@OpenWrt:~# nslookup google.com
Server:    127.0.0.1
Address 1: 127.0.0.1 localhost

Name:      google.com
Address 1: 2404:6800:4002:807::200e del03s10-in-x0e.1e100.net
Address 2: 172.217.161.14 del03s10-in-f14.1e100.net
root@OpenWrt:~#


Configuration files are below:

root@OpenWrt:~# cat /etc/config/network
config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fddf:4189:6fb7::/48'

config interface 'lan'
        option ifname 'eth0 wlan0'
        option force_link '1'
        option type 'bridge'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'

config interface 'wan'
        option ifname 'eth1'
        option proto 'static'
        option ipaddr '10.119.82.190'
        option netmask '255.255.255.0'
        option gateway '10.119.82.111'
        option dns '103.48.109.11 8.8.8.8'

config interface 'wan6'
        option ifname 'eth1'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '0 1 2 3 4'

root@OpenWrt:~#



root@OpenWrt:~# cat /etc/config/wireless
config wifi-device 'radio0'
        option type 'mac80211'
        option channel '11'
        option hwmode '11g'
        option path 'platform/ar933x_wmac'
        option htmode 'HT20'
        option txpower '16'
        option country 'IN'

config wifi-iface
        option device 'radio0'
        option mode 'ap'
        option ssid 'OpenWrt'
        option encryption 'psk2'
        option network 'lan'
        option key 'XXXXXX'
root@OpenWrt:~#


root@OpenWrt:~# cat /etc/config/firewall
config defaults
        option syn_flood        1
        option input            ACCEPT
        option output           ACCEPT
        option forward          REJECT
# Uncomment this line to disable ipv6 rules
#       option disable_ipv6     1

config zone
        option name             lan
        list   network          'lan'
        option input            ACCEPT
        option output           ACCEPT
        option forward          ACCEPT

config zone
        option name             wan
        list   network          'wan'
        list   network          'wan6'
        option input            REJECT
        option output           ACCEPT
        option forward          REJECT
        option masq             1
        option mtu_fix          1

config forwarding
        option src              lan
        option dest             wan

# include a file with users custom iptables rules
config include
        option path /etc/firewall.user
root@OpenWrt:~#


root@OpenWrt:~# cat /etc/config/dhcp

config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.auto'
        option localservice '1'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv6 'server'
        option ra 'server'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'

root@OpenWrt:~#


root@OpenWrt:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.119.82.111   0.0.0.0         UG    0      0        0 eth1
10.119.82.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 br-lan
root@OpenWrt:~#


root@OpenWrt:~# arp
IP address       HW type     Flags       HW address            Mask     Device
192.168.1.245    0x1         0x2         30:b5:c2:19:9c:ad     *        br-lan
192.168.1.189    0x1         0x2         0c:f3:46:10:2d:8d     *        br-lan
10.119.82.111    0x1         0x2         00:1b:21:bc:f6:05     *        eth1
root@OpenWrt:~#


root@OpenWrt:~# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
delegate_input  all  --  anywhere             anywhere

Chain FORWARD (policy DROP)
target     prot opt source               destination
delegate_forward  all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
delegate_output  all  --  anywhere             anywhere

Chain delegate_forward (1 references)
target     prot opt source               destination
forwarding_rule  all  --  anywhere             anywhere             /* user chain for forwarding */
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
zone_lan_forward  all  --  anywhere             anywhere
zone_wan_forward  all  --  anywhere             anywhere
reject     all  --  anywhere             anywhere

Chain delegate_input (1 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
input_rule  all  --  anywhere             anywhere             /* user chain for input */
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
syn_flood  tcp  --  anywhere             anywhere             tcp flags:FIN,SYN,RST,ACK/SYN
zone_lan_input  all  --  anywhere             anywhere
zone_wan_input  all  --  anywhere             anywhere

Chain delegate_output (1 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
output_rule  all  --  anywhere             anywhere             /* user chain for output */
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
zone_lan_output  all  --  anywhere             anywhere
zone_wan_output  all  --  anywhere             anywhere

Chain forwarding_lan_rule (1 references)
target     prot opt source               destination

Chain forwarding_rule (1 references)
target     prot opt source               destination

Chain forwarding_wan_rule (1 references)
target     prot opt source               destination

Chain input_lan_rule (1 references)
target     prot opt source               destination

Chain input_rule (1 references)
target     prot opt source               destination

Chain input_wan_rule (1 references)
target     prot opt source               destination

Chain output_lan_rule (1 references)
target     prot opt source               destination

Chain output_rule (1 references)
target     prot opt source               destination

Chain output_wan_rule (1 references)
target     prot opt source               destination

Chain reject (3 references)
target     prot opt source               destination
REJECT     tcp  --  anywhere             anywhere             reject-with tcp-reset
REJECT     all  --  anywhere             anywhere             reject-with icmp-port-unreachable

Chain syn_flood (1 references)
target     prot opt source               destination
RETURN     tcp  --  anywhere             anywhere             tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 25/sec burst 50
DROP       all  --  anywhere             anywhere

Chain zone_lan_dest_ACCEPT (2 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere

Chain zone_lan_forward (1 references)
target     prot opt source               destination
forwarding_lan_rule  all  --  anywhere             anywhere             /* user chain for forwarding */
zone_wan_dest_ACCEPT  all  --  anywhere             anywhere             /* forwarding lan -> wan */
ACCEPT     all  --  anywhere             anywhere             ctstate DNAT /* Accept port forwards */
zone_lan_dest_ACCEPT  all  --  anywhere             anywhere

Chain zone_lan_input (1 references)
target     prot opt source               destination
input_lan_rule  all  --  anywhere             anywhere             /* user chain for input */
ACCEPT     all  --  anywhere             anywhere             ctstate DNAT /* Accept port redirections */
zone_lan_src_ACCEPT  all  --  anywhere             anywhere

Chain zone_lan_output (1 references)
target     prot opt source               destination
output_lan_rule  all  --  anywhere             anywhere             /* user chain for output */
zone_lan_dest_ACCEPT  all  --  anywhere             anywhere

Chain zone_lan_src_ACCEPT (1 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere

Chain zone_wan_dest_ACCEPT (2 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere

Chain zone_wan_dest_REJECT (1 references)
target     prot opt source               destination
reject     all  --  anywhere             anywhere

Chain zone_wan_forward (1 references)
target     prot opt source               destination
forwarding_wan_rule  all  --  anywhere             anywhere             /* user chain for forwarding */
ACCEPT     all  --  anywhere             anywhere             ctstate DNAT /* Accept port forwards */
zone_wan_dest_REJECT  all  --  anywhere             anywhere

Chain zone_wan_input (1 references)
target     prot opt source               destination
input_wan_rule  all  --  anywhere             anywhere             /* user chain for input */
ACCEPT     all  --  anywhere             anywhere             ctstate DNAT /* Accept port redirections */
zone_wan_src_REJECT  all  --  anywhere             anywhere

Chain zone_wan_output (1 references)
target     prot opt source               destination
output_wan_rule  all  --  anywhere             anywhere             /* user chain for output */
zone_wan_dest_ACCEPT  all  --  anywhere             anywhere

Chain zone_wan_src_REJECT (1 references)
target     prot opt source               destination
reject     all  --  anywhere             anywhere

trendy · May 10, 2020, 5:14pm

Please use the "Preformatted text </>" button for logs, scripts, configs and general console output.

Please edit your post accordingly. Thank you!

You firewall is heavily tweaked and I am suspecting you overdid it with security.

Do a traceroute and show us where it stops
traceroute 8.8.8.8

nbuser · May 10, 2020, 5:39pm

my traceroute is not completing and firewall is default config. I haven't added or deleted anything.

root@OpenWrt:~# traceroute 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 38 byte packets
 1  10.119.82.111 (10.119.82.111)  0.578 ms  0.848 ms  0.614 ms
 2  *  *  *
 3  *  *  *
 4  *  *  *
 5  *  *  *
 6  *  *  *
 7  *  *  *
 8  *  *  *
 9  *  *  *
10  *  *  *
11^C
root@OpenWrt:~#

lleachii · May 10, 2020, 5:45pm

This seems wrong. This is not how the documentation advises to create an AP. You should be able to remove wlan0 from the network config. That WiFi config was already done in /etc/config/wireless with the line -

psherman · May 10, 2020, 5:58pm

Is this the correct gateway? Obviously this must be behind another router, right? If you connect directly to that router, are you able to get connectivity out to the internet?

trendy · May 10, 2020, 7:16pm

If .111 is indeed the gateway, maybe it is blocking a lot of traffic?
Can you try also:

nslookup www.openwrt.org 103.48.109.11
traceroute 103.48.109.11

nbuser · May 11, 2020, 3:24am

Below is the output of nslookup and traceroute. Also when i install DDWRT same router works fine and with all same network settings

root@OpenWrt:~# traceroute 103.48.109.11
traceroute to 103.48.109.11 (103.48.109.11), 30 hops max, 38 byte packets
 1  10.119.82.111 (10.119.82.111)  0.074 ms  0.557 ms  0.574 ms
 2  *  *  *
 3  *  *  *
 4  *  *  *
 5  *  *  *
 6^C
root@OpenWrt:~# nslookup openwrt.org 103.48.109.11
Server:    103.48.109.11
Address 1: 103.48.109.11

Name:      openwrt.org
Address 1: 2a03:b0c0:3:d0::1af1:1 wiki-01.infra.openwrt.org
Address 2: 139.59.209.225 wiki-01.infra.openwrt.org
root@OpenWrt:~#
root@OpenWrt:~# ping openwrt.org
PING openwrt.org (139.59.209.225): 56 data bytes
^C
--- openwrt.org ping statistics ---
2 packets transmitted, 0 packets received, 100% packet loss
root@OpenWrt:~#

nbuser · May 11, 2020, 1:54pm

Issue has been resolved.

I installed DDWRT earlier and when i tried to switch back to OpenWrt this issue occured. We need to install the web_revert file for your router before we install OpenWrt. Link is below:

https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=85237

Once it was done and then OpenWrt was installed everything started working.

Thanks everyone who took time to reply and am proud to be user of OpenWrt.

nbuser · May 10, 2020, 6:35pm

Router is directly connected with rj45 cable on wan port and gateway is correct.

Saran

system · May 20, 2020, 6:35pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.