Cannot access Dumb AP from gateway

ulmwind · January 14, 2020, 12:30pm

OK, could you delete from command line following strings

-A PREROUTING -i br-lan -j V2RAY
-A PREROUTING -m mark --mark 0x1 -j V2RAY
-A FORWARD -o pppoe-wan -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A OUTPUT -j V2RAY_MASK

(they will not be deleted permanently), and check ping 192.168.19.1 from RPi again? To delete them you should run iptables -D, e.g. for first string:
iptables -D PREROUTING -i br-lan -j V2RAY

maddie · January 15, 2020, 1:19am

Hmm, what configs should I post?

maddie · January 15, 2020, 1:19am

I'll have to test it in a couple of days, I'm off site now and I'm afraid that might break my remote access to the site.

ahmar16 · January 15, 2020, 3:36pm

cat /etc/config/network from both devices.

ulmwind · January 15, 2020, 5:27pm

Raspbian is runnig on RPi, I think.

maddie · January 16, 2020, 2:15am

RPi3:

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd2b:e19c:4869::/48'

config interface 'lan'
	option type 'bridge'
	option ifname 'eth0'
	option ipaddr '192.168.19.254'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option proto 'static'

config interface 'tinc'
	option proto 'static'
	option ifname 'tinc'
	option delegate '0'
	option ipaddr '192.168.248.9'
	option netmask '255.255.255.0'

config route
	option interface 'tinc'
	option target '192.168.248.0'
	option netmask '255.255.255.0'
	option gateway '192.168.248.9'

config route
	option interface 'tinc'
	option target '192.168.18.0'
	option netmask '255.255.255.0'
	option gateway '192.168.248.9'

config route
	option interface 'tinc'
	option target '192.168.33.0'
	option netmask '255.255.255.0'
	option gateway '192.168.248.9'

config route
	option netmask '255.255.255.0'
	option target '192.168.109.0'
	option gateway '192.168.248.9'
	option interface 'tinc'

config route
	option target '192.168.110.0'
	option netmask '255.255.255.0'
	option gateway '192.168.248.9'
	option interface 'tinc'

config route
	option target '192.168.111.0'
	option netmask '255.255.255.0'
	option gateway '192.168.248.9'
	option interface 'tinc'

config route
	option target '192.168.104.0'
	option netmask '255.255.252.0'
	option gateway '192.168.248.9'
	option interface 'tinc'

config route
	option interface 'tinc'
	option target '10.0.0.0'
	option netmask '255.0.0.0'
	option gateway '192.168.248.9'

config route
	option interface 'tinc'
	option target '192.168.108.0'
	option netmask '255.255.252.0'
	option gateway '192.168.248.9'

config route
	option interface 'tinc'
	option target '192.168.20.0'
	option netmask '255.255.255.0'
	option gateway '192.168.248.9'

config route
	option target '192.168.22.0'
	option netmask '255.255.255.0'
	option gateway '192.168.248.9'
	option interface 'tinc'

config interface 'wan'
	option ifname 'eth1'
	option proto 'pppoe'
	option username '456456456'
	option ipv6 'auto'
	option peerdns '0'
	option password '123123123'

config interface 'onu'
	option ifname 'eth1'
	option proto 'dhcp'
	option peerdns '0'
	option defaultroute '0'

C7:

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fdf5:6841:1936::/48'

config interface 'lan'
	option type 'bridge'
	option proto 'static'
	option ipaddr '192.168.19.1'
	option netmask '255.255.255.0'
	option gateway '192.168.19.254'
	list dns '192.168.19.254'
	option ifname 'eth0.1 eth0.2'

config interface 'wan'
	option ifname 'eth0.2'
	option proto 'dhcp'

config device 'wan_eth0_2_dev'
	option name 'eth0.2'
	option macaddr '50:d4:f7:b4:f0:0e'

config interface 'wan6'
	option ifname 'eth0.2'
	option proto 'dhcpv6'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '2 3 4 5 0t'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option ports '1 0t'

maddie · January 16, 2020, 2:15am

Both are running OpenWRT 19.07.0 stable

ahmar16 · January 16, 2020, 7:21am

maddie:

'config interface 'lan'
	option type 'bridge'
	option proto 'static'
	option ipaddr '192.168.19.1'
	option netmask '255.255.255.0'
	option gateway '192.168.19.254'
	list dns '192.168.19.254'
	option ifname 'eth0.1 eth0.2'

config interface 'wan'
	option ifname 'eth0.2'
	option proto 'dhcp'

config interface 'wan6'
	option ifname 'eth0.2'
	option proto 'dhcpv6'

The above config from C7 is bugging me. Does this seem correct to anyone? eth0.2 has been assigned to both LAN and WAN with different protocols. Could this be the cause for conflict?

maddie · January 16, 2020, 7:34am

I have bridged the WAN port to LAN since I don't need it to connect to WAN anyway. The problem happens with or without the WAN port bridged to the LAN ports.

rj-45 · January 16, 2020, 9:54am

why, the rpi is directly connected to it, so there is no need for that route.

maddie · January 16, 2020, 12:07pm

If I don't add this route, other clients in the same subnet connected via tinc cannot access RPi from the outside.

ahmar16 · January 16, 2020, 2:14pm

Yes, also other routes specify the gateway as *.*.248.9 which maybe a conflict in this situation.

I honestly think that you need to re-config RPI from scratch. Your static routes are interfering with the normal routes and this is why strange behavior with RPI is happening when it shouldn't.

One more thing, if you use a separate modem to connect to internet, then it should also be visible from the entire LAN network in the default config. It doesn't matter if you connect from AP or main.