Cannot ping devices in the same local network

Hi,
Just configured a new installation of opewrt and seems like my device are completely isolated from each other. I cannot ping them, also my ipv6 doesn't seem to be working. I tried to isolate unsucessufully. Any ideas? Although configs are pretty standard somethings seems off and I couldn't spot it.

network

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fdd8:7a1f:b741::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option netmask '255.255.255.0'
	option ipaddr '192.168.120.1'

config device
	option name 'wan'
	option macaddr '62:38:e0:b9***'

config interface 'wan'
	option device 'wan'
	option proto 'dhcp'
	option hostname '*'

config interface 'wan6'
	option proto '6to4'

config interface 'wg0'
	option proto 'wireguard'
	option private_key '*****'
	option listen_port '****'
	list addresses '10.14.0.1/24'

config wireguard_wg0
	list allowed_ips '10.14.0.3/32'
	option route_allowed_ips '1'
	option persistent_keepalive '25'

config interface 'vpns'
	option proto 'none'
	option device 'vpns0'

firewall

config defaults
	option input 'ACCEPT'
	option output 'ACCEPT'
	option synflood_protect '1'
	option forward 'REJECT'

config zone 'lan'
	option name 'lan'
	list device 'vpns+'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	list network 'lan'
	list network 'vpns'
	list network 'wg'
	list network 'wg0'

config zone 'wan'
	option name 'wan'
	option input 'REJECT'
	option output 'ACCEPT'
	option masq '1'
	option mtu_fix '1'
	list network 'wan'
	list network 'wan6'
	option forward 'REJECT'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config rule
	option name 'Allow SSL OpenConnect'
	option dest_port '****'
	option target 'ACCEPT'
	option src 'wan'

config rule
	option name 'Allow Wireguard'
	list proto 'udp'
	option src 'wan'
	option dest_port '****'
	option target 'ACCEPT'

config rule
	option name 'Block DNS'
	option src '*'
	option dest_port '53'
	option target 'DROP'
	option dest '*'
	option enabled '0'

config redirect
	option target 'DNAT'
	option name 'Xbox'
	option src 'wan'
	option dest 'lan'
	option src_dport '49621'

config rule 'oc'
	option name 'Allow-OpenConnect'
	option src 'wan'
	option dest_port '***'
	option proto 'tcp udp'
	option target 'ACCEPT'

wireless

config wifi-device 'radio0'
	option type 'mac80211'
	option path 'soc/soc:pcie/pci0000:00/0000:00:01.0/0000:01:00.0'
	option channel '36'
	option band '5g'
	option country '**'
	option htmode 'VHT160'
	option cell_density '0'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option network 'lan'
	option mode 'ap'
	option macaddr '60:38:e0*****'
	option ssid '******'
	option encryption 'psk2+ccmp'
	option key '******'

config wifi-device 'radio1'
	option type 'mac80211'
	option path 'soc/soc:pcie/pci0000:00/0000:00:02.0/0000:02:00.0'
	option band '2g'
	option htmode 'HT20'
	option country 'CA'
	option channel '8'
	option cell_density '0'

config wifi-iface 'default_radio1'
	option device 'radio1'
	option network 'lan'
	option mode 'ap'
	option macaddr '60:38:e0:***'
	option ssid *****'
	option encryption 'psk2+ccmp'
	option key '*****'

config wifi-device 'radio2'
	option type 'mac80211'
	option path 'platform/soc/soc:internal-regs/f10d8000.sdhci/mmc_host/mmc0/mmc0:0001/mmc0:0001:1'
	option channel '34'
	option band '5g'
	option htmode 'VHT80'
	option disabled '1'

config wifi-iface 'default_radio2'
	option device 'radio2'
	option network 'lan'
	option mode 'ap'
	option ssid 'OpenWrt'
	option encryption 'none'

Is this wired, wireless, or both? Have all of your devices gotten an address in the correct network (relevant if you changed your router's LAN address) -- they should all be in the 192.168.120.0/24 network. Check at least 2 of the devices that cannot talk to each other.

Hi psherman,

all wireless, only WAN is wired. All devices are getting ip and have internet connection.
Every device can ping router and router can ping it back. But in the network with any laptop, I cannot find the printer (which has an ip and internet connection), connect my laptop over remote desktop, or ping any other device.

may we see this too?

uci export dhcp

Is this the only router, or do you have any other routers/APs in your network?

Here it's.
I'm using stubby as DNS resolver.

config dnsmasq
        option domainneeded '1'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option localservice '1'
        option ednspacket_max '1232'
        list server '127.0.0.1#5453'
        list server '::1#5453'
        option noresolv '1'
        option dnssec '1'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option dhcpv6 'relay'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'



config dhcp 'wan6'
        option interface 'wan6'

No other routers, just 192.168.120.1

Maybe my wrt3200acm is just dying

Thank for info.. This is ironic..Stubby..
Please..
ubus call system board

I just recently, Sunday Night, uninstalled Stubby and remove all instances of IPV6.. I didn't have this problem you have.. I'm chasing something else down.

Maybe try resetting your router to defaults and then configuring the bare minimum.

I tried this install with clean config just to find out if it was my config files, but it seems not.

{
        "kernel": "5.10.120",
        "hostname": "BirHome",
        "system": "ARMv7 Processor rev 1 (v7l)",
        "model": "Linksys WRT3200ACM",
        "board_name": "linksys,wrt3200acm",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "22.03.0-rc4",
                "revision": "r19426-2b1941e47d",
                "target": "mvebu/cortexa9",
                "description": "OpenWrt 22.03.0-rc4 r19426-2b1941e47d"
        }
}

Sorry for the delay,

Is there any chance you can move into/back to stable?

See if there are any hints here:

ip route show default

/$ ip route show default
default dev wg0 scope link 
default via aaa.bbb.ccc.ddd dev eth1  src aaa.bbb.ccc.ddd  metric 10 
10.0.0.0/8 dev wg0 scope link  src 10.14.0.2 
## truncated ##
192.168.33.0/24 dev br-lan scope link  src 192.168.33.1 

What happens if you remark this out in firewall?

^^^ this.

Fundamentally, there is nothing on the router/AP that will prevent L2 connections between client computers except for wifi client isolation. That feature is not enabled in your config file, so unless something is wrong under the hood, nothing else should be able to do this.

That said, there is one other possible situation -- if your computer(s) are using Windows, it is possible that the Windows Firewall has engaged such that it is blocking all connections on the LAN because it doesn't recognize the network (it treats the network like a public/untrusted wifi network).

@psherman can see I'm phishing and I appreciate his redirect. The network rules here seem to be ignored, especially so if your router's diag fails ping.

2022-07-13_010603900×680 134 KB

If you can ping here successfully; there's more juice to squeeze out of this bug..

I'm having a similar problem. From the OpenWRT device, I cannot ping my laptop.
But it can ping the gateway and my laptop can ping the OpenWRT device. Also local HTTP traffic to/from my laptop works. I get this same result whether OpenWRT is using DHCP or static IP. I also get the same result whether wired or wireless connection to my router/gateway.

When you joined the wi-fi network did you choose public or private?

I missed the OP was in '22.

My laptop is connected via ethernet.
The OpenWRT device didn't give choice.

From command prompt run ipconfig and copy and paste the results. You can delete unnecessary things that get caught up in it.

root@Omega-3449:/etc/config# ubus call system board
{
        "kernel": "4.14.81",
        "hostname": "Omega-3449",
        "system": "MediaTek MT7688 ver:1 eco:2",
        "model": "Onion Omega2+",
        "board_name": "omega2p",
        "release": {
                "distribution": "OpenWrt",
                "version": "18.06-SNAPSHOT",
                "revision": "r0+7498-730f2344ba",
                "target": "ramips\/mt76x8",
                "description": "OpenWrt 18.06-SNAPSHOT r0+7498-730f2344ba"
        }
}

root@Omega-3449:/etc/config# cat network

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd1d:48c4:7633::/48'

config interface 'wlan'
        option type 'bridge'
        option proto 'static'
        option ipaddr '192.168.3.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config interface 'wwan'
        option ifname 'apcli0'
        option hostname 'Omega-3449'
        option gateway '*.*.*.*'
        option proto 'static'
        option netmask '255.255.255.0'
        option ipaddr '*.*.*.*'
        option dns '8.8.8.8'

config interface 'wan'
        option ifname 'eth0'
        option proto 'dhcp'
        option gateway '*.*.*.*'
        option dns '8.8.8.8'


root@Omega-3449:/etc/config# cat wireless

config wifi-device 'radio0'
        option type 'ralink'
        option variant 'mt7628'
        option country 'US'
        option hwmode '11g'
        option htmode 'HT40'
        option channel 'auto'
        option disabled '0'
        option device_mode 'apsta'
        option op_mode 'preference'

config wifi-iface 'ap'
        option device 'radio0'
        option mode 'ap'
        option network 'wlan'
        option ifname 'ra0'
        option encryption 'psk2'
        option disabled '0'
        option key '*****'
        option ssid '*****'

config wifi-iface 'sta'
        option device 'radio0'
        option mode 'sta'
        option ifname 'apcli0'
        option network 'wwan'
        option led 'omega2p:blue:wifi'
        option disabled '0'
        option encryption 'psk2'
        option key '*****'
        option ssid '*****'

config wifi-config
        option key '*****'
        option ssid '*****'
        option encryption 'psk2'

root@Omega-3449:/etc/config# cat dhcp

config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.auto'
        option localservice '1'

config dhcp 'wlan'
        option interface 'wlan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv6 'server'
        option ra 'server'

config dhcp 'wwan'
        option interface 'wwan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'

root@Omega-3449:/etc/config# cat firewall

config defaults
        option syn_flood '1'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        option disable_ipv6 '1'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        option network 'wlan'

config zone
        option name 'wan'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        option masq '1'
        option mtu_fix '1'
        option network 'wwan'
        option input 'ACCEPT'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option src_ip 'fc00::/6'
        option dest_ip 'fc00::/6'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config include
        option path '/etc/firewall.user'

ipconfig output

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : *::*:*:*:*%4
   IPv4 Address. . . . . . . . . . . : *.*.*.*
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : *.*.*.*