Cannot ping devices in the same local network

Hi,
Just configured a new installation of opewrt and seems like my device are completely isolated from each other. I cannot ping them, also my ipv6 doesn't seem to be working. I tried to isolate unsucessufully. Any ideas? Although configs are pretty standard somethings seems off and I couldn't spot it.

network


config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fdd8:7a1f:b741::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option netmask '255.255.255.0'
	option ipaddr '192.168.120.1'

config device
	option name 'wan'
	option macaddr '62:38:e0:b9***'

config interface 'wan'
	option device 'wan'
	option proto 'dhcp'
	option hostname '*'

config interface 'wan6'
	option proto '6to4'

config interface 'wg0'
	option proto 'wireguard'
	option private_key '*****'
	option listen_port '****'
	list addresses '10.14.0.1/24'

config wireguard_wg0
	list allowed_ips '10.14.0.3/32'
	option route_allowed_ips '1'
	option persistent_keepalive '25'

config interface 'vpns'
	option proto 'none'
	option device 'vpns0'


firewall


config defaults
	option input 'ACCEPT'
	option output 'ACCEPT'
	option synflood_protect '1'
	option forward 'REJECT'

config zone 'lan'
	option name 'lan'
	list device 'vpns+'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	list network 'lan'
	list network 'vpns'
	list network 'wg'
	list network 'wg0'

config zone 'wan'
	option name 'wan'
	option input 'REJECT'
	option output 'ACCEPT'
	option masq '1'
	option mtu_fix '1'
	list network 'wan'
	list network 'wan6'
	option forward 'REJECT'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config rule
	option name 'Allow SSL OpenConnect'
	option dest_port '****'
	option target 'ACCEPT'
	option src 'wan'

config rule
	option name 'Allow Wireguard'
	list proto 'udp'
	option src 'wan'
	option dest_port '****'
	option target 'ACCEPT'

config rule
	option name 'Block DNS'
	option src '*'
	option dest_port '53'
	option target 'DROP'
	option dest '*'
	option enabled '0'

config redirect
	option target 'DNAT'
	option name 'Xbox'
	option src 'wan'
	option dest 'lan'
	option src_dport '49621'

config rule 'oc'
	option name 'Allow-OpenConnect'
	option src 'wan'
	option dest_port '***'
	option proto 'tcp udp'
	option target 'ACCEPT'


wireless


config wifi-device 'radio0'
	option type 'mac80211'
	option path 'soc/soc:pcie/pci0000:00/0000:00:01.0/0000:01:00.0'
	option channel '36'
	option band '5g'
	option country '**'
	option htmode 'VHT160'
	option cell_density '0'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option network 'lan'
	option mode 'ap'
	option macaddr '60:38:e0*****'
	option ssid '******'
	option encryption 'psk2+ccmp'
	option key '******'

config wifi-device 'radio1'
	option type 'mac80211'
	option path 'soc/soc:pcie/pci0000:00/0000:00:02.0/0000:02:00.0'
	option band '2g'
	option htmode 'HT20'
	option country 'CA'
	option channel '8'
	option cell_density '0'

config wifi-iface 'default_radio1'
	option device 'radio1'
	option network 'lan'
	option mode 'ap'
	option macaddr '60:38:e0:***'
	option ssid *****'
	option encryption 'psk2+ccmp'
	option key '*****'

config wifi-device 'radio2'
	option type 'mac80211'
	option path 'platform/soc/soc:internal-regs/f10d8000.sdhci/mmc_host/mmc0/mmc0:0001/mmc0:0001:1'
	option channel '34'
	option band '5g'
	option htmode 'VHT80'
	option disabled '1'

config wifi-iface 'default_radio2'
	option device 'radio2'
	option network 'lan'
	option mode 'ap'
	option ssid 'OpenWrt'
	option encryption 'none'


Is this wired, wireless, or both? Have all of your devices gotten an address in the correct network (relevant if you changed your router's LAN address) -- they should all be in the 192.168.120.0/24 network. Check at least 2 of the devices that cannot talk to each other.

Hi psherman,

all wireless, only WAN is wired. All devices are getting ip and have internet connection.
Every device can ping router and router can ping it back. But in the network with any laptop, I cannot find the printer (which has an ip and internet connection), connect my laptop over remote desktop, or ping any other device.

may we see this too?

uci export dhcp

Is this the only router, or do you have any other routers/APs in your network?

Here it's.
I'm using stubby as DNS resolver.

config dnsmasq
        option domainneeded '1'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option localservice '1'
        option ednspacket_max '1232'
        list server '127.0.0.1#5453'
        list server '::1#5453'
        option noresolv '1'
        option dnssec '1'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option dhcpv6 'relay'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'



config dhcp 'wan6'
        option interface 'wan6'



No other routers, just 192.168.120.1

Maybe my wrt3200acm is just dying :frowning:

Thank for info.. This is ironic..Stubby..
Please..
ubus call system board

I just recently, Sunday Night, uninstalled Stubby and remove all instances of IPV6.. I didn't have this problem you have.. I'm chasing something else down.

Maybe try resetting your router to defaults and then configuring the bare minimum.

I tried this install with clean config just to find out if it was my config files, but it seems not.

{
        "kernel": "5.10.120",
        "hostname": "BirHome",
        "system": "ARMv7 Processor rev 1 (v7l)",
        "model": "Linksys WRT3200ACM",
        "board_name": "linksys,wrt3200acm",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "22.03.0-rc4",
                "revision": "r19426-2b1941e47d",
                "target": "mvebu/cortexa9",
                "description": "OpenWrt 22.03.0-rc4 r19426-2b1941e47d"
        }
}

Sorry for the delay,

Is there any chance you can move into/back to stable?

See if there are any hints here:

ip route show default
/$ ip route show default
default dev wg0 scope link 
default via aaa.bbb.ccc.ddd dev eth1  src aaa.bbb.ccc.ddd  metric 10 
10.0.0.0/8 dev wg0 scope link  src 10.14.0.2 
## truncated ##
192.168.33.0/24 dev br-lan scope link  src 192.168.33.1 

What happens if you remark this out in firewall?

^^^ this.

Fundamentally, there is nothing on the router/AP that will prevent L2 connections between client computers except for wifi client isolation. That feature is not enabled in your config file, so unless something is wrong under the hood, nothing else should be able to do this.

That said, there is one other possible situation -- if your computer(s) are using Windows, it is possible that the Windows Firewall has engaged such that it is blocking all connections on the LAN because it doesn't recognize the network (it treats the network like a public/untrusted wifi network).

1 Like

@psherman can see I'm phishing and I appreciate his redirect. The network rules here seem to be ignored, especially so if your router's diag fails ping.

If you can ping here successfully; there's more juice to squeeze out of this bug..