Cannot ping from Wifi to wired clients

Hello

i am quite new to network setups, and brand new to OpenWRT, so please bear over with my ignorance

i am trying out Open WRT for the first time, using a HiLink HLK-7688N router.
i have managed to get the firmware upgraded to 24.10.0 (HLK-7688N package), and followed the quick guide to set up the WiFi.

that works great, and i can ping between 2 clients connected to the WiFi, but i cannot ping from a WiFi client to a wired client, or the other way around.

i can connect and log on to the LuCI web interface from all clients no matter the connection method.

the overall goal is to get it set up with a static IP WAN, and DHCP WiFi, to be able to connect to an excisting network.

that network will not accept any connection unless it comes from a specific IP.

i have done this many times with other routers, but they were a lot simpler to setup (very limited options)

the wired network is not strictly needed, but i figured i would play with that before attempting to get the WAN working.

any assistance with my ping problem or even the setup of the WAN connection would be very much appreciated.

Picture of planned operation.

Odd, WLAN wired LAN reaching each other works by default on OpenWrt - and usually most users desire what you managed to inadvertently accomplish.

What does this [somewhat random] statement mean?

Can we see your /etc/config/wireless and /etc/config/network

Also /etc/config/dhcp

Based on your topology diagram and your description of the problem, I'm guessing your OpenWrt device is actually routing. You probably want to start over (reset to defaults) and then configure the device as a basic bridged AP.

playing around with it till late last night, and finaly manage to get it sorta working.
apparently the laptop i was using for the LAN connection wasnt accepting pings.

when i tried another laptop on the LAN i could ping from the tablet to the laptop, but not the other way.

will try to bring it back to factory settings (just to clean all my changes) and then try again with the new laptop.

if that doesnt work i will try this Bridged AP solution, thanks alot :slight_smile:

What is your intention with the openwrt device? Do you want it to route or to be an ap for your existing network? If the latter, you should go ahead with the bridged ap. Otherwise, the wired and wireless devices will be separated by a firewall and on different networks.

this device will be plugged into an existing network at different locations (so portable).
all the locations are identical, network wise.

the only access is 1 ethernet port that will only accept IP 10.166.1.5

so i need the device to connect to that port, with that IP, and at the same time create another local network on the WIFI using DHCP.

on the other "dumb" devices i have used for it, i could simply select "router" as operating mode, and put in the static IP in WAN, and then it was working.

up to now i havent played with the WAN port, been concentrating on getting the LAN part running.

Ok. Sounds like you want to keep it in routing mode.

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall

how do i download the config ?
i can only find a place to download a "backup configuration"
but what do i need to open that file ?

as for the somewhat random statement.
this device will be connected to a specific port on a Cisco IE3300 that is configured to only accept connection from IP 10.166.1.5

if you connect with any other IP nothing happens

Ssh will allow you to get the files. Or you can download the backup and decompress them with an application that supports tar.gz files.

The link will describe how to use ssh.

heh you are too fast :slight_smile:
i was replying to Ileachii, asking for the information you provided while i was writing it up :slight_smile:

i will connect and pull the data when i get home (at work atm)

i allready have putty installed, so shouldnt be a problem (now that you where kind enough to post the commands)

1 Like

In Windows, you would need software to open TAR archive files. As psherman noted, you can also SSH and view the files.

Well got it working :slight_smile:
the problem was simply the laptop i was using for testing was blocking pings.
thats what you get for using a company laptop.

now it is working as it should, with the static IP on the WAN and everything. (even tested with a main computer and Cisco)

but this also taught me more about OpenWRT, and i can see i need to start learning some more of this network stuff.

one request thou, if anyone involved in the Web interface reads this.
it might be me, but when i was looking in the firewall settings, i could see all 5 LAN ports, but i could not see the WiFi. any chance to make that more visible ? is cpu.eth wifi ?

anyways, as promised here are the logs (not realy needed anymore but good practice to download it)

ubus call system board
{
        "kernel": "6.6.73",
        "hostname": "OpenWrt",
        "system": "MediaTek MT7688 ver:1 eco:2",
        "model": "Hi-Link HLK-7688A",
        "board_name": "hilink,hlk-7688a",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "24.10.0",
                "revision": "r28427-6df0e3d02a",
                "target": "ramips/mt76x8",
                "description": "OpenWrt 24.10.0 r28427-6df0e3d02a",
                "builddate": "1738624177"
        }
}

cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd1e:201d:7dd5::/48'
        option packet_steering '1'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0.1'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config device
        option name 'eth0.2'
        option macaddr '40:d6:3c:dc:d7:c5'

config interface 'wan'
        option device 'eth0.2'
        option proto 'dhcp'

config interface 'wan6'
        option device 'eth0.2'
        option proto 'dhcpv6'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '6t 1 2 3 4'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '6t 0'


cat /etc/config/wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option path 'platform/10300000.wmac'
        option band '2g'
        option channel '1'
        option htmode 'HT20'
        option cell_density '0'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option mode 'ap'
        option ssid 'OpenWrt'
        option encryption 'sae-mixed'
        option key '12345678'
        option ocv '0'
        option network 'lan'


cat /etc/config/dhcp

config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option cachesize '1000'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option nonwildcard '1'
        option localservice '1'
        option ednspacket_max '1232'
        option filter_aaaa '0'
        option filter_a '0'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option dhcpv6 'server'
        option ra 'server'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'


cat /etc/config/firewall

config defaults
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        list network 'lan'

config zone
        option name 'wan'
        list network 'wan'
        list network 'wan6'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'
1 Like

To be clear, those are your configurations.

Glad you got it working.

In your wireless connection file and under Network > Wireless on the web GUI. Wireless SSIDs are generally bridged to a network, so they don't appear in the network config (the bridge would).

Yea, it's somehow believed to help with security. In cases such as yours, it clearly thwarts troubleshooting efforts.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.