If I connect my laptop via WiFi to my R7800 router running OpenWRT I can access the GUI on 192.168.1.1 but when I connect my Android phone to the same SSID, which is assigned to the lan firewall zone, it can't access the router.
I've tried using Chrome, Firefox and OpenWRT Manager and they all just time out when I try to access it.
Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have:
ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall
Thanks. It may not be anything to do with the router, as I tried to connect to my ISP-supplied router on 192.168.0.1, which works on my PC and laptop, and my phone can't access that either. I haven't got any VPN's running and Tailscale is installed but disabled, so I don't think that could be blocking access to the LAN.
Here's the config files anyway, just in case they show any cause.
root@OpenWrt:~# ubus call system board
{
"kernel": "5.15.120",
"hostname": "OpenWrt",
"system": "ARMv7 Processor rev 0 (v7l)",
"model": "Netgear Nighthawk X4S R7800",
"board_name": "netgear,r7800",
"rootfs_type": "squashfs",
"release": {
"distribution": "OpenWrt",
"version": "SNAPSHOT",
"revision": "r23580+21-b993a00b82",
"target": "ipq806x/generic",
"description": "OpenWrt SNAPSHOT r23580+21-b993a00b82"
}
}
root@OpenWrt:~# cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd88:ca3e:c279::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth1.1'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
config interface 'wan'
option device 'eth0.2'
option proto 'dhcp'
config interface 'wan6'
option device 'eth0.2'
option proto 'dhcpv6'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '1 2 3 4 6t'
option vid '1'
option description 'LAN'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '0t 5'
option vid '2'
option description 'WAN'
config interface 'Guest'
option proto 'static'
option ipaddr '10.10.10.10'
option netmask '255.255.255.0'
config interface 'IoT'
option proto 'static'
option ipaddr '10.20.10.10'
option netmask '255.255.255.0'
option device 'br-iot'
config interface 'IoT_WAN'
option proto 'static'
option ipaddr '10.30.10.10'
option netmask '255.255.255.0'
config device
option type 'bridge'
option name 'br-iot'
option bridge_empty '1'
root@OpenWrt:~# cat /etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option path 'soc/1b500000.pci/pci0000:00/0000:00:00.0/0000:01:00.0'
option channel '161'
option band '5g'
option htmode 'VHT80'
option cell_density '0'
option txpower '27'
config wifi-iface 'default_radio0'
option device 'radio0'
option network 'lan'
option mode 'ap'
option ssid 'main'
option encryption 'sae-mixed'
option key 'r'
config wifi-device 'radio1'
option type 'mac80211'
option path 'soc/1b700000.pci/pci0001:00/0001:00:00.0/0001:01:00.0'
option channel '11'
option band '2g'
option htmode 'HT20'
option cell_density '0'
option txpower '26'
config wifi-iface 'default_radio1'
option device 'radio1'
option network 'IoT'
option mode 'ap'
option ssid 'm-IoT'
option encryption 'sae-mixed'
option isolate '1'
option key 'r'
config wifi-iface 'wifinet2'
option device 'radio1'
option mode 'ap'
option ssid 'm-Guest'
option encryption 'sae-mixed'
option isolate '1'
option key 'r'
option network 'Guest'
config wifi-iface 'wifinet3'
option device 'radio1'
option mode 'ap'
option ssid 'main-24G'
option encryption 'sae-mixed'
option key 'r'
option network 'lan'
config wifi-iface 'wifinet4'
option device 'radio1'
option mode 'ap'
option ssid 'm-IoT-WAN'
option encryption 'sae-mixed'
option network 'IoT_WAN'
option key 'r'
config wifi-iface 'wifinet5'
option device 'radio0'
option mode 'ap'
option ssid 'm-IoT-5G'
option encryption 'sae-mixed'
option key 'r'
option network 'IoT'
root@OpenWrt:~# cat /etc/config/dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option cachesize '1000'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
option ednspacket_max '1232'
option filter_aaaa '0'
option filter_a '0'
option confdir '/tmp/dnsmasq.d'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
option ra_slaac '1'
list ra_flags 'managed-config'
list ra_flags 'other-config'
config dhcp 'wan'
option interface 'wan'
option start '100'
option limit '150'
option leasetime '12h'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config dhcp 'Guest'
option interface 'Guest'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
config dhcp 'IoT'
option interface 'IoT'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
config dhcp 'IoT_WAN'
option interface 'IoT_WAN'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
root@OpenWrt:~# cat /etc/config/firewall
config defaults
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include 'nss_ecm'
option type 'script'
option path '/etc/firewall.d/qca-nss-ecm'
option family 'any'
option reload '1'
config zone
option name 'Guest'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
list network 'Guest'
config zone
option name 'IoT_WAN'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
list network 'IoT_WAN'
config forwarding
option src 'Guest'
option dest 'wan'
config forwarding
option src 'IoT_WAN'
option dest 'wan'
config forwarding
option src 'lan'
option dest 'IoT_WAN'
config zone
option name 'IoT'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
list network 'IoT'
config rule
option name 'Guest DHCP and DNS'
option src 'Guest'
option dest_port '53 67 68'
option target 'ACCEPT'
config forwarding
option src 'lan'
option dest 'IoT'
config rule
option name 'IoT DHCP and DNS'
option src 'IoT'
option target 'ACCEPT'
option dest_port '53 67 68'
config rule
option name 'IoT-WAN DHCP and DNS'
option src 'IoT_WAN'
option dest_port '53 67 68'
option target 'ACCEPT'
config rule
option name 'allow_forward'
option src 'wan'
list src_ip '192.168.0.0/16'
list src_ip '10.0.0.0/8'
option dest '*'
option target 'ACCEPT'
config rule
option name 'Allow-Admin'
list proto 'tcp'
option src 'wan'
option dest_port '20 80 443'
option target 'ACCEPT'
The last two firewall rules are there to allow me to access the R7800's GUI from my other router and to allow devices connecte to that router to access devices connected to the R7800, but I haven't got either of those things working yet.
I just found that there's a setting on my ISP Linksys router to allow access to the GUI from wireless, and enabling that makes it accessible on my phone, so I guess I need to do something similar on the R7800.
No, you don't. By default OpenWrt doesn't treat LAN- or WLAN- connected devices differently, both have the same kind of access to the router (and luci).
--
Disclaimer: I did no go through the details of your configuration, this is purely a statement about the default state.
There's nothing obviously wrong with your config.
I've tried it on the main and the main-24g SSIDs, which are both in the lan network and firewall zone. I'm using 192.168.1.1 to access the GUI.
Just testing again the address shown using main is 192.168.1.249 (there's an IPv6 address too) and it show the router address as 192.168.1.1 and the subnet mask as 255.255.255.0. Using main-24g the address shown is 192.168.1.157.
Weirdly it all works now on both of those SSIDs and with the browser and OpenWRT manager. The only thing I've changed is enabling wireless access to the GUI on the Linksys router, and I don't see how that could affect the Netgear one, but I tried disabling it again just in case and I can still access the Netgear on my phone, so I have no idea what happened.
Is it at all possible that you have multiple devices on the same IP address? Or multiple devices broadcasting the same SSID but on different networks?
On your phone:
Try going into connections, wifi, click the settings gear and tap "manage router".
No, my other router only has one SSID with a completely different name, and the only other device that was connected to the Netgear was a RPI4 with a static IP of 192.168.1.155.
My phone doesn't have any settings gear or "manage router" option under the WiFi screen. It's a Poco X3 NFC running Android 12 / MIUI 14.0.5.
What’s your physical setup look like? Can you remove your firewall rules one at a time to see if one of them is conflicting? Is it possible that the 2 primary routers are sharing the same subnet? I think you said main was 0.1 and secondary was 1.1, which should be fine
It has to at least have a way to see you DHCP settings.
You are connected to a Wi=Fi. That Wi-Fi has a settings gear.
What Wi-Fi does your hone show it is connected to?
Yes, the ISP router was on 192.168.0.1 and the R7800 was on 192.168.1.1.
It's working now anyway, so I've marked this as solved but I don't know why it wasn't working and why it's fixed now.
No settings gear, just an arrow which shows the details like IP address. I tried both the main and main-24g networks and it didn't work on either, but it is now so I've marked this as solved.
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.