Can't access specific site 25.05.3

I am unable to access when connected to my home network from any device(windows, mac, ios), wifi or wired. Can access it from ios on mobile network but not from same device when on wifi.

I am on 25.05.3, haven't messed with much past initial setup. I did set up sqm, and a single firewall rule to disallow uploads from one device. I tried disabling sqm and the only firewall rule I set up but got no change.

I had my dns set to cloudflare but tried google then default and still no change. Tried changing MTU on wan to 1452 and then 1492, no change, set back to default now. I have spectrum on a docsis 3.1 modem, which I believe is in bridge mode. I never got a router from them since I have always used my own but idk how to be 100% sure of that.

nslookup shows this on both openwrt and macbook terminal

Non-authoritative answer:

Traceroute from openwrt to stops at 11/20 hops

Any advice/diagnosis steps would be appreciated!

Add MSS fixup akin later than 23.05.3 version of firewall:
Massive PPPoE performance drop in 23.x with Archer C7 v2 - #5 by brada4 (just MSS part, the patch is for other purposes)
Without that you need to change MTU on wireless clients (likely you dont even have option to do so)

I don't seem to have mssfix.nft in etc/nftables.d/
Am I missing it or am i supposed to be creating it now?

I haven't done much ssh, but I am assuming I ssh into the router, cd to /etc/nftables.d/ then vim mssfix.nft and paste the text from the comment you linked to?

I do have 10-custom-filter-chains.nft in etc/nftables.d/ and also a readme file but thats it. Thanks!

Yes, just create new file with that content, then run fw4 check before restarting firewall service. Obviously remove file if it went wrong and try again.
Or you save file in notepad++ and upload.

Okay great, just got it and its working, thank you so much! And thank you for the quick responses! Does this essentially set MTU size for wireless clients or do something else?

I also saw this when looking for a fix in another thread talking about mtu and mss and not mixing them, just wondering if that was related or completely separate. Some websites are inaccessible - #30 by moeller0

It sets mtu for syn and synack packets exiting to wan. Old version mistakenly set incoming interface mtu to intetnet facing packets essentally being no-op. Next version will likely include fix, in nft list ruleset you will see duplicate rule in mangle_postrouting chain and then it will be safe to delete mssfix.nft

1 Like

Which means your MTU should be 1500 and the MSS should be 1460, unless your ISP somehow uses ds-lite (I believe they do not, but am not 100% sure).

Please run the following commands (ideally with MTU set to 1500) and copy and paste the output to this thread:

opkg update ; opkg install tracepath
tracepath -4 -b
tracepath -6 -b 2607:f428:ffff:ffff::1

That should give us the information about the applicable MTU.

Just in case:

Just make sure you "sandwich" your text between two rows of backtick characters ` (which themselves will be invisible in the preview) looking in something like this in the editor:
Your Pasted Text as preformatted text with fixed width font
1111 (note with fixed-width fonts the numbers are right-aligned)
but looking like this in the rendered forum:

Your Pasted Text as preformatted text with fixed width font
1111 (note with fixed-width fonts the numbers are right-aligned)
 1?: [LOCALHOST]                      pmtu 1500
 1: (  16.625ms 
 1: (  14.820ms 
 2: (  10.168ms 
 3: (  10.139ms 
 4: (  13.344ms asymm  5 
 5: (  13.848ms asymm  4 
 6: (  17.448ms 
 7: (  31.718ms asymm  6 
 8: (  30.335ms asymm  7 
 9: (  26.593ms asymm  8 
10: (  33.099ms asymm  9 
11: (  33.382ms asymm 10 
12-18: all showed no reply (edited to reduce size)
19: (  32.977ms !H
     Resume: pmtu 1500 

root@OpenWrt:~# tracepath -6 -b 2607:f428:ffff:ffff::1
 1?: [LOCALHOST]                        0.071ms pmtu 1500
 1: (2603:9004:ff00:7::1)   8.713ms 
 2:  no reply
 3: (2607:f098:30fe:0:300:100:0:9)   8.806ms 
 4: (2607:f098:30fe:0:300:100:0:3d)  10.659ms asymm  3 
 5: (2607:f098:30fe:0:300:100:0:133)  12.530ms asymm  4 
 6: (2607:f098:30fe:8000::2)  14.574ms asymm  5 
 7:  no reply
 8: (2001:1998:0:8::3b6)  25.893ms asymm  6 
 9:  no reply
10:  no reply
11: (2001:1998:0:4::2b)  34.918ms asymm  9 
12: (2001:506:100:1f::2)  34.514ms asymm 10 
13: (2001:506:100:b::5)  40.911ms asymm 11 
14: (2001:506:100:1012::9)  46.374ms asymm 12 
(15-30: all showed no reply,edited to reduce size)
     Too many hops: pmtu 1500
     Resume: pmtu 1500 

What are you looking for in the traceroutes? If its simple enough to explain since I have almost no knowledge about mtu, other than it maybe has to do with overhead? i've only seen anything on it regarding sqm but ended up leaving pretty much all of that on default.

This will report the path MTU as well as at which hop the limiting happens, in your case as hoped the mtu is the default ethernet 1500 bytes for both ipv4 and ipv6 (which is also normal except if one of the ip versions is tunneled and the tunnel mtu is not larger tham 1500).

That solves the general MTU question, but that brings us back to the issue about not being able to reach specific site...

Now, possible that this site has its own MTU issues, so you could try:

tracepath -b