Can't ping a single host in a local network

rdmitry · August 2, 2020, 11:41am

Hi guys, I'm sorry asking such a stupid question, but I can't find an answer. I have OpenWrt Barrier Breaker 14.07 / LuCI Trunk (0.12+svn-r10530) on a TP-Link TL-WR1043N/ND v2 router and some hosts in my local network 172.16.66.0/24. One of the hosts (namely with ip address 172.16.66.64) I can not ping from a router, while other hosts in the same local network can ping it normally. This host, as many others acquires its IP via dhcp. I can ping all other hosts in my local network, only this one has some magic. At the same time I can arping this host from the router. With tcpdump I can see that its ping replies come to the router, but then router forwards them to a wrong interface for unknown reason.

it looks like this:

root@roof-router:~# arping -I br-lan 172.16.66.64
ARPING to 172.16.66.64 from 172.16.66.1 via br-lan
Unicast reply from 172.16.66.64 [0:25:90:2a:5d:c8] 0.341ms
Unicast reply from 172.16.66.64 [0:25:90:2a:5d:c8] 0.241ms
Unicast reply from 172.16.66.64 [0:25:90:2a:5d:c8] 0.250ms
Unicast reply from 172.16.66.64 [0:25:90:2a:5d:c8] 0.248ms
Unicast reply from 172.16.66.64 [0:25:90:2a:5d:c8] 0.254ms
Unicast reply from 172.16.66.64 [0:25:90:2a:5d:c8] 0.247ms
^CSent 6 probe(s) (1 broadcast(s))
Received 6 reply (0 request(s), 0 broadcast(s))

root@roof-router:~# ping 172.16.66.64
PING 172.16.66.64 (172.16.66.64): 56 data bytes
^C
--- 172.16.66.64 ping statistics ---
122 packets transmitted, 0 packets received, 100% packet loss

From the other terminal at the same time:

root@roof-router:~# tcpdump -i br-lan -vv host 172.16.66.64 -n
tcpdump: listening on br-lan, link-type EN10MB (Ethernet), capture size 65535 bytes
14:17:25.914918 IP (tos 0x0, ttl 64, id 17290, offset 0, flags [DF], proto ICMP (1), length 84)
    172.16.66.1 > 172.16.66.64: ICMP echo request, id 21518, seq 14, length 64
14:17:25.915187 IP (tos 0x0, ttl 64, id 64947, offset 0, flags [none], proto ICMP (1), length 84)
    172.16.66.64 > 172.16.66.1: ICMP echo reply, id 21518, seq 14, length 64
14:17:26.915121 IP (tos 0x0, ttl 64, id 17291, offset 0, flags [DF], proto ICMP (1), length 84)
    172.16.66.1 > 172.16.66.64: ICMP echo request, id 21518, seq 15, length 64
14:17:26.915387 IP (tos 0x0, ttl 64, id 64948, offset 0, flags [none], proto ICMP (1), length 84)
    172.16.66.64 > 172.16.66.1: ICMP echo reply, id 21518, seq 15, length 64
14:17:27.915347 IP (tos 0x0, ttl 64, id 17292, offset 0, flags [DF], proto ICMP (1), length 84)
    172.16.66.1 > 172.16.66.64: ICMP echo request, id 21518, seq 16, length 64
14:17:27.915616 IP (tos 0x0, ttl 64, id 64949, offset 0, flags [none], proto ICMP (1), length 84)
    172.16.66.64 > 172.16.66.1: ICMP echo reply, id 21518, seq 16, length 64
14:17:28.915636 IP (tos 0x0, ttl 64, id 17293, offset 0, flags [DF], proto ICMP (1), length 84)
    172.16.66.1 > 172.16.66.64: ICMP echo request, id 21518, seq 17, length 64
14:17:28.915919 IP (tos 0x0, ttl 64, id 64950, offset 0, flags [none], proto ICMP (1), length 84)
    172.16.66.64 > 172.16.66.1: ICMP echo reply, id 21518, seq 17, length 64
14:17:29.915833 IP (tos 0x0, ttl 64, id 17294, offset 0, flags [DF], proto ICMP (1), length 84)
    172.16.66.1 > 172.16.66.64: ICMP echo request, id 21518, seq 18, length 64
14:17:29.916090 IP (tos 0x0, ttl 64, id 64951, offset 0, flags [none], proto ICMP (1), length 84)
    172.16.66.64 > 172.16.66.1: ICMP echo reply, id 21518, seq 18, length 64
^C
10 packets captured
10 packets received by filter
0 packets dropped by kernel

root@roof-router:~# tcpdump -i eth0 -vv host 172.16.66.64 -n
tcpdump: WARNING: eth0: no IPv4 address assigned
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
14:17:42.918281 IP (tos 0x0, ttl 64, id 17307, offset 0, flags [DF], proto ICMP (1), length 84)
    172.16.66.1 > 172.16.66.64: ICMP echo request, id 21518, seq 31, length 64
14:17:42.918535 IP (tos 0x0, ttl 64, id 64964, offset 0, flags [none], proto ICMP (1), length 84)
    172.16.66.64 > 172.16.66.1: ICMP echo reply, id 21518, seq 31, length 64
14:17:43.918477 IP (tos 0x0, ttl 64, id 17308, offset 0, flags [DF], proto ICMP (1), length 84)
    172.16.66.1 > 172.16.66.64: ICMP echo request, id 21518, seq 32, length 64
14:17:43.918727 IP (tos 0x0, ttl 64, id 64965, offset 0, flags [none], proto ICMP (1), length 84)
    172.16.66.64 > 172.16.66.1: ICMP echo reply, id 21518, seq 32, length 64
14:17:44.918671 IP (tos 0x0, ttl 64, id 17309, offset 0, flags [DF], proto ICMP (1), length 84)
    172.16.66.1 > 172.16.66.64: ICMP echo request, id 21518, seq 33, length 64
14:17:44.918910 IP (tos 0x0, ttl 64, id 64966, offset 0, flags [none], proto ICMP (1), length 84)
    172.16.66.64 > 172.16.66.1: ICMP echo reply, id 21518, seq 33, length 64
^C
6 packets captured
8 packets received by filter
0 packets dropped by kernel

Some configuration data:

root@roof-router:~# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet 10.0.168.1/32 brd 255.255.255.255 scope global lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master br-lan state UP group default qlen 1000
    link/ether e8:94:f6:29:07:a5 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether e8:94:f6:29:07:a4 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::ea94:f6ff:fe29:7a4/64 scope link 
       valid_lft forever preferred_lft forever
4: wlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether e8:94:f6:29:07:a4 brd ff:ff:ff:ff:ff:ff
82: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether e8:94:f6:29:07:a5 brd ff:ff:ff:ff:ff:ff
    inet 172.16.66.1/24 brd 172.16.66.255 scope global br-lan
       valid_lft forever preferred_lft forever
    inet 172.16.11.1/30 brd 172.16.11.3 scope global br-lan
       valid_lft forever preferred_lft forever
    inet6 fe80::ea94:f6ff:fe29:7a5/64 scope link 
       valid_lft forever preferred_lft forever
83: eth1.2@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether e8:94:f6:29:07:a4 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.90/24 brd 192.168.1.255 scope global eth1.2
       valid_lft forever preferred_lft forever
    inet6 fe80::ea94:f6ff:fe29:7a4/64 scope link 
       valid_lft forever preferred_lft forever
84: eth1.3@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether e8:94:f6:29:07:a4 brd ff:ff:ff:ff:ff:ff
    inet 192.168.31.15/24 brd 192.168.31.255 scope global eth1.3
       valid_lft forever preferred_lft forever
    inet6 fe80::ea94:f6ff:fe29:7a4/64 scope link 
       valid_lft forever preferred_lft forever
85: eth1.4@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether e8:94:f6:29:07:a4 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::ea94:f6ff:fe29:7a4/64 scope link 
       valid_lft forever preferred_lft forever
88: tap0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 100
    link/ether 4e:d4:c4:09:24:b4 brd ff:ff:ff:ff:ff:ff
    inet 10.57.0.2/24 brd 10.57.0.255 scope global tap0
       valid_lft forever preferred_lft forever
    inet6 fe80::4cd4:c4ff:fe09:24b4/64 scope link 
       valid_lft forever preferred_lft forever
91: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 100
    link/none 
    inet 10.55.0.6/24 brd 10.55.0.255 scope global tun0
       valid_lft forever preferred_lft forever

routing table:

root@roof-router:~# ip route show table all
default via 192.168.31.1 dev eth1.3  proto static  metric 65 
10.30.0.0/24 via 10.55.0.1 dev tun0 
10.45.0.0/24 via 10.55.0.1 dev tun0 
10.55.0.0/24 dev tun0  proto kernel  scope link  src 10.55.0.6 
10.57.0.0/24 dev tap0  proto kernel  scope link  src 10.57.0.2 
172.16.11.0/30 dev br-lan  proto kernel  scope link  src 172.16.11.1 
172.16.44.0/24 via 10.55.0.1 dev tun0 
172.16.55.0/24 via 10.55.0.1 dev tun0 
172.16.56.0/24 via 10.55.0.1 dev tun0 
172.16.66.0/24 dev br-lan  proto kernel  scope link  src 172.16.66.1 
192.168.1.0/24 dev eth1.2  proto static  scope link  metric 80 
192.168.11.0/24 via 10.55.0.1 dev tun0 
192.168.31.0/24 dev eth1.3  proto static  scope link  metric 65 
192.168.51.0/24 via 10.55.0.1 dev tun0 
local 10.0.168.1 dev lo  table local  proto kernel  scope host  src 10.0.168.1 
broadcast 10.55.0.0 dev tun0  table local  proto kernel  scope link  src 10.55.0.6 
local 10.55.0.6 dev tun0  table local  proto kernel  scope host  src 10.55.0.6 
broadcast 10.55.0.255 dev tun0  table local  proto kernel  scope link  src 10.55.0.6 
broadcast 10.57.0.0 dev tap0  table local  proto kernel  scope link  src 10.57.0.2 
local 10.57.0.2 dev tap0  table local  proto kernel  scope host  src 10.57.0.2 
broadcast 10.57.0.255 dev tap0  table local  proto kernel  scope link  src 10.57.0.2 
broadcast 127.0.0.0 dev lo  table local  proto kernel  scope link  src 127.0.0.1 
local 127.0.0.0/8 dev lo  table local  proto kernel  scope host  src 127.0.0.1 
local 127.0.0.1 dev lo  table local  proto kernel  scope host  src 127.0.0.1 
broadcast 127.255.255.255 dev lo  table local  proto kernel  scope link  src 127.0.0.1 
broadcast 172.16.11.0 dev br-lan  table local  proto kernel  scope link  src 172.16.11.1 
local 172.16.11.1 dev br-lan  table local  proto kernel  scope host  src 172.16.11.1 
broadcast 172.16.11.3 dev br-lan  table local  proto kernel  scope link  src 172.16.11.1 
broadcast 172.16.66.0 dev br-lan  table local  proto kernel  scope link  src 172.16.66.1 
local 172.16.66.1 dev br-lan  table local  proto kernel  scope host  src 172.16.66.1 
broadcast 172.16.66.255 dev br-lan  table local  proto kernel  scope link  src 172.16.66.1 
broadcast 192.168.1.0 dev eth1.2  table local  proto kernel  scope link  src 192.168.1.90 
local 192.168.1.90 dev eth1.2  table local  proto kernel  scope host  src 192.168.1.90 
broadcast 192.168.1.255 dev eth1.2  table local  proto kernel  scope link  src 192.168.1.90 
broadcast 192.168.31.0 dev eth1.3  table local  proto kernel  scope link  src 192.168.31.15 
local 192.168.31.15 dev eth1.3  table local  proto kernel  scope host  src 192.168.31.15 
broadcast 192.168.31.255 dev eth1.3  table local  proto kernel  scope link  src 192.168.31.15 
unreachable fd44:c7e9:d8f5::/48 dev lo  proto static  metric 2147483647  error -128
fe80::/64 dev eth1  proto kernel  metric 256 
fe80::/64 dev eth1.2  proto kernel  metric 256 
fe80::/64 dev eth1.3  proto kernel  metric 256 
fe80::/64 dev eth1.4  proto kernel  metric 256 
fe80::/64 dev br-lan  proto kernel  metric 256 
fe80::/64 dev tap0  proto kernel  metric 256 
unreachable default dev lo  table unspec  proto kernel  metric 4294967295  error -128
local ::1 dev lo  table local  proto none  metric 0 
local fe80:: dev lo  table local  proto none  metric 0 
local fe80:: dev lo  table local  proto none  metric 0 
local fe80:: dev lo  table local  proto none  metric 0 
local fe80:: dev lo  table local  proto none  metric 0 
local fe80:: dev lo  table local  proto none  metric 0 
local fe80:: dev lo  table local  proto none  metric 0 
local fe80::4cd4:c4ff:fe09:24b4 dev lo  table local  proto none  metric 0 
local fe80::ea94:f6ff:fe29:7a4 dev lo  table local  proto none  metric 0 
local fe80::ea94:f6ff:fe29:7a4 dev lo  table local  proto none  metric 0 
local fe80::ea94:f6ff:fe29:7a4 dev lo  table local  proto none  metric 0 
local fe80::ea94:f6ff:fe29:7a4 dev lo  table local  proto none  metric 0 
local fe80::ea94:f6ff:fe29:7a5 dev lo  table local  proto none  metric 0 
ff00::/8 dev eth1  table local  metric 256 
ff00::/8 dev eth1.2  table local  metric 256 
ff00::/8 dev eth1.3  table local  metric 256 
ff00::/8 dev eth1.4  table local  metric 256 
ff00::/8 dev br-lan  table local  metric 256 
ff00::/8 dev tap0  table local  metric 256 
unreachable default dev lo  table unspec  proto kernel  metric 4294967295  error -128

iptables:

root@roof-router:~# cat /etc/config/firewall 

config rule
	option target 'ACCEPT'
	option src 'wan'
	option proto 'tcp'
	option _name 'http outside'
	option dest_port '80'

config rule
	option target 'ACCEPT'
	option _name 'ssh outside'
	option src 'wan'
	option proto 'tcp'
	option dest_port '22'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option src_ip 'fe80::/10'
	option src_port '547'
	option dest_ip 'fe80::/10'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option target 'ACCEPT'
	option src 'wan'
	option name 'Allow-Ping-Reply'
	option family 'ipv4'
	option proto 'icmp'
	option dest '*'

config rule
	option proto 'udp'
	option dest_port '32100'
	option name 'iLnkP2P'
	option src 'lan'
	option dest 'wan'
	option target 'DROP'

config rule
	option target 'ACCEPT'
	option src 'wan'
	option proto 'tcp udp'
	option dest_port '6689'
	option name 'noxbit'

config rule
	option target 'ACCEPT'
	option src 'wan'
	option proto 'tcp udp'
	option dest_port '6881-6900'
	option name 'noxbit_peers'

config rule
	option target 'ACCEPT'
	option src 'wan'
	option proto 'tcp udp'
	option dest_port '8621'
	option name 'acestream'

config rule
	option target 'ACCEPT'
	option src 'lan'
	option dest 'wan'
	option name 'meizu-app-store'
	option src_mac 'A4:44:D1:E8:65:89'
	option dest_ip '172.217.169.174/32'
	option enabled '0'

config rule
	option target 'ACCEPT'
	option src 'lan'
	option dest 'wan'
	option name 'meizu-account'
	option src_mac 'A4:44:D1:E8:65:89'
	option dest_ip '14.152.75.183/16'
	option enabled '0'

config rule
	option src 'lan'
	option dest 'wan'
	option name 'Meizu'
	option src_mac 'A4:44:D1:E8:65:89'
	option target 'REJECT'
	option enabled '0'

config defaults
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option syn_flood '1'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	option network 'SKY XIROST GTWR lan openwrt freeswitch'

config zone
	option name 'wan'
	option output 'ACCEPT'
	option masq '1'
	option mtu_fix '1'
	option network 'NNZZ wan wan1 wan2 wan3'
	option input 'REJECT'
	option forward 'REJECT'

config include
	option path '/etc/firewall.user'

config forwarding
	option dest 'wan'
	option src 'lan'

config redirect
	option target 'DNAT'
	option src 'wan'
	option dest 'lan'
	option proto 'tcp udp'
	option dest_ip '172.16.66.192'
	option name 'iPerf 5002'
	option dest_port '5002'
	option src_dport '5002'

config include 'miniupnpd'
	option type 'script'
	option path '/usr/share/miniupnpd/firewall.include'
	option family 'any'
	option reload '1'

config redirect
	option target 'DNAT'
	option src 'wan'
	option dest 'lan'
	option proto 'tcp udp'
	option src_dport '6689'
	option dest_ip '172.16.66.228'
	option dest_port '6689'
	option name 'noxbit'

config redirect
	option target 'DNAT'
	option src 'wan'
	option dest 'lan'
	option proto 'tcp udp'
	option src_dport '6881-6900'
	option dest_ip '172.16.66.228'
	option dest_port '6881-6900'
	option name 'noxbit_peers'

config redirect
	option target 'DNAT'
	option src 'wan'
	option dest 'lan'
	option proto 'tcp udp'
	option src_dport '8621'
	option dest_ip '172.16.66.228'
	option dest_port '8621'
	option name 'acestream'

config redirect
	option target 'DNAT'
	option src 'wan'
	option dest 'lan'
	option proto 'tcp'
	option src_dport '1222'
	option dest_ip '172.16.66.9'
	option dest_port '22'
	option name 'freenas_ssh'

config redirect
	option target 'DNAT'
	option src 'wan'
	option dest 'lan'
	option proto 'tcp'
	option src_dport '1443'
	option dest_ip '172.16.66.9'
	option dest_port '443'
	option name 'freenas_api'

The obvious question is how to make this host pingable from router?

Thank you, Dmitry

StifflersMagic · August 2, 2020, 12:07pm

Is the target a windows computer?

mk24 · August 2, 2020, 2:26pm

14.07 is obsolete. The 1043ND v2 has enough memory to run the latest version 19.07.3 so you should upgrade.

rdmitry · August 2, 2020, 2:37pm

Is the target a windows computer?

No, it is ipmi firmware in supermicro m/b, so I'd suppose it is linux based.

rdmitry · August 2, 2020, 2:41pm

14.07 is obsolete. The 1043ND v2 has enough memory to run the latest version 19.07.3 so you should upgrade.

In all other cases 14.07 works perfectly. And moreover, without understanding why this happen, with the great probability I'll have the same problem after upgrade.

trendy · August 2, 2020, 7:35pm

You'd need to find someone running the same version to help you troubleshoot.

I don't see any evidence of the reply being forwarded to another interface. There are only echo request and replies.

mk24 · August 2, 2020, 9:08pm

No one is going to look into a bug unless it can be demonstrated in the current version. It appears that the device is answering pings, but maybe there is something about the packets that the ping program won't count them as successful.

I would suggest to boot up 19.07.3 x86 Openwrt on a VM and see if that pings properly.

rdmitry · August 3, 2020, 4:28am

Thank you for the tip. I'll try this way.

BTW, the problem disappeared after rebooting the host and clearing arp cache on the router. Thou it is still unclear what was the reason.

rdmitry · August 3, 2020, 4:40am

By mistake I put a wrong tcpdump results in the first message. The one that shows only replies was captured on another interface. It looks like this:


root@roof-router:~# tcpdump -i eth1 host 172.16.66.64 -n
tcpdump: WARNING: eth1: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes
13:20:05.412876 IP 172.16.66.64 > 172.16.66.1: ICMP echo reply, id 18329, seq 0, length 64
13:20:06.413052 IP 172.16.66.64 > 172.16.66.1: ICMP echo reply, id 18329, seq 1, length 64
13:20:07.413345 IP 172.16.66.64 > 172.16.66.1: ICMP echo reply, id 18329, seq 2, length 64
13:20:08.413424 IP 172.16.66.64 > 172.16.66.1: ICMP echo reply, id 18329, seq 3, length 64
13:20:09.413610 IP 172.16.66.64 > 172.16.66.1: ICMP echo reply, id 18329, seq 4, length 64
13:20:10.413788 IP 172.16.66.64 > 172.16.66.1: ICMP echo reply, id 18329, seq 5, length 64
13:20:11.413941 IP 172.16.66.64 > 172.16.66.1: ICMP echo reply, id 18329, seq 6, length 64
13:20:12.414133 IP 172.16.66.64 > 172.16.66.1: ICMP echo reply, id 18329, seq 7, length 64
13:20:13.414307 IP 172.16.66.64 > 172.16.66.1: ICMP echo reply, id 18329, seq 8, length 64
^C
9 packets captured
10 packets received by filter
0 packets dropped by kernel
16 packets dropped by interface

So, on br-lan I saw both echo requests and replies and on eth1 only replies.

mk24 · August 3, 2020, 2:01pm

The pings arrive by hardware on eth1 but should be bridged through the software bridge over to the virtual port br-lan, which is where the kernel holds the router's IP and listens for packets destined to it.

This should be fully transparent and configuration-free like an unmanaged Ethernet switch works, unless you have something like ebtables running.

Since this seems to be a layer 2 problem you should start looking at MAC addresses. Does this device reply to a ping using the correct MAC?

rdmitry · August 3, 2020, 3:24pm

br-lan is based on eth0. eth1 is used for wan interfaces:


config interface 'lan'
        option ifname 'eth0'
        option force_link '1'
        option type 'bridge'
        option proto 'static'
        option ipaddr '172.16.66.1'
        option netmask '255.255.255.0'

config interface 'wan2'
        option ifname 'eth1.4'
        option proto 'dhcp'
        option metric '75'

config interface 'wan1'
        option ifname 'eth1.3'
        option proto 'static'
        option ipaddr '192.168.31.15'
        option netmask '255.255.255.0'
        option gateway '192.168.31.1'
        option metric '65'
        option dns '192.168.31.1 8.8.4.4 8.8.8.8'

config interface 'wan'
        option ifname 'eth1.2'
        option proto 'dhcp'
        option metric '80'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

# lan (ports 1,2)
config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '0t 1 2 6'

#wan Virus port 5 (marked wan)
config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '0t 5'

#wan1 MRTH port 4 (marked port 1)
config switch_vlan
        option device 'switch0'
        option vlan '3'
        option ports '0t 4'

#wan2 Sattelite port 3 (marked port 2)
config switch_vlan
        option device 'switch0'
        option vlan '4'
        option ports '0t 3'

And more over, pinging other sites in local network does not generate any output on eth1. It happens only with this magic site. And yes, arping 172.16.66.64 from router works fine.

trendy · August 3, 2020, 10:02pm

Seems more like a vlan hopping issue to me, since you have a combination of tagged and untagged CPU on vlan 1.

rdmitry · August 5, 2020, 10:08am

I don't think so as vlan is not used in the 172.16.66.64 host and there is no such a problem for any other host in the local network.