haaber
October 2, 2024, 9:25am
1
I changed my ISP and the new ISP router has the gateway 192.168.1.1 instead of ...254 before. That did not look like an issue first, but it is (stupid me). I did read some doc, but apparently I do not understand it.
my internal (wireless, lan) IP range is 10.0.0.x
My eth.02 is set on DHCP, I believe, and its (wan) IP is 192.168.1.88 or something like that. That seems to work.: actually, I can ping the gateway on ...1 but no traffic will be routed to the internet. For example, I cannot ping 8.8.8.8.
on my OpenWRT, I read "route -n"
Destination Gateway Genmask Flags Metric Ref Use Iface
10.0.0.0 * 255.255.255.0 U 0 0 0 br-lan
192.168.1.0 * 255.255.255.0 U 0 0 0 eth0.2
which is surprising. I would expect the gateway written here as 192.168.1.1 since in LuCl I did change the br-lan gateway to 192.168.1.1 (where I had ...254 before). What am I messing up ?
There is no gateway / default route...
Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </>
" button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have:
ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall
haaber
October 2, 2024, 9:47am
3
Thanks for the quick reply.
So first,
ubus call system board
{
"kernel": "5.10.138",
"hostname": "****",
"system": "Atheros AR9344 rev 2",
"model": "TP-Link TL-WDR3600 v1",
"board_name": "tplink,tl-wdr3600-v1",
"rootfs_type": "squashfs",
"release": {
"distribution": "OpenWrt",
"version": "22.03.0",
"revision": "r19685-512e76967f",
"target": "ath79/generic",
"description": "OpenWrt 22.03.0 r19685-512e76967f"
}
}
haaber
October 2, 2024, 10:41am
5
next
cat /etc/config/wireless
config wifi-iface 'wifinet0'
option device 'radio0'
option mode 'ap'
option ssid '****'
option network 'lan wan'
option key '****'
option encryption 'sae'
option wpa_disable_eapol_key_retries '1'
config wifi-device 'radio0'
option type 'mac80211'
option macaddr '****'
option channel '1'
option band '2g'
option htmode 'HT20'
option cell_density '0'
config wifi-device 'radio1'
option type 'mac80211'
option macaddr '****'
option channel '36'
option band '5g'
option htmode 'HT20'
option cell_density '0'
config wifi-iface 'default_radio1'
option device 'radio1'
option mode 'ap'
option ssid '****'
option encryption 'sae'
option key '****'
option wpa_disable_eapol_key_retries '1'
option network 'lan wan'
haaber
October 2, 2024, 10:42am
6
next
cat /etc/config/dhcp
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option localservice '1'
option ednspacket_max '1232'
list server '/mabbox.bytel.fr/192.168.1.254'
list address '/mabbox.bytel.fr/192.168.1.254'
list rebind_domain 'mabbox.bytel.fr'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
haaber
October 2, 2024, 10:42am
7
and Finally
cat /etc/config/firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config rule
option name 'no IPTV on early morning'
option src_mac '****'
option dest 'wan'
option src 'lan'
option start_time '01:30:00'
option stop_time '09:00:00'
option weekdays 'Sat Sun'
option target 'REJECT'
brada4
October 2, 2024, 10:45am
8
Change LAN IP addrws of your openwrt as it overlaps with new WAN ip.
Highly advisable to get passthrough from providers router.
mk24
October 2, 2024, 10:45am
9
Pinging a numeric IP does not depend on DNS. You should remove those lines though since they are specific to the old ISP.
The problem, as noted, is there is no default route. If you set up the wan as DHCP client, the default route should be installed automatically as it is advertised by the ISP router during DHCP configuration. This is the default configuration, which works in almost all cases where the wan network uses DHCP. It is not necessary to manually configure a gateway, and you should not. In any case, the option gateway
would need to be in the wan section not lan.
haaber
October 2, 2024, 10:54am
11
where should I change that via SSH? Which file? Via LuCI ?
haaber
October 2, 2024, 10:59am
12
I forgot /etc/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'f*****::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0.1'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '10.0.0.1'
option gateway '192.168.1.1'
config device
option name 'eth0.2'
option macaddr '******'
config interface 'wan'
option device 'eth0.2'
option proto 'dhcp'
option type 'bridge'
config interface 'wan6'
option device 'eth0.2'
option proto 'dhcpv6'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '2 3 4 5 0t'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '1 0t'
Should I change something in here?
haaber
October 2, 2024, 11:16am
13
I tried
route add 0.0.0.0 gw 192.168.1.1
which added the useful ile
default 192.168.1.1 255.255.255.255 UGH 0 0 0 eth0.2
but a ping still does not get out to 8.8.8.8. Then I removed the offending line
192.168.1.0 0.0.0.0 etc
and now ping works: on OpenWRT and a connected computer. I can still not access to any websites.
haaber
October 2, 2024, 11:38am
15
I did that using LuCI but it ended in a non-responding web-interface. So reverted it back (thanks to the dev's for this functionality!!!)
haaber
October 2, 2024, 11:47am
16
OK, DNS setting was still bad. Now it seems to work !