Changed ISP - no more network access

I changed my ISP and the new ISP router has the gateway 192.168.1.1 instead of ...254 before. That did not look like an issue first, but it is (stupid me). I did read some doc, but apparently I do not understand it.

  • my internal (wireless, lan) IP range is 10.0.0.x

  • My eth.02 is set on DHCP, I believe, and its (wan) IP is 192.168.1.88 or something like that. That seems to work.: actually, I can ping the gateway on ...1 but no traffic will be routed to the internet. For example, I cannot ping 8.8.8.8.

  • on my OpenWRT, I read "route -n"

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.0.0.0        *               255.255.255.0   U     0      0        0 br-lan
192.168.1.0     *               255.255.255.0   U     0      0        0 eth0.2

which is surprising. I would expect the gateway written here as 192.168.1.1 since in LuCl I did change the br-lan gateway to 192.168.1.1 (where I had ...254 before). What am I messing up ?

There is no gateway / default route...

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall

Thanks for the quick reply.

So first,

ubus call system board
{
	"kernel": "5.10.138",
	"hostname": "****",
	"system": "Atheros AR9344 rev 2",
	"model": "TP-Link TL-WDR3600 v1",
	"board_name": "tplink,tl-wdr3600-v1",
	"rootfs_type": "squashfs",
	"release": {
		"distribution": "OpenWrt",
		"version": "22.03.0",
		"revision": "r19685-512e76967f",
		"target": "ath79/generic",
		"description": "OpenWrt 22.03.0 r19685-512e76967f"
	}
}

next


cat /etc/config/wireless 

config wifi-iface 'wifinet0'
	option device 'radio0'
	option mode 'ap'
	option ssid '****'
	option network 'lan wan'
	option key '****'
	option encryption 'sae'
	option wpa_disable_eapol_key_retries '1'

config wifi-device 'radio0'
	option type 'mac80211'
	option macaddr '****'
	option channel '1'
	option band '2g'
	option htmode 'HT20'
	option cell_density '0'

config wifi-device 'radio1'
	option type 'mac80211'
	option macaddr '****'
	option channel '36'
	option band '5g'
	option htmode 'HT20'
	option cell_density '0'

config wifi-iface 'default_radio1'
	option device 'radio1'
	option mode 'ap'
	option ssid '****'
	option encryption 'sae'
	option key '****'
	option wpa_disable_eapol_key_retries '1'
	option network 'lan wan'

next


cat /etc/config/dhcp

config dnsmasq
	option domainneeded '1'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option localservice '1'
	option ednspacket_max '1232'
	list server '/mabbox.bytel.fr/192.168.1.254'
	list address '/mabbox.bytel.fr/192.168.1.254'
	list rebind_domain 'mabbox.bytel.fr'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'server'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

and Finally


cat /etc/config/firewall

config defaults
	option syn_flood '1'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'

config zone
	option name 'lan'
	list network 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'

config zone
	option name 'wan'
	list network 'wan'
	list network 'wan6'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config rule
	option name 'no IPTV on early morning'
	option src_mac '****'
	option dest 'wan'
	option src 'lan'
	option start_time '01:30:00'
	option stop_time '09:00:00'
	option weekdays 'Sat Sun'
	option target 'REJECT'

Change LAN IP addrws of your openwrt as it overlaps with new WAN ip.
Highly advisable to get passthrough from providers router.

Pinging a numeric IP does not depend on DNS. You should remove those lines though since they are specific to the old ISP.

The problem, as noted, is there is no default route. If you set up the wan as DHCP client, the default route should be installed automatically as it is advertised by the ISP router during DHCP configuration. This is the default configuration, which works in almost all cases where the wan network uses DHCP. It is not necessary to manually configure a gateway, and you should not. In any case, the option gateway would need to be in the wan section not lan.

where should I change that via SSH? Which file? Via LuCI ?

I forgot /etc/network


config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'f*****::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth0.1'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option ipaddr '10.0.0.1'
	option gateway '192.168.1.1'

config device
	option name 'eth0.2'
	option macaddr '******'

config interface 'wan'
	option device 'eth0.2'
	option proto 'dhcp'
	option type 'bridge'

config interface 'wan6'
	option device 'eth0.2'
	option proto 'dhcpv6'
config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '2 3 4 5 0t'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option ports '1 0t'


Should I change something in here?

I tried

route add 0.0.0.0 gw 192.168.1.1

which added the useful ile

default    192.168.1.1       255.255.255.255    UGH   0   0   0  eth0.2

but a ping still does not get out to 8.8.8.8. Then I removed the offending line

192.168.1.0     0.0.0.0   etc

and now ping works: on OpenWRT and a connected computer. I can still not access to any websites.

Remove gateway from lan.

I did that using LuCI but it ended in a non-responding web-interface. So reverted it back (thanks to the dev's for this functionality!!!)

OK, DNS setting was still bad. Now it seems to work !