I have two networks both with a different Wifi. I want my iot network to be able to connect to a server in my Lan network. I am not sure why it does not work. Internet works on both and it was working all the years before. It happen after I updated all packages. I reset all the configurations and tried to configure it again from scratch but it still does not work.
It will get very frustrating to find a fault if you only did this but not installed a completely new image to go with the new packages.
And then it stopped working.
You said it worked before making the package upgrade!?
But this question about package upgrade be or not to be comes and goes on the forum.
The firmware it self isn’t made to work by upgrading packages. Some do it anyway. Sometimes it work sometime it doesn’t work. You can always roll the dice, but when it fails you are beyond a simple rescue.
My experience is if you want a stable working OpenWrt you build new images and make new config files every time.
Thanks for sharing I was not aware. I flashed the sys upgrade image just now and configured everything again but I get the same result. Shall I flash it any other way? Any other idea?
Are you sure the ip 10.11.11.243 is still the correct one after all upgrades?
Is the port still correct from all sides?
Is it tcp traffic?
Is there another firewall on the server?
Does the server see any data at all on that port?
The IP is and port is correct and it is http traffic so tcp should be correct. I also tried it to just have any everywhere and it still does not work.
It seems non of the rules work. No other firewalls.
Do I maybe need to create a static route from network to network?
Let's see the complete config (now that you've reset and rebuilt). I'm going to ask for it in a different format -- I find the UCI output more difficult to read.
Please copy the output of the following commands and post it here using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have:
Let's try this... put the iot24 network into the lan zone (and remove it from the Aiot24) as follows:
config zone
option name 'lan'
list network 'iot24'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'Aiot24'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
Test to see if you can connect as expected. If not, it is something related to your IoT devices (and/or your LAN hosts), or it has to do with the ability for certain traffic to be routed across subnets (such as mdns which does not, by default, cross broadcast domains).
Since the only connection to the network is a single wifi AP, you can leave Device blank. Generally you'd have a br-iot24 so you can have dual band wireless, or wifi + ethernet like lan works.
I'm a bit concerned about having capital letters in the zone name you might try using only lowercase.
If you set default input on the iot zone to REJECT, the exceptions for dns and dhcp should still work.
I'd highly recommend that you try associating your IoT network with the lan firewall zone as a means of testing inter-network connections. By having both the lan and the IoT networks in the same firewall zone (and with the zone setting forward = accept), there will be no restrictions on inter-network routing. This will be useful to prove that there aren't any issues with the host devices (such as local firewalls or services not working properly, etc.).
Be sure to restart the firewall service or the entire router after making the change.
Just to confirm, it appears you have another router upstream of your openwrt router. Is the other host connected to the openwrt router or the one in front of it?
I found the issue. The server I wanted to connect to has two nw interfaces and the interface I want to connect to was not set as standard gateway. Once changed that and disconnected the second nw interface it solved the issues.
There might have been more than one issue. What I learned is: re-flash the the router, put both networks into the same firewall zone and then check the actual server and other networks.