Hello, I recently flashed OpenWRT on TP-LINK TD-W8968 V4. I no longer have the DSL line to use with it and I want to use it as a simple server connected to my main router over an Ethernet cable. On the modem, there is a port labeled LAN4/WAN which suggests that I can use it like a normal router, but I don't know how to configure OpenWRT to use WAN port instead of ADSL. Any ideas?
First, what is your usecase? That will impact how you should configure your device.
Next, please copy the output of the following commands and post it here using the "Preformatted text </>
" button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have:
cat /etc/config/network
cat /etc/config/firewall
I want to use this modem like a normal router, and maybe run some light web server or file share on it.
Here is the output of the commands:
root@OpenWrt:~# cat /etc/config/network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd38:fa72:dac1::/48'
config interface 'lan'
option type 'bridge'
option ifname 'eth0.1'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '0 1 2 3 8t'
root@OpenWrt:~# cat /etc/config/firewall
config defaults
option syn_flood 1
option input ACCEPT
option output ACCEPT
option forward REJECT
# Uncomment this line to disable ipv6 rules
# option disable_ipv6 1
config zone
option name lan
list network 'lan'
option input ACCEPT
option output ACCEPT
option forward ACCEPT
config zone
option name wan
list network 'wan'
list network 'wan6'
option input REJECT
option output ACCEPT
option forward REJECT
option masq 1
option mtu_fix 1
config forwarding
option src lan
option dest wan
# We need to accept udp packets on port 68,
# see https://dev.openwrt.org/ticket/4108
config rule
option name Allow-DHCP-Renew
option src wan
option proto udp
option dest_port 68
option target ACCEPT
option family ipv4
# Allow IPv4 ping
config rule
option name Allow-Ping
option src wan
option proto icmp
option icmp_type echo-request
option family ipv4
option target ACCEPT
config rule
option name Allow-IGMP
option src wan
option proto igmp
option family ipv4
option target ACCEPT
# Allow DHCPv6 replies
# see https://dev.openwrt.org/ticket/10381
config rule
option name Allow-DHCPv6
option src wan
option proto udp
option src_ip fc00::/6
option dest_ip fc00::/6
option dest_port 546
option family ipv6
option target ACCEPT
config rule
option name Allow-MLD
option src wan
option proto icmp
option src_ip fe80::/10
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family ipv6
option target ACCEPT
# Allow essential incoming IPv6 ICMP traffic
config rule
option name Allow-ICMPv6-Input
option src wan
option proto icmp
list icmp_type echo-request
list icmp_type echo-reply
list icmp_type destination-unreachable
list icmp_type packet-too-big
list icmp_type time-exceeded
list icmp_type bad-header
list icmp_type unknown-header-type
list icmp_type router-solicitation
list icmp_type neighbour-solicitation
list icmp_type router-advertisement
list icmp_type neighbour-advertisement
option limit 1000/sec
option family ipv6
option target ACCEPT
# Allow essential forwarded IPv6 ICMP traffic
config rule
option name Allow-ICMPv6-Forward
option src wan
option dest *
option proto icmp
list icmp_type echo-request
list icmp_type echo-reply
list icmp_type destination-unreachable
list icmp_type packet-too-big
list icmp_type time-exceeded
list icmp_type bad-header
list icmp_type unknown-header-type
option limit 1000/sec
option family ipv6
option target ACCEPT
config rule
option name Allow-IPSec-ESP
option src wan
option dest lan
option proto esp
option target ACCEPT
config rule
option name Allow-ISAKMP
option src wan
option dest lan
option dest_port 500
option proto udp
option target ACCEPT
# include a file with users custom iptables rules
config include
option path /etc/firewall.user
### EXAMPLE CONFIG SECTIONS
# do not allow a specific ip to access wan
#config rule
# option src lan
# option src_ip 192.168.45.2
# option dest wan
# option proto tcp
# option target REJECT
# block a specific mac on wan
#config rule
# option dest wan
# option src_mac 00:11:22:33:44:66
# option target REJECT
# block incoming ICMP traffic on a zone
#config rule
# option src lan
# option proto ICMP
# option target DROP
# port redirect port coming in on wan to lan
#config redirect
# option src wan
# option src_dport 80
# option dest lan
# option dest_ip 192.168.16.235
# option dest_port 80
# option proto tcp
# port redirect of remapped ssh port (22001) on wan
#config redirect
# option src wan
# option src_dport 22001
# option dest lan
# option dest_port 22
# option proto tcp
### FULL CONFIG SECTIONS
#config rule
# option src lan
# option src_ip 192.168.45.2
# option src_mac 00:11:22:33:44:55
# option src_port 80
# option dest wan
# option dest_ip 194.25.2.129
# option dest_port 120
# option proto tcp
# option target REJECT
#config redirect
# option src lan
# option src_ip 192.168.45.2
# option src_mac 00:11:22:33:44:55
# option src_port 1024
# option src_dport 80
# option dest_ip 194.25.2.129
# option dest_port 120
# option proto tcp
This doesn't appear to be supported -- I only see v3 and v5 in the database. What version did you flash?
ubus call system board
Do you already have a router on your network? or would this be the main router? If you already have a router on your network, you don't necessarily need to do anything here except set your lan IP appropriately.
This doesn't have much horsepower, so I'm not sure it is worth it. You absolutely should not plan to use this device to share to the internet -- internally on your trusted network is fine (although performance will be really low), but this doesn't have enough resources to run a properly hardened server for the internet.
To add a wan, what you'd basically be doing is taking one of the ports from the switch and dedicating it for us as a wan port. Based on the device info page for the v3 and v5, it appears that logical port 0 corresponds to the port that is labeled as wan.
so you'll add this:
config interface 'wan'
option device 'eth0.2'
option proto 'dhcp'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '0 8t'
and then you also need to edit the following by taking out the 0 in the list ports section (so it will be '1 2 3 8t':
Restart and the wan port should theoretically be available to be used as a wan.
Still not working. Web interface shows "Error: Network device is not present".
It is the V3 firmware. People reported success when using V3 image on V4.
Let's see the latest config file.
Which specific file did you flash? or, better yet, please provide the output of this
Filename: openwrt-19.07.10-brcm63xx-generic-FAST2704N-squashfs-cfe.bin
Command output:
{
"kernel": "4.14.275",
"hostname": "OpenWrt",
"system": "bcm63xx/F@ST2704N (0x6318/0xB0)",
"model": "Sagem F@ST2704N",
"board_name": "fast2704n",
"release": {
"distribution": "OpenWrt",
"version": "19.07.10",
"revision": "r11427-9ce6aa9d8d",
"target": "brcm63xx/generic",
"description": "OpenWrt 19.07.10 r11427-9ce6aa9d8d"
}
}
You said you have a TD-W8968 v4 -- but the image you flashed is not for that device
Did you find evidence that the devices are identical?
So as an FYI, this version is no longer supported -- it has been EOL for a while now, and things have changed a bit with 21.02 and 22.03 (latest), so support is simply best effort. Hopefully we can get you running with what you want, but this is not a parciuarly good option for you to continue using.
Yes, I know. I flashed the TD-W8968 V3 firmware on TD-W8968 V4, because there was no V4 OpenWRT firmware, and the community said that V3 firmware will work on a V4.
No, but since V3 firmware worked on V4, they are at least very similar.
I know, there was no newer version, even for the V3, and I don't really know how to port the newer versions for this modem.
ok... but you still haven't posted your latest configuration for review.
Here is my new config:
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd38:fa72:dac1::/48'
config interface 'lan'
option type 'bridge'
option ifname 'eth0.1'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '1 2 3 8t'
config interface 'wan'
option device 'eth0.2'
option proto 'dhcp'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '0 8t'
This looks fine, but you could try adding one thing to this:
option vid '2'
Otherwise, it should work...
But it is possible that the device isn't properly supported even though it appears to work (it isn't actually officially supported, after all).
Try rebooting the router and then provide the output of
ifconfig
After adding the line, it didn't work. Here is the output of ifconfig
:
br-lan Link encap:Ethernet HWaddr C4:E9:84:C8:AC:88
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::c6e9:84ff:fec8:ac88/64 Scope:Link
inet6 addr: fd38:fa72:dac1::1/60 Scope:Global
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1025 errors:0 dropped:0 overruns:0 frame:0
TX packets:898 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:125348 (122.4 KiB) TX bytes:219861 (214.7 KiB)
eth0 Link encap:Ethernet HWaddr C4:E9:84:C8:AC:88
inet6 addr: fe80::c6e9:84ff:fec8:ac88/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:77 errors:0 dropped:0 overruns:0 frame:0
TX packets:51 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:6792 (6.6 KiB) TX bytes:7041 (6.8 KiB)
eth0.1 Link encap:Ethernet HWaddr C4:E9:84:C8:AC:88
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:31 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:3930 (3.8 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:168 errors:0 dropped:0 overruns:0 frame:0
TX packets:168 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:11888 (11.6 KiB) TX bytes:11888 (11.6 KiB)
wlan0 Link encap:Ethernet HWaddr C4:E9:84:C8:AC:89
inet6 addr: fe80::c6e9:84ff:fec8:ac89/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1024 errors:0 dropped:0 overruns:0 frame:0
TX packets:908 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:139678 (136.4 KiB) TX bytes:238759 (233.1 KiB)
Try making it vlan 3 instead. Don’t know if this will help.
config interface 'wan'
option device 'eth0.3'
option proto 'dhcp'
config switch_vlan
option device 'switch0'
option vlan '3'
option ports '0 8t'
If this doesn’t work, try adding vid 3 to that.
It partially works now. After changing the config and connecting the Ethernet cable to LAN1 port of the modem I can connect to the internet, but I can't access the LuCI interface and SSH, because the modem inherits my main router's default gateway settings. Setting a static IP on my phone allows me to access LuCI and SSH, but LuCI still shows "Network device not present" and modem can't access the internet, which stops me from using it as a mini-server.
I don't understand this... this doesn't sound right at all (unless there is simply a conflict, rather than inherited values).
Can you draw a diagram of your connections and include the brand+model for each device?
Is the C6 your main router?
If so, what is its configuration with respect to "passthrough" mode -- what exactly is it doing?