Connection refused for http and PR_END_OF_FILE_ERROR for https

bpsystems · May 27, 2023, 5:08am

I have installed openwrt on a raspberry pi 4 with a SierraWireless Aircard 313U (usb) using LTE for internet. I can ping/resolve dns and load websites using curl -v {url} from the pi.

From my laptop which is wired into the ethernet port on the pi, I can ping IPs but not domain names.
Nslookup on a domain using the pi as the server returns the correct IP. If I set to any other DNS server I get request timed out.
If I attempt to load a website from my laptop, I get 'the connection was reset' error using http and 'PR_END_OF_FILE_ERROR' using https.

I have tried different clients, browsers and verified the aircard works fine on the laptop directly.
Any ideas as to what I am missing or have misconfigured.

Thanks in advance.

Edit:
I forgot to mention that if I set up another device (eth1) as wan connection everything works so the issue is with the aircard somewhere.

psherman · May 27, 2023, 5:11am

Please copy the output of the following commands and post it here using the "Preformatted text </> " button:

Remember to redact passwords, MAC addresses and any public IP addresses you may have:

cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall

bpsystems · May 27, 2023, 5:21am

Network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fdc7:e588:51ba::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr 'x.x.x.x'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option force_link '1'

config interface 'WAN'
        option proto 'dhcp'

config interface 'WLAN'
        option proto 'dhcp'

config device
        option name 'wwan0'
        option mtu '1500'
        option macaddr 'XX XX XX XX XX XX'

config interface 'WWAN'
        option proto 'modemmanager'
        option device '/sys/devices/platform/scb/fd500000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0/usb1/1-1/1-1.3'
        option apn 'XXXXXXXXXX'
        option auth 'none'
        option iptype 'ipv4'

Firewall

        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option synflood_protect '1'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        list network 'lan'

config zone
        option name 'wan'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        option input 'ACCEPT'
        list network 'WWAN'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config forwarding
        option src 'lan'
        option dest 'wan'

DHCP

config dnsmasq
        option domainneeded '1'
        option localise_queries '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option ednspacket_max '1232'
        option rebind_protection '1'
        option rebind_localhost '1'
        option localservice '0'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option dhcpv6 'server'
        option ra 'server'
        option ra_slaac '1'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

Wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option path 'platform/soc/fe300000.mmcnr/mmc_host/mmc1/mmc1:0001/mmc1:0001:1'
        option short_gi_40 '0'
        option htmode 'HT40'
        option cell_density '0'
        option disabled '1'

config wifi-iface 'wifinet0'
        option device 'radio0'
        option mode 'sta'
        option ssid 'noknok'
        option encryption 'psk2'
        option key ''
        option network 'WLAN'
        option disabled '1'

bpsystems · June 16, 2023, 4:17pm

After additional trial and error I was able to identify the issue was related to TTL settings. Once I guessed the correct TTL for my setup/carrier everything worked as desired.

system · June 26, 2023, 4:18pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.