My Setup
I have OpenWrt install and mostly working on a Linksys 1900ACS v2. I am using it as a router.
My internet is provided by a cellular hotspot, fed to a Netgear wireless extender. The extender ethernet is out to the WAN port on the router.
WAN, hotspot, and extender are on 192.168.129.0/24 subnet.
Lan is on 192.168.128.0/24.
The issue
All works perfectly for any clients with a static IP.
DHCP clients connect and have access to devices on both subnets (WAN and LAN). However, DHCP clients have no internet access.
I am a newbie to networking. Please let me know of any additional info I can provide.
TIA
For static I use:
An IP outside of the DHCP range set on the router (I have tried one within the range as well, both work)
Subnet: 255.255.255.0
Gateway: 192.168.128.1 - the router lan IP
Clients receive the same - ip within the DHCP range, of course.
If your network is IPv4 only, be sure to turn off the IPv6 DHCP server on the OpenWrt LAN. This a different tab from the checkbox which only affects IPv4 (and must be left on).
First you need to differentiate whether the clients truly lack a route to the Internet, or it is that they can't DNS. From a non-working client, try pinging a numeric place on the Internet versus pinging by name.
Since your WAN network is not 192.168.1.1, it should work with a default configuration. At least one thing has been changed from the default configuration here.
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option expandhosts '1'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
option localservice '1'
option domain 'fernwood'
config dhcp 'lan'
option interface 'lan'
option start '120'
option leasetime '36h'
option limit '136'
option ra 'server'
option dhcpv6 'server'
option ra_management '1'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config host
option mac 'B8:27:EB:BD:93:B8'
option name 'Kodi'
option dns '1'
option ip '192.168.128.221'
config host
option mac '78:2B:CB:43:3A:DB'
option name 'Storage'
option dns '1'
option ip '192.168.128.10'
config host
option mac '52:54:00:BC:D7:E7'
option name 'NAS'
option dns '1'
option ip '192.168.128.101'
/etc/firewall
config defaults
option syn_flood 1
option input ACCEPT
option output ACCEPT
option forward REJECT
# Uncomment this line to disable ipv6 rules
# option disable_ipv6 1
config zone
option name lan
list network 'lan'
option input ACCEPT
option output ACCEPT
option forward ACCEPT
config zone
option name wan
list network 'wan'
list network 'wan6'
option input REJECT
option output ACCEPT
option forward REJECT
option masq 1
option mtu_fix 1
config forwarding
option src lan
option dest wan
# We need to accept udp packets on port 68,
# see https://dev.openwrt.org/ticket/4108
config rule
option name Allow-DHCP-Renew
option src wan
option proto udp
option dest_port 68
option target ACCEPT
option family ipv4
# Allow IPv4 ping
config rule
option name Allow-Ping
option src wan
option proto icmp
option icmp_type echo-request
option family ipv4
option target ACCEPT
config rule
option name Allow-IGMP
option src wan
option proto igmp
option family ipv4
option target ACCEPT
# Allow DHCPv6 replies
# see https://dev.openwrt.org/ticket/10381
config rule
option name Allow-DHCPv6
option src wan
option proto udp
option src_ip fc00::/6
option dest_ip fc00::/6
option dest_port 546
option family ipv6
option target ACCEPT
config rule
option name Allow-MLD
option src wan
option proto icmp
option src_ip fe80::/10
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family ipv6
option target ACCEPT
# Allow essential incoming IPv6 ICMP traffic
config rule
option name Allow-ICMPv6-Input
option src wan
option proto icmp
list icmp_type echo-request
list icmp_type echo-reply
list icmp_type destination-unreachable
list icmp_type packet-too-big
list icmp_type time-exceeded
list icmp_type bad-header
list icmp_type unknown-header-type
list icmp_type router-solicitation
list icmp_type neighbour-solicitation
list icmp_type router-advertisement
list icmp_type neighbour-advertisement
option limit 1000/sec
option family ipv6
option target ACCEPT
config rule
option name Allow-IPSec-ESP
option src wan
option dest lan
option proto esp
option target ACCEPT
config rule
option name Allow-ISAKMP
option src wan
option dest lan
option dest_port 500
option proto udp
option target ACCEPT
# include a file with users custom iptables rules
config include
option path /etc/firewall.user
I think you pointed me in the right direction. Can you confirm?
I added google's DNS servers under the setting: DNS forwardings and all seems to be working.
OK. I have been working from the GUI. I prefer cli. But, after making your recommended change, do I need to restart anything, or is the affect immediate?
I do want to make sure you saw my conversation with @mk24. I didn't have DNS servers set. I added those and it seems to have fixed the issue.
I still want to improve and understand better. Should we continue?
Also this is going over the end of the network. It is not the last IP, but how many will be allocated, so in your case it is 120+136=256
If you want the pool to be 120-136 use limit 16.
Network is pretty simple.
Verify that there are no IP conflicts with static and dhcp.
Also lower the DHCP lease time and force some hosts to renew their IP. Make sure it is valid for the lan network and do a traceroute to see where the packets will stop.