DLink DIR-853 A3

kar200 · August 1, 2021, 5:54pm

Yes I can confirm that these last images (sysupgrade or even factory) have an issue and will bootloop. Better not use them at the moment.

saifkhan9187 · August 1, 2021, 6:02pm

Hi @kar200 Yes, i recovered from it, but if you provide me the RC3 image, it would be appreciated, as I will flash that one, and will dig into the openWRT.

Thanks

kar200 · August 1, 2021, 6:04pm

I thought it was availble somehwre in the thread.

here it is

saifkhan9187 · August 1, 2021, 6:10pm

Thanks a lot, yes it was there, but link was expired. Bundle of thanks.

kar200 · August 2, 2021, 7:06am

This is just to advise everyone here that the latest snapshot from master are not working either through sysupgrade or through factory flashing. Please only use the files shared here (at your own risk of course).

saifkhan9187 · August 2, 2021, 4:01pm

Hi @kar200 thanks for the update. Other people will get help from this by not flashing the latest snapshots.

Can you just assist me to connect this openwrt(2nd router) to connect with the main router(padavan) so it can provide internet also..

I tried to assign ip(192.168.0.2) in the same subnet of the main router, set the gateway as main router, and dns as main router ip(in my case it is 192.168.0.1). But stilll not getting infernet... Tried with wired and wifi too.
Used below commands, but still not working.

uci set network.lan.ipaddr=192.168.0.2
uci set network.lan.gateway=192.168.0.1
uci set network.lan.dns=192.168.0.1 
uci commit && service network restart

throwaway · August 2, 2021, 4:18pm

I am assuming that the padavan router is the main one.

The default ip address of the padavan router is 192.168.2.1( I think please check the beginnings of this thread to make sure), so if it is the main router you need to change the gateway and dns server to that or the ip address of the padavan router if you have changed it.

saifkhan9187 · August 2, 2021, 4:38pm

Did that but still same

kar200 · August 2, 2021, 5:04pm

There are 2 options:

First one which is straight forward but it will use an extra subnet and you need to plug the main router in the WAN port of the device
WAN = 192.168.x.x from DHCP
LAN = 192.168.1.x with DHCP server.

The second option which is the one I use at home is to edit through ssh the /etc/config/network file and change the following section from

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

to

config interface 'lan'
        option device 'br-lan'
        option proto 'dhcp'

And then just make sure you connect the cable to the LAN port and the router will get an IP from the main router and all the devices connected to it will get an IP on the same subnet as he main one

EDIT: The only issue with this config is that the device does not have any IP address at boot up and need to get one from DHCP on both interfaces (The WAN will have WAN firewall rules applied to it so won't accept any inbound requests). The easiest to fix any issue when you cannot connect to the device anymore is just press the reset button for 10s and it will reset the device to factory settings.

saifkhan9187 · August 3, 2021, 12:04pm

Hi @kar200 thanks a lot, I tried but it failed, I am pretty sure something is related to Firewall settings, Can you please share your firewall setting in the Openwrt client router.

My main router is running Padavan having IP 192.168.0.1 and of course, will set up the 2nd router (OpenWRT) in 192.168.1.1(LAN) but I think Firewall is preventing something.

So it would be appreciated if you share the FW settings (of course for the 1st option I will go)

kar200 · August 3, 2021, 12:22pm

No you don't have to setup the second router it will get an IP from the main one.

reset to factory default and connect Lan directly to computer
use ssh and change the Lan section as mentioned above.
reboot the router and now connect the padavan router directly into the openwrt Lan port.

Your computer will get a new IP (192.168.0.x) and the openwrt will get a similar IP.

Login to padavan and check dhcp logs to see which IP address did the openwrt get.

Do the rest by using the new IP.

You can even set a static IP from the dhcp server so the router always get the same IP address.

saifkhan9187 · August 3, 2021, 12:43pm

I did that, but wondering why I was still not getting internet, even I double-checked. but I will again try and if not working, I will come up with my configuration.

kar200 · August 3, 2021, 12:54pm

That's weird. Can you post your /etc/config/network file please ? What I posted was the one I use and I did not change anything else.

saifkhan9187 · August 3, 2021, 4:24pm

Dear @kar200 , I finally managed. Now it's working. The issue was in the firewall settings. So I just disabled the firewalll on WAN in 2nd router... And now it is working. thanks to you

I will share the config here also


config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd26:aa60:46ec::/48'
	option packet_steering '1'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option ipaddr '192.168.1.1'

config interface 'wan'
	option device 'wan'
	option proto 'dhcp'

config interface 'wan6'
	option device 'wan'
	option proto 'dhcpv6'

saifkhan9187 · August 3, 2021, 4:39pm

here is another config for Firewall


config defaults
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option synflood_protect '1'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	list network 'lan'

config zone
	option name 'wan'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'
	list network 'wan6'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option src_ip 'fc00::/6'
	option dest_ip 'fc00::/6'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config rule
	option name 'Support-UDP-Traceroute'
	option src 'wan'
	option dest_port '33434:33689'
	option proto 'udp'
	option family 'ipv4'
	option target 'REJECT'
	option enabled 'false'

config include
	option path '/etc/firewall.user'

config zone
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	option masq '1'
	option mtu_fix '1'
	list network 'wan'
	list network 'wan6'
	option name 'wwantest'

config forwarding
	option dest 'lan'

config forwarding
	option src 'wan'

config forwarding
	option dest 'lan'

config forwarding
	option src 'wan'

config forwarding
	option dest 'lan'

config forwarding
	option src 'wan'

config forwarding
	option dest 'lan'

config forwarding
	option src 'wan'

config forwarding
	option dest 'lan'

config forwarding
	option src 'wan'

config forwarding
	option src 'wwantest'
	option dest 'lan'

config forwarding
	option src 'wan'
	option dest 'wwantest'

saifkhan9187 · August 3, 2021, 4:55pm

The weird thing is that now I change to custom firewall rules and still I am connected.

kar200 · August 3, 2021, 5:00pm

You have an extra routing happening inside your home network as well as NAT. Unless you need it for some reason it's unnecessary.

This is from another router (Xiaomi Mi 3G) which only has 3 ports (2 LAN and 1 WAN) but with DSA the ports can be set now directly.

Here the 3 ports are LAN ports now and the router gets it's IP address from the main router (I have set a static IP on the DHCP server)
I have not changed the firewall rules since the restrictions only appy to the WAN connection.

root@mir3g:~# cat /etc/config/network 

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option packet_steering '1'
	option ula_prefix 'fd61:13b9:8d12::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'wan'

config interface 'lan'
	option device 'br-lan'
	option proto 'dhcp'
	option peerdns '0'

kar200 · August 3, 2021, 5:01pm

Try this config with the network file. You don't need to set any firewall rules by the way.
With this config you can have a pure access point and the 5 ports will be LAN ports


config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd26:aa60:46ec::/48'
	option packet_steering '1'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4'
	list ports 'wan'

config interface 'lan'
	option device 'br-lan'
	option proto 'dhcp'

saifkhan9187 · August 3, 2021, 5:39pm

Thanks for the update, but now it is working fine. Bundle of thanks

agry · August 21, 2021, 5:26pm

Hi @kar200

Could you please upload firmware for dir-853-a3?
Previous links have expired.

I was trying to update etisalat's device dir-853-a3 firmware with official build for dir-853-a1, however now it fails to recovery boot.

I hope to fix it flash it with openwrt and use it with different ISP.

Regards