Mirek8
February 18, 2025, 4:03pm
1
I want to try out the features of the new version 24.10, so I have my Netgear WAX 202 router connected only via the LAN interface.
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '172.21.163.110'
option netmask '255.255.255.192'
option ip6assign '60'
option gateway '172.21.163.126'
list dns '10.102.0.252'
root@OpenWrt:~# traceroute 10.102.0.252
traceroute to 10.102.0.252 (10.102.0.252), 30 hops max, 46 byte packets
1 172.21.163.126 (172.21.163.126) 0.779 ms 0.698 ms 0.546 ms
2 10.102.0.252 (10.102.0.252) 1.607 ms 1.666 ms 1.631 ms
root@OpenWrt:~# nslookup cdr.cz
nslookup: write to '127.0.0.1': Connection refused
nslookup: write to '::1': Connection refused
;; connection timed out; no servers could be reached
I don't know what I might be missing in the configuration.
frollic
February 18, 2025, 4:08pm
2
Default gw and DNS configured on LAN side.
Mirek8
February 18, 2025, 4:19pm
3
But I have it in the LAN configuration and traceroute to the DNS server goes through. So I have the default gateway fine.
Mirek8
February 18, 2025, 4:41pm
5
root@OpenWrt:~# ubus call system board
{
"kernel": "6.6.73",
"hostname": "OpenWrt",
"system": "MediaTek MT7621 ver:1 eco:3",
"model": "Netgear WAX202",
"board_name": "netgear,wax202",
"rootfs_type": "squashfs",
"release": {
"distribution": "OpenWrt",
"version": "24.10.0",
"revision": "r28427-6df0e3d02a",
"target": "ramips/mt7621",
"description": "OpenWrt 24.10.0 r28427-6df0e3d02a",
"builddate": "1738624177"
}
}
root@OpenWrt:~# cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd24:44f7:2796::/48'
option packet_steering '1'
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
config device
option name 'lan1'
config device
option name 'lan2'
config device
option name 'lan3'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '172.21.163.110'
option netmask '255.255.255.192'
option ip6assign '60'
option gateway '172.21.163.126'
list dns '10.102.0.252'
config device
option name 'wan'
config interface 'wan'
option device 'wan'
option proto 'dhcp'
root@OpenWrt:~# cat /etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option path '1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0'
option band '2g'
option channel '1'
option htmode 'HE20'
option disabled '1'
config wifi-iface 'default_radio0'
option device 'radio0'
option network 'lan'
option mode 'ap'
option ssid 'OpenWrt'
option encryption 'none'
config wifi-device 'radio1'
option type 'mac80211'
option path '1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0+1'
option band '5g'
option channel '36'
option htmode 'HE80'
option disabled '1'
config wifi-iface 'default_radio1'
option device 'radio1'
option network 'lan'
option mode 'ap'
option ssid 'OpenWrt'
option encryption 'none'
root@OpenWrt:~# cat /etc/config/dhcp
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option cachesize '1000'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option localservice '1'
option ednspacket_max '1232'
list server '172.21.163.126'
list notinterface 'lan'
list notinterface 'loopback'
list notinterface 'wan'
config dhcp 'lan'
option interface 'lan'
option start '65'
option limit '10'
option leasetime '12h'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
list ra_flags 'managed-config'
list ra_flags 'other-config'
option dynamicdhcp '0'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
root@OpenWrt:~# cat /etc/config/firewall
config defaults
option syn_flood '1'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'wan'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
Mirek8:
list dns '10.102.0.252'
@frollic is pointing out that is local.
Ping 1.1.1.1
Mirek8
February 18, 2025, 5:13pm
7
10.102.0.252 is a dns server, so I did a traceroute to it to see if it is available
root@OpenWrt:~# ping 1.1.1.1
PING 1.1.1.1 (1.1.1.1): 56 data bytes
64 bytes from 1.1.1.1: seq=0 ttl=54 time=3.967 ms
64 bytes from 1.1.1.1: seq=1 ttl=54 time=112.493 ms
64 bytes from 1.1.1.1: seq=2 ttl=54 time=3.689 ms
64 bytes from 1.1.1.1: seq=3 ttl=54 time=3.370 ms
64 bytes from 1.1.1.1: seq=4 ttl=54 time=3.620 ms
64 bytes from 1.1.1.1: seq=5 ttl=54 time=3.594 ms
64 bytes from 1.1.1.1: seq=6 ttl=54 time=3.573 ms
AndrewZ
February 18, 2025, 5:17pm
8
nslookup talks to local resolver at 127.0.0.1, but you confgured dnsmasq to ignore some interfaces, hence the result
3 Likes
10.0.0.0/8 (10.0.0.0–10.255.255.255) is reserved for local lan use.
Mirek8
February 18, 2025, 5:23pm
10
Thanks for the advice, enabling loopback helped
