DNS Not working

Hello,
I have installed OpenWrt 19.07.7 on a Linksys_E8300.
The WAN port was connected to another Router.
Protocol DHCP was used at WAN interface.

I have installed openvpn and ddns.
Connected to Linksys_E8300 in that configuration , DNS was working to access internet.

I have changed Protocol DHCP to protocol PPPOE to use that Linksys_E8300 Router just behind a modem at my son house.
When Linksys_E8300 was connected at my son house PPPOE works fine. A good IP is provided by ISP.
openvpn works fine because I am able to connect from my house to Linksys_E8300 Router at my son house through internet

But my son has no dns on his network.
When I am connected to that Linksys_E8300 using ssh , I am able to ping google or another site using their ipv4 or ipv6 address.
But any ping with dns name (www.google.com, Openwrt.org, ...) is translated to 198.18.1.1 , so ping, http don't work.

I have nearly same configuration at my house (Netgear router connected to modem with pppoe) and dns works fine.

I have compared dnsmasq parameters and many configuration files on both Routers and I don’t see something false
/tmp/resolv.conf.auto seems good with correct dns address provided by ISP

What can I do to have DNS working with that router ?

Thanks in advance

1 Like

Check out a public DNS provider:
https://openwrt.org/docs/guide-user/base-system/dhcp_configuration#upstream_dns_provider

Than you for your help but Nothing has been changed

root@Linksys_E8300:~# uci -q delete network.wan.dns
root@Linksys_E8300:~# uci add_list network.wan.dns="8.8.8.8"
root@Linksys_E8300:~# uci add_list network.wan.dns="8.8.4.4"
root@Linksys_E8300:~# ping www.google.be
PING www.google.be (198.18.1.1): 56 data bytes

Also disable peer DNS and restart the service to apply changes.

Sorry, I din't commit
So I have made that

troot@Linksys_E8300:~# uci -q delete network.wan.dns 
root@Linksys_E8300:~# uci add_list network.wan.dns="8.8.8.8" 
root@Linksys_E8300:~# uci add_list network.wan.dns="8.8.4.4" 
root@Linksys_E8300:~# uci -q delete network.wan6.dns 
root@Linksys_E8300:~# uci add_list network.wan6.dns="2001:4860:4860::888 
8" 
root@Linksys_E8300:~# uci add_list network.wan6.dns="2001:4860:4860::884 
4" 
root@Linksys_E8300:~# uci set network.wan.peerdns="0" 
root@Linksys_E8300:~# uci set network.wan6.peerdns="0" 
root@Linksys_E8300:~# uci commit network 
root@Linksys_E8300:~# /etc/init.d/network restart
 ....


2021-05-22 14:20:39 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-C
HACHA20-POLY1305, peer certificate: 2048 bit RSA, signature: RSA-SHA1
2021-05-22 14:20:39 [linksys] Peer Connection Initiated with[AF_INET]xxx.xxx.xxx.xxx:443
2021-05-22 14:20:41 Initialization Sequence Completed`


ping from here 

[vdm@Fractal ~]$ ping -4 192.168.3.1
PING 192.168.3.1 (192.168.3.1) 56(84) octets de données.
De 192.168.3.128 icmp_seq=1 Hôte de destination injoignable
De 192.168.3.128 icmp_seq=2 Hôte de destination injoignable```

So unable to change anything from here !

Seems to be only a problem from here because it works for my son.
Again thank you for your help

Not yet tested but I remember...
Restarting network has probably removed the VPN virtual device (tap0) from bridge. So I am able to use VPN access but remote local network is no more available.
So 'brctl add' can solve the problem or easier way is to reboot router !

My assumptions were good , all is working correctly

1 Like

Not really , dns works for devices in local network managed by router but not for router itself !

root@Linksys_E8300:~# nslookup openwrt.org
Server:         195.238.2.22
Address:        195.238.2.22#53

Name:      openwrt.org
Address 1: 139.59.209.225
Address 2: 2a03:b0c0:3:d0::1af1:1
########################################
root@Linksys_E8300:~# ping  openwrt.org
PING openwrt.org (198.18.1.1): 56 data bytes
^C
--- openwrt.org ping statistics ---
6 packets transmitted, 0 packets received, 100% packet loss
#####################################################
root@Linksys_E8300:~# ping 139.59.209.225
PING 139.59.209.225 (139.59.209.225): 56 data bytes
64 bytes from 139.59.209.225: seq=0 ttl=54 time=14.390 ms
64 bytes from 139.59.209.225: seq=1 ttl=54 time=14.542 ms
64 bytes from 139.59.209.225: seq=2 ttl=54 time=16.444 ms
^C
--- 139.59.209.225 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 14.390/15.125/16.444 ms
root@Linksys_E8300:~# ping 2a03:b0c0:3:d0::1af1:1
PING 2a03:b0c0:3:d0::1af1:1 (2a03:b0c0:3:d0::1af1:1): 56 data bytes
64 bytes from 2a03:b0c0:3:d0::1af1:1: seq=0 ttl=54 time=18.755 ms
64 bytes from 2a03:b0c0:3:d0::1af1:1: seq=1 ttl=54 time=21.325 ms```

Collect the diagnostics and post it to pastebin.com redacting the private parts:

uci show network; uci show dhcp; uci show firewall; \
ip address show; ip route show table all; ip rule show; iptables-save -c; \
head -v -n -0 /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/*

Sorry, I don't use pastebin.com, but here are the diagnostics

uci show network

network.loopback=interface
network.loopback.ifname='lo'
network.loopback.proto='static'
network.loopback.ipaddr='127.0.0.1'
network.loopback.netmask='255.0.0.0'
network.globals=globals
network.globals.ula_prefix='fdb9:eeec:6487::/48'
network.lan=interface
network.lan.type='bridge'
network.lan.ifname='eth0'
network.lan.proto='static'
network.lan.ipaddr='192.168.3.1'
network.lan.netmask='255.255.255.0'
network.lan.ip6assign='60'
network.wan=interface
network.wan.ifname='eth1'
network.wan.proto='pppoe'
network.wan.password='xxxxxx'
network.wan.ipv6='auto'
network.wan.username='xxxxxx@SKYNET'
network.wan.peerdns='0'
network.wan.dns='8.8.8.8' '8.8.4.4'
network.wan6=interface
network.wan6.ifname='eth1'
network.wan6.proto='dhcpv6'
network.wan6.peerdns='0'
network.wan6.dns='2001:4860:4860::8888' '2001:4860:4860::8844'
network.@switch[0]=switch
network.@switch[0].name='switch0'
network.@switch[0].reset='1'
network.@switch[0].enable_vlan='1'
network.@switch_vlan[0]=switch_vlan
network.@switch_vlan[0].device='switch0'
network.@switch_vlan[0].vlan='1'
network.@switch_vlan[0].ports='1 2 3 4 0'
##################################
uci show dhcp

dhcp.@dnsmasq[0]=dnsmasq
dhcp.@dnsmasq[0].domainneeded='1'
dhcp.@dnsmasq[0].localise_queries='1'
dhcp.@dnsmasq[0].rebind_protection='1'
dhcp.@dnsmasq[0].rebind_localhost='1'
dhcp.@dnsmasq[0].local='/lan/'
dhcp.@dnsmasq[0].domain='lan'
dhcp.@dnsmasq[0].expandhosts='1'
dhcp.@dnsmasq[0].authoritative='1'
dhcp.@dnsmasq[0].readethers='1'
dhcp.@dnsmasq[0].leasefile='/tmp/dhcp.leases'
dhcp.@dnsmasq[0].resolvfile='/tmp/resolv.conf.auto'
dhcp.@dnsmasq[0].localservice='1'
dhcp.lan=dhcp
dhcp.lan.interface='lan'
dhcp.lan.start='100'
dhcp.lan.limit='150'
dhcp.lan.leasetime='12h'
dhcp.lan.dhcpv6='server'
dhcp.lan.ra='server'
dhcp.wan=dhcp
dhcp.wan.interface='wan'
dhcp.wan.ignore='1'
dhcp.odhcpd=odhcpd
dhcp.odhcpd.maindhcp='0'
dhcp.odhcpd.leasefile='/tmp/hosts/odhcpd'
dhcp.odhcpd.leasetrigger='/usr/sbin/odhcpd-update'
dhcp.odhcpd.loglevel='4'
dhcp.@domain[0]=domain
dhcp.@domain[0].name='asus'
dhcp.@domain[0].ip='192.168.2.15'
dhcp.@domain[1]=domain
dhcp.@domain[1].name='esprimo'
dhcp.@domain[1].ip='192.168.3.10'
dhcp.@host[0]=host
dhcp.@host[0].mac='b8:ac:6f:22:19:36'
dhcp.@host[0].name='esprimo'
dhcp.@host[0].dns='1'
dhcp.@host[0].ip='192.168.3.10'
dhcp.@domain[2]=domain
dhcp.@domain[2].name='hp_wifi'
dhcp.@domain[2].ip='192.168.3.31'
dhcp.@domain[3]=domain
dhcp.@domain[3].ip='192.168.3.51'
dhcp.@domain[3].name='OnePlus8'
dhcp.@host[1]=host
dhcp.@host[1].mac='36:2D:36:08:C0:8F'
dhcp.@host[1].dns='1'
dhcp.@host[1].name='OnePlus8Pro'
dhcp.@host[1].ip='196.168.3.52'
dhcp.@host[2]=host
dhcp.@host[2].mac='4C:4F:EE:47:0A:80'
dhcp.@host[2].name='OnePlus8'
dhcp.@host[2].dns='1'
dhcp.@host[2].ip='192.168.3.51'
dhcp.@host[3]=host
dhcp.@host[3].mac='00:BE:3B:B7:3A:BF'
dhcp.@host[3].name='HUAWEI-MediaPad-M5'
dhcp.@host[3].dns='1'
dhcp.@host[3].ip='192.168.3.53'
############################################
uci show firewall

firewall.@defaults[0]=defaults
firewall.@defaults[0].syn_flood='1'
firewall.@defaults[0].input='ACCEPT'
firewall.@defaults[0].output='ACCEPT'
firewall.@defaults[0].forward='REJECT'
firewall.@zone[0]=zone
firewall.@zone[0].name='lan'
firewall.@zone[0].network='lan'
firewall.@zone[0].input='ACCEPT'
firewall.@zone[0].output='ACCEPT'
firewall.@zone[0].forward='ACCEPT'
firewall.@zone[1]=zone
firewall.@zone[1].name='wan'
firewall.@zone[1].network='wan' 'wan6'
firewall.@zone[1].input='REJECT'
firewall.@zone[1].output='ACCEPT'
firewall.@zone[1].forward='REJECT'
firewall.@zone[1].masq='1'
firewall.@zone[1].mtu_fix='1'
firewall.@forwarding[0]=forwarding
firewall.@forwarding[0].src='lan'
firewall.@forwarding[0].dest='wan'
firewall.@rule[0]=rule
firewall.@rule[0].name='Allow-DHCP-Renew'
firewall.@rule[0].src='wan'
firewall.@rule[0].proto='udp'
firewall.@rule[0].dest_port='68'
firewall.@rule[0].target='ACCEPT'
firewall.@rule[0].family='ipv4'
firewall.@rule[1]=rule
firewall.@rule[1].name='Allow-Ping'
firewall.@rule[1].src='wan'
firewall.@rule[1].proto='icmp'
firewall.@rule[1].icmp_type='echo-request'
firewall.@rule[1].family='ipv4'
firewall.@rule[1].target='ACCEPT'
firewall.@rule[2]=rule
firewall.@rule[2].name='Allow-IGMP'
firewall.@rule[2].src='wan'
firewall.@rule[2].proto='igmp'
firewall.@rule[2].family='ipv4'
firewall.@rule[2].target='ACCEPT'
firewall.@rule[3]=rule
firewall.@rule[3].name='Allow-DHCPv6'
firewall.@rule[3].src='wan'
firewall.@rule[3].proto='udp'
firewall.@rule[3].src_ip='fc00::/6'
firewall.@rule[3].dest_ip='fc00::/6'
firewall.@rule[3].dest_port='546'
firewall.@rule[3].family='ipv6'
firewall.@rule[3].target='ACCEPT'
firewall.@rule[4]=rule
firewall.@rule[4].name='Allow-MLD'
firewall.@rule[4].src='wan'
firewall.@rule[4].proto='icmp'
firewall.@rule[4].src_ip='fe80::/10'
firewall.@rule[4].icmp_type='130/0' '131/0' '132/0' '143/0'
firewall.@rule[4].family='ipv6'
firewall.@rule[4].target='ACCEPT'
firewall.@rule[5]=rule
firewall.@rule[5].name='Allow-ICMPv6-Input'
firewall.@rule[5].src='wan'
firewall.@rule[5].proto='icmp'
firewall.@rule[5].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type' 'router-solicitation' 'neighbour-solicitation' 'router-advertisement' 'neighbour-advertisement'
firewall.@rule[5].limit='1000/sec'
firewall.@rule[5].family='ipv6'
firewall.@rule[5].target='ACCEPT'
firewall.@rule[6]=rule
firewall.@rule[6].name='Allow-ICMPv6-Forward'
firewall.@rule[6].src='wan'
firewall.@rule[6].dest='*'
firewall.@rule[6].proto='icmp'
firewall.@rule[6].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type'
firewall.@rule[6].limit='1000/sec'
firewall.@rule[6].family='ipv6'
firewall.@rule[6].target='ACCEPT'
firewall.@rule[7]=rule
firewall.@rule[7].name='Allow-IPSec-ESP'
firewall.@rule[7].src='wan'
firewall.@rule[7].dest='lan'
firewall.@rule[7].proto='esp'
firewall.@rule[7].target='ACCEPT'
firewall.@rule[8]=rule
firewall.@rule[8].name='Allow-ISAKMP'
firewall.@rule[8].src='wan'
firewall.@rule[8].dest='lan'
firewall.@rule[8].dest_port='500'
firewall.@rule[8].proto='udp'
firewall.@rule[8].target='ACCEPT'
firewall.@include[0]=include
firewall.@include[0].path='/etc/firewall.user'
firewall.@rule[9]=rule
firewall.@rule[9].dest_port='443'
firewall.@rule[9].src='wan'
firewall.@rule[9].name='openvpn'
firewall.@rule[9].target='ACCEPT'
firewall.@rule[9].proto='tcp'
firewall.@rule[9].family='ipv4'
firewall.@rule[9].extra='-m geoip --source-country BE,FR'
##########################################
ip address show

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master br-lan state UP qlen 1000
    link/ether c4:41:1e:ad:2a:1a brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
    link/ether c4:41:1e:ad:2a:1b brd ff:ff:ff:ff:ff:ff
    inet6 fdb1:86a1:9220:0:c641:1eff:fead:2a1b/64 scope global 
       valid_lft forever preferred_lft forever
    inet6 fdb1:86a1:9220::694/128 scope global 
       valid_lft forever preferred_lft forever
    inet6 fe80::c641:1eff:fead:2a1b/64 scope link 
       valid_lft forever preferred_lft forever
12: tap0: <BROADCAST,MULTICAST,UP,LOWER_UP100> mtu 1500 qdisc fq_codel master br-lan state UP qlen 100
    link/ether f6:3e:e8:eb:f2:16 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::f43e:e8ff:feeb:f216/64 scope link 
       valid_lft forever preferred_lft forever
25: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    link/ether c4:41:1e:ad:2a:1a brd ff:ff:ff:ff:ff:ff
    inet 192.168.3.1/24 brd 192.168.3.255 scope global br-lan
       valid_lft forever preferred_lft forever
    inet6 2a02:a03f:c066:ff00::1/60 scope global dynamic 
       valid_lft 68195sec preferred_lft 53795sec
    inet6 fdb9:eeec:6487::1/60 scope global 
       valid_lft forever preferred_lft forever
    inet6 fe80::c641:1eff:fead:2a1a/64 scope link 
       valid_lft forever preferred_lft forever
26: pppoe-wan: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1492 qdisc fq_codel state UNKNOWN qlen 3
    link/ppp 
    inet 81.240.139.191 peer 10.24.145.6/32 scope global pppoe-wan
       valid_lft forever preferred_lft forever
    inet6 2a02:a03f:cfe1:6632:b0b7:5465:481a:9e74/64 scope global dynamic 
       valid_lft 85870sec preferred_lft 3070sec
    inet6 fe80::b0b7:5465:481a:9e74/10 scope link 
       valid_lft forever preferred_lft forever
27: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP qlen 1000
    link/ether c6:41:1e:ad:2a:1e brd ff:ff:ff:ff:ff:ff
    inet6 fe80::c441:1eff:fead:2a1e/64 scope link 
       valid_lft forever preferred_lft forever
28: wlan1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP qlen 1000
    link/ether c4:41:1e:ad:2a:1c brd ff:ff:ff:ff:ff:ff
    inet6 fe80::c641:1eff:fead:2a1c/64 scope link 
       valid_lft forever preferred_lft forever
29: wlan2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP qlen 1000
    link/ether c4:41:1e:ad:2a:1d brd ff:ff:ff:ff:ff:ff
    inet6 fe80::c641:1eff:fead:2a1d/64 scope link 
       valid_lft forever preferred_lft forever
############################################
ip route show table all

default via 10.24.145.6 dev pppoe-wan 
10.24.145.6 dev pppoe-wan scope link  src 81.240.139.191 
192.168.3.0/24 dev br-lan scope link  src 192.168.3.1 
local 81.240.139.191 dev pppoe-wan table local scope host  src 81.240.139.191 
broadcast 127.0.0.0 dev lo table local scope link  src 127.0.0.1 
local 127.0.0.0/8 dev lo table local scope host  src 127.0.0.1 
local 127.0.0.1 dev lo table local scope host  src 127.0.0.1 
broadcast 127.255.255.255 dev lo table local scope link  src 127.0.0.1 
broadcast 192.168.3.0 dev br-lan table local scope link  src 192.168.3.1 
local 192.168.3.1 dev br-lan table local scope host  src 192.168.3.1 
broadcast 192.168.3.255 dev br-lan table local scope link  src 192.168.3.1 
default from 2a02:a03f:c066:ff00::/56 via fe80::22e0:9cff:fe39:a401 dev pppoe-wan  metric 512 
default from 2a02:a03f:cfe1:6632::/64 via fe80::22e0:9cff:fe39:a401 dev pppoe-wan  metric 512 
2a02:a03f:c066:ff00::/64 dev br-lan  metric 1024 
unreachable 2a02:a03f:c066:ff00::/56 dev lo  metric 2147483647  error -113
unreachable 2a02:a03f:cfe1:6632::/64 dev lo  metric 2147483647  error -113
fdb1:86a1:9220::/48 from fdb1:86a1:9220::694 via fe80::e2b9:e5ff:feef:b838 dev eth1  metric 512 
fdb1:86a1:9220::/48 from fdb1:86a1:9220::/64 via fe80::e2b9:e5ff:feef:b838 dev eth1  metric 512 
fdb1:86a1:9220::/64 dev eth1  metric 256 
unreachable fdb1:86a1:9220::/64 dev lo  metric 2147483647  error -113
fdb9:eeec:6487::/64 dev br-lan  metric 1024 
unreachable fdb9:eeec:6487::/48 dev lo  metric 2147483647  error -113
fe80::/64 dev tap0  metric 256 
fe80::/64 dev eth1  metric 256 
fe80::/64 dev br-lan  metric 256 
fe80::/64 dev wlan1  metric 256 
fe80::/64 dev wlan0  metric 256 
fe80::/64 dev wlan2  metric 256 
fe80::/10 dev pppoe-wan  metric 1 
fe80::/10 dev pppoe-wan  metric 256 
local ::1 dev lo table local  metric 0 
############################################
ip rule show

anycast 2a02:a03f:c066:ff00:: dev br-lan table local  metric 0 
local 2a02:a03f:c066:ff00::1 dev br-lan table local  metric 0 
anycast 2a02:a03f:cfe1:6632:: dev pppoe-wan table local  metric 0 
local 2a02:a03f:cfe1:6632:b0b7:5465:481a:9e74 dev pppoe-wan table local  metric 0 
anycast fdb1:86a1:9220:: dev eth1 table local  metric 0 
local fdb1:86a1:9220::694 dev eth1 table local  metric 0 
local fdb1:86a1:9220:0:c641:1eff:fead:2a1b dev eth1 table local  metric 0 
anycast fdb9:eeec:6487:: dev br-lan table local  metric 0 
local fdb9:eeec:6487::1 dev br-lan table local  metric 0 
anycast fe80:: dev tap0 table local  metric 0 
anycast fe80:: dev eth1 table local  metric 0 
anycast fe80:: dev br-lan table local  metric 0 
anycast fe80:: dev pppoe-wan table local  metric 0 
anycast fe80:: dev wlan1 table local  metric 0 
anycast fe80:: dev wlan0 table local  metric 0 
anycast fe80:: dev wlan2 table local  metric 0 
local fe80::b0b7:5465:481a:9e74 dev pppoe-wan table local  metric 0 
local fe80::c441:1eff:fead:2a1e dev wlan0 table local  metric 0 
local fe80::c641:1eff:fead:2a1a dev br-lan table local  metric 0 
local fe80::c641:1eff:fead:2a1b dev eth1 table local  metric 0 
local fe80::c641:1eff:fead:2a1c dev wlan1 table local  metric 0 
local fe80::c641:1eff:fead:2a1d dev wlan2 table local  metric 0 
local fe80::f43e:e8ff:feeb:f216 dev tap0 table local  metric 0 
ff00::/8 dev tap0 table local  metric 256 
ff00::/8 dev br-lan table local  metric 256 
ff00::/8 dev eth1 table local  metric 256 
ff00::/8 dev pppoe-wan table local  metric 256 
ff00::/8 dev wlan1 table local  metric 256 
ff00::/8 dev wlan0 table local  metric 256 
ff00::/8 dev wlan2 table local  metric 256 
0:	from all lookup local 
32766:	from all lookup main 
32767:	from all lookup default 
############################################# »
iptables-save -c

# Generated by iptables-save v1.8.3 on Sun May 23 09:46:27 2021
*nat
:PREROUTING ACCEPT [52648:8269576]
:INPUT ACCEPT [5503:453964]
:OUTPUT ACCEPT [8664:637526]
:POSTROUTING ACCEPT [563:72374]
:postrouting_lan_rule - [0:0]
:postrouting_rule - [0:0]
:postrouting_wan_rule - [0:0]
:prerouting_lan_rule - [0:0]
:prerouting_rule - [0:0]
:prerouting_wan_rule - [0:0]
:zone_lan_postrouting - [0:0]
:zone_lan_prerouting - [0:0]
:zone_wan_postrouting - [0:0]
:zone_wan_prerouting - [0:0]
[52648:8269576] -A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
[41151:6853287] -A PREROUTING -i br-lan -m comment --comment "!fw3" -j zone_lan_prerouting
[2700:529336] -A PREROUTING -i eth1 -m comment --comment "!fw3" -j zone_wan_prerouting
[8797:886953] -A PREROUTING -i pppoe-wan -m comment --comment "!fw3" -j zone_wan_prerouting
[31240:2549694] -A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
[563:72374] -A POSTROUTING -o br-lan -m comment --comment "!fw3" -j zone_lan_postrouting
[0:0] -A POSTROUTING -o eth1 -m comment --comment "!fw3" -j zone_wan_postrouting
[30677:2477320] -A POSTROUTING -o pppoe-wan -m comment --comment "!fw3" -j zone_wan_postrouting
[563:72374] -A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
[41151:6853287] -A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
[30677:2477320] -A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule
[30677:2477320] -A zone_wan_postrouting -m comment --comment "!fw3" -j MASQUERADE
[11497:1416289] -A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule
COMMIT
# Completed on Sun May 23 09:46:27 2021
# Generated by iptables-save v1.8.3 on Sun May 23 09:46:27 2021
*mangle
:PREROUTING ACCEPT [3525835:3241690077]
:INPUT ACCEPT [80182:10421980]
:FORWARD ACCEPT [3426933:3226133176]
:OUTPUT ACCEPT [89575:39228046]
:POSTROUTING ACCEPT [3516051:3265340890]
[0:0] -A FORWARD -o eth1 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
[0:0] -A FORWARD -i eth1 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
[5925:323544] -A FORWARD -o pppoe-wan -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
[5907:320508] -A FORWARD -i pppoe-wan -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
COMMIT
# Completed on Sun May 23 09:46:27 2021
# Generated by iptables-save v1.8.3 on Sun May 23 09:46:27 2021
*filter
:INPUT ACCEPT [1:675]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:forwarding_lan_rule - [0:0]
:forwarding_rule - [0:0]
:forwarding_wan_rule - [0:0]
:input_lan_rule - [0:0]
:input_rule - [0:0]
:input_wan_rule - [0:0]
:output_lan_rule - [0:0]
:output_rule - [0:0]
:output_wan_rule - [0:0]
:reject - [0:0]
:syn_flood - [0:0]
:zone_lan_dest_ACCEPT - [0:0]
:zone_lan_forward - [0:0]
:zone_lan_input - [0:0]
:zone_lan_output - [0:0]
:zone_lan_src_ACCEPT - [0:0]
:zone_wan_dest_ACCEPT - [0:0]
:zone_wan_dest_REJECT - [0:0]
:zone_wan_forward - [0:0]
:zone_wan_input - [0:0]
:zone_wan_output - [0:0]
:zone_wan_src_REJECT - [0:0]
[3:228] -A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
[80179:10421752] -A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
[61942:8817938] -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
[3117:134108] -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
[7565:638702] -A INPUT -i br-lan -m comment --comment "!fw3" -j zone_lan_input
[435:13920] -A INPUT -i eth1 -m comment --comment "!fw3" -j zone_wan_input
[10140:946924] -A INPUT -i pppoe-wan -m comment --comment "!fw3" -j zone_wan_input
[3426933:3226133176] -A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
[3406618:3224280251] -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
[20315:1852925] -A FORWARD -i br-lan -m comment --comment "!fw3" -j zone_lan_forward
[0:0] -A FORWARD -i eth1 -m comment --comment "!fw3" -j zone_wan_forward
[0:0] -A FORWARD -i pppoe-wan -m comment --comment "!fw3" -j zone_wan_forward
[0:0] -A FORWARD -m comment --comment "!fw3" -j reject
[3:228] -A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
[89572:39227818] -A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
[67848:37501705] -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
[1985:268400] -A OUTPUT -o br-lan -m comment --comment "!fw3" -j zone_lan_output
[0:0] -A OUTPUT -o eth1 -m comment --comment "!fw3" -j zone_wan_output
[19739:1457713] -A OUTPUT -o pppoe-wan -m comment --comment "!fw3" -j zone_wan_output
[4315:185383] -A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
[5760:758401] -A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp-port-unreachable
[3020:129840] -A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
[97:4268] -A syn_flood -m comment --comment "!fw3" -j DROP
[1985:268400] -A zone_lan_dest_ACCEPT -o br-lan -m comment --comment "!fw3" -j ACCEPT
[20315:1852925] -A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
[20315:1852925] -A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT
[0:0] -A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
[0:0] -A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
[7565:638702] -A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
[0:0] -A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
[7565:638702] -A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
[1985:268400] -A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
[1985:268400] -A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
[7564:638027] -A zone_lan_src_ACCEPT -i br-lan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
[0:0] -A zone_wan_dest_ACCEPT -o eth1 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
[0:0] -A zone_wan_dest_ACCEPT -o eth1 -m comment --comment "!fw3" -j ACCEPT
[460:21316] -A zone_wan_dest_ACCEPT -o pppoe-wan -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
[39594:3289322] -A zone_wan_dest_ACCEPT -o pppoe-wan -m comment --comment "!fw3" -j ACCEPT
[0:0] -A zone_wan_dest_REJECT -o eth1 -m comment --comment "!fw3" -j reject
[0:0] -A zone_wan_dest_REJECT -o pppoe-wan -m comment --comment "!fw3" -j reject
[0:0] -A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
[0:0] -A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
[0:0] -A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
[0:0] -A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
[0:0] -A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT
[10575:960844] -A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule
[0:0] -A zone_wan_input -p udp -m udp --dport 68 -m comment --comment "!fw3: Allow-DHCP-Renew" -j ACCEPT
[62:2960] -A zone_wan_input -p icmp -m icmp --icmp-type 8 -m comment --comment "!fw3: Allow-Ping" -j ACCEPT
[435:13920] -A zone_wan_input -p igmp -m comment --comment "!fw3: Allow-IGMP" -j ACCEPT
[3:180] -A zone_wan_input -p tcp -m tcp --dport 443 -m geoip --source-country BE,FR  -m comment --comment "!fw3: openvpn" -j ACCEPT
[0:0] -A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
[10075:943784] -A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_REJECT
[19739:1457713] -A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
[19739:1457713] -A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
[0:0] -A zone_wan_src_REJECT -i eth1 -m comment --comment "!fw3" -j reject
[10075:943784] -A zone_wan_src_REJECT -i pppoe-wan -m comment --comment "!fw3" -j reject
COMMIT
# Completed on Sun May 23 09:46:27 2021
##############################################
head -v -n -0 /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/*
==> /etc/resolv.conf <==
# Interface wan
nameserver 195.238.2.22
nameserver 195.238.2.21
# Interface wan6
nameserver fdb1:86a1:9220::1
search lan

==> /tmp/resolv.conf <==
search lan
nameserver 127.0.0.1

==> /tmp/resolv.conf.auto <==
# Interface wan
nameserver 8.8.8.8
nameserver 8.8.4.4
# Interface wan6
nameserver 2001:4860:4860::8888
nameserver 2001:4860:4860::8844

==> /tmp/resolv.conf.ppp <==
nameserver 195.238.2.22
nameserver 195.238.2.21
head: /tmp/resolv.*/*: No such file or directory
1 Like

Also check out this:

ln -f -s /tmp/resolv.conf /etc/resolv.conf
nslookup openwrt.org
nslookup openwrt.org 8.8.8.8
nslookup openwrt.org 195.238.2.21
nslookup openwrt.org 195.238.2.22

Seems good now, Thank you again
ping works
opkg update works

root@Linksys_E8300:/etc# mv resolv.conf  resolv.conf_old
root@Linksys_E8300:/etc# ln -s /tmp/resolv.conf /etc/resolv.conf
root@Linksys_E8300:/etc# nslookup openwrt.org
Server:         127.0.0.1
Address:        127.0.0.1#53

Name:      openwrt.org
Address 1: 139.59.209.225
Address 2: 2a03:b0c0:3:d0::1af1:1
root@Linksys_E8300:/etc# nslookup openwrt.org 8.8.8.8
Server:         8.8.8.8
Address:        8.8.8.8#53

Name:      openwrt.org
Address 1: 139.59.209.225
Address 2: 2a03:b0c0:3:d0::1af1:1
root@Linksys_E8300:/etc# nslookup openwrt.org 195.238.2.21
Server:         195.238.2.21
Address:        195.238.2.21#53

Name:      openwrt.org
Address 1: 139.59.209.225
Address 2: 2a03:b0c0:3:d0::1af1:1
root@Linksys_E8300:/etc# nslookup openwrt.org 195.238.2.22
Server:         195.238.2.22
Address:        195.238.2.22#53

Name:      openwrt.org
Address 1: 139.59.209.225
Address 2: 2a03:b0c0:3:d0::1af1:1
root@Linksys_E8300:/etc# ping openwrt.org
PING openwrt.org (139.59.209.225): 56 data bytes
64 bytes from 139.59.209.225: seq=0 ttl=54 time=14.891 ms
64 bytes from 139.59.209.225: seq=1 ttl=54 time=15.596 ms
64 bytes from 139.59.209.225: seq=2 ttl=54 time=16.324 ms
^C
--- openwrt.org ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 14.891/15.603/16.324 ms
root@Linksys_E8300:/etc# 
1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.