DNS response, but no internet connection with ISP bridge

Hello guys,

I'm struggling with this issue for days now, and I'm out of ideas. I would like to use my Linksys EA9500 with my ISP set to bridge mode, but I must be omitting something, I cant connect to the network properly.
I'm saying properly, because after changing to bridge-mode, I can ping different webpages, some of them even load in (google, messenger with all the images), but I cannot open most pages. This is why I believe there's a problem on my side, not the internet service.

Details:
/etc/config/network:

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth0.1'

config device
	option name 'eth0.1'
	option macaddr '60:38:E0:80:67:B9'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr '192.168.1.2'
	option netmask '255.255.255.0'
	option ip6assign '60'

config device
	option name 'eth0.2'
	option macaddr '60:38:E0:80:67:ba'

config interface 'wan'
	option device 'eth0.2'
	option proto 'dhcp'
	option peerdns '0'

/etc/config/dhcp:

config dnsmasq
	option domainneeded '1'
	option localise_queries '1'
	option domain 'lan'
	option local '/lan/'
	option expandhosts '1'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option localservice '1'
	option ednspacket_max '1232'
	option noresolv '1'
	option cachesize '1000'
	option rebind_protection '0'
	option port '5353'

config dhcp 'lan'
	option interface 'lan'
	option dhcpv4 'server'
	option dhcpv6 'server'
	option ra 'server'
	list ra_flags 'managed-config'
	list ra_flags 'other-config'
	option leasetime '6h'
	option start '50'
	option limit '150'
	list dhcp_option '6,192.168.1.2'
	list dns 'fdfc:4a8c:c474::1'

The settings were minimally changed from the factory settings. The default DNS is moved to 5353, because I'm using AdGuardHome on port 53. Everything works correctly if the ISP stays in Router/NAT Mode, my WAN interface gets a 192.168.0.x address.

What do you think is blocking my connection? Also, if I connect to a VPN server (tap/tun) everything works as normal.

I'm from Sweden, and it's about a ComHem Wifi C1 router from Tele2, in case of somebody has similar issues. Thank you so much in advance!!!

You might try cloning the MAC address of the ISP device to the WAN interface of the OpenWrt device.

1 Like

I have to either set option macaddr 'xxxxxxx' under wan interface, or set Vendor Class to send when requesting DHCP in Interfaces - WAN - Advanced settings, right? I will try it. Thanks

Network > Interfaces > Devices

Select the WAN interface device.

There were two MAC addresses, Cable and Device. The Cable MAC address didn’t get an IP at all, the other adress got a new one (not the same before bridge-mode) but still no connection. :slightly_frowning_face:

In bridge mode, the ISP device should have DHCP, wireless, and the firewall turned off.

The OpenWrt device should be handling all that.

1 Like

Since you've set peerdns to 0 in the wan, you need to designate a DNS server (under wan, not lan). Or remove the peerdns line or set it to 1 to use the server advertised by the ISP over DHCP.

Some apps will work because they go directly to a Google or Mozilla etc DNS server, bypassing the LAN configuration entirely.

Edit: I see now you're using an appendage Adguard box, which may not be configured properly. Clearly this is a DNS problem. If the Adguard box is going back to router:5353 for its underlying DNS, the router dnsmasq will not be able to resolve external addresses since there is no DNS configured to leave the router.

I am passing the Adguardhome's (or the router's) IP address to all the DHCP clients via the 6 option in the'lan' interface. I was thinking it's enough, since the router also got correct IP addresses with ping and and nslookup. You think I should add 127.0.0.1 for the DNS server in the wan also?

I put back peerdns, and removed the dhcp option. The DNS works, but still can't load pages. This is what I confuses me. And now if I connect to a VPN, everything works. What could differ in the two routes?

image

You might fire up Wireshark and see.

Unfortunately, I cannot decode everything what I see yet. One more fact is that I can SSH through the internet.

Another wrinkle here is that IPv6 is active, if your ISP supports IPv6 some traffic may be going that way though v4 may not be not working.

I would remove the adblock system entirely until basic Internet access is found to be working. Start from a default configuration, change just enough to make it work, then add more things one at a time until you break it.

I started one time entirely from scratch, but it didn’t work even with the default configuration. I will try disabling IPv6, thanks!

I’m also planning to call the customer service.

The fact that everything works well, if the ISP stays in Router mode, makes me think that my setup should be fine. Even after switch, if VPN and SSH is working through the internet, means that the DNS also should be OK.

I noticed that in bridge mode I’m getting an IP with different network address, than in Router mode (80. … instead of 83. …). I tried @anon89577378’s idea, and created a static wan configuration with the addresses previously noted, and set the MAC to the ISP’s values. Sadly no ping responses.

Could it be that other rules apply in the new 80. … network from ISP side?

I agree with @mk24.

Simplifying the setup to narrow down the issue is the way to go here.

Save your current configuration file, reset the router, and configure IPv4...get that working.

Move on to IPv6.

Try with, and without MAC cloning...

BTW, I did not suggest a static WAN. A standard bridge would be a DHCP client.

Then, as Mike suggested, add back one feature at a time.

Thank you! No you didn't suggest that indeed. I just used the cloning idea for another test. Do you think it means something if I don't have connection even a laptop connected to the ISP, instead of the router?

According to this English version of the device.. Shoud be pretty simple.

Do you have your laptop's dhcp options set enabled for both IPv4 and IPv6?

If yes and still not surfing naked with the ISP device, it's time to push the reset button on the device and or call your ISP for surety of Router mode and the desired setting for Bridge mode.

1 Like

Guys, thank you for all the tips, I finally made it work. It turned out it was worth calling the customer service. They said it wasn't looking like being in bridge mode on their side, so we made a reset together on the ISP, and they switched it to bridge mode for me.
At this point my laptop got a completely different IP, and I got internet connection. After this, when I plugged my router in the place of the PC, nothing again. I turned everything off, and back after an hour. Still nothing. Tried the laptop again, it works.
Finally I changed the MAC address of the wan device to my laptop's address as @anon89577378 suggested, and voila!

Still don't understand why is it not serving an IP to the wan device with the default MAC address. Maybe their serving are checking them if it's legit.

This is typical for cable. They remember the MAC address and won't serve a different one. Usually turning off your modem for 30 minutes will reset their system. But in some cases you'll need to call in and have it manually reset.

Of course if you're using your modem in router mode, the only MAC address they see is that of the modem/router, so it will always work unless you were to replace the modem itself.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.