DSA switch unable to use lan port assigned as wan

Installing and Using OpenWrt
1

Hello, I am trying to set mwan3 on my Turris Omnia router.
I get stuck even on prerequisite - I am not able to ping anything, using my second connection - assigned as wan (lan4).

After “ping -c 1 -I lan4 www.google.com
I got message “ping: connect: Permission denied”.

I think it must be something with firewall?
The lan4 port has its own interface and the interface belongs to WAN firewall zone.

Any idea what could cause this? Thank you.
/etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd33:8c9b:d6c2::/48'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ip6assign '60'
        option _turris_mode 'managed'
        list ipaddr '192.168.5.1/24'

config interface 'wan'
        option ipv6 '1'
        option device 'eth2'
        option proto 'dhcp'
        option metric '10'

config interface 'wan6'
        option device '@wan'
        option proto 'dhcpv6'
        option metric '20'
        option reqprefix 'auto'
        option reqaddress 'try'

config device 'dev_wan'
        option name 'eth2'

config interface 'guest_turris'
        option enabled '1'
        option proto 'static'
        option device 'br-guest-turris'
        option ipaddr '10.111.222.1'
        option netmask '255.255.255.0'
        option ip6assign '64'

config device 'br_guest_turris'
        option name 'br-guest-turris'
        option type 'bridge'
        option bridge_empty '1'

config device 'br_lan'
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan0'
        list ports 'lan1'

config interface 'lan_studia'
        option device 'lan2'
        option proto 'static'
        option ipaddr '192.168.6.1'
        option netmask '255.255.255.0'
        list dns '8.8.8.8'

config interface 'gsm'
        option device 'lan4'
        option proto 'static'
        option netmask '255.255.255.252'
        option ipaddr '10.9.116.10'
        option gateway '10.9.116.9'
        option metric '50'
2

What happens if you use the address 10.9.116.10 instead of the interface?

3

Works...

image
image709×621 163 KB

4

This seems to be TurrisOS, not OpenWrt - YMMV.

What I meant was specifying the source address instead of the interface, so ping -I 10.9.116.10 -c 1 ... which should have the same effect.

5

image
image979×468 128 KB

Interesting... its pinging. What does it mean?

6

Try a traceroute from each wan's source IP to be sure it is routing out through the proper modem. Only 3.5 ms to ping google seems really fast.

7

I tried and everything works... even the ping. The trouble was capital "-I" as an interface parameter, with lower "-i" it works!
Is that correct behavior?

8

-i is the interval on my ping:

BusyBox v1.36.1 (2023-10-11 21:06:34 UTC) multi-call binary.

Usage: ping [OPTIONS] HOST

Send ICMP ECHO_REQUESTs to HOST

	-4,-6		Force IP or IPv6 name resolution
	-c CNT		Send only CNT pings
	-s SIZE		Send SIZE data bytes in packets (default 56)
	-i SECS		Interval
	-A		Ping as soon as reply is received
	-t TTL		Set TTL
	-I IFACE/IP	Source interface or IP address
	-W SEC		Seconds to wait for the first response (default 10)
			(after all -c CNT packets are sent)
	-w SEC		Seconds until ping exits (default:infinite)
			(can exit earlier with -c CNT)
	-q		Quiet, only display output at start/finish
	-p HEXBYTE	Payload pattern

But then again, you are not running OpenWrt but TurrisOS.

9

No - at least in official OpenWrt what you described is not the correct behavior.

screen221

The reason the ping didn't work is because you never specified a host to ping. Try using Google DNS - for example:

ping 8.8.8.8 -I 10.9.116.10 -c 1

The OP really should be seeking help from the Turris forum anyway.

1 Like