Dumb AP internet connectivity issues

My case is more complex.
Using Network-> Diagnostics i can't ping openwrt.org or any other address (i tried with 8.8.8.8 also) but ping which i done from luci not work. My case is different because internet is working good. The problem is that i can't update list and install packages in Software.
This device is second router in my network and it works only as wireless AP.
So the lan cable from router nr 1 is plugged in lan port in second openwrt device. DHCP in second device disabled.
The first router is also OpenWrt device and I can ping openwrt.org from it.
When I plug second device directly to the internet ping working.
So it seems that first OpenWRT device block pinging from second.
Any idea why?

Essential is also information that laptop connected wirelessly to second router can ping openwrt.org and other sites.

Below data from second router:

root@bthh3:~# ubus call system board;
{
        "kernel": "4.14.275",
        "hostname": "bthh3",
        "system": "AR9 rev 1.2",
        "model": "BT Home Hub 3A",
        "board_name": "bt,homehub-v3a",
        "release": {
                "distribution": "OpenWrt",
                "version": "19.07.10",
                "revision": "r11427-9ce6aa9d8d",
                "target": "lantiq/xway",
                "description": "OpenWrt 19.07.10 r11427-9ce6aa9d8d"
        }
}

root@bthh3:~# ping -c 2 1.1.1.1; uci export network;
PING 1.1.1.1 (1.1.1.1): 56 data bytes
ping: sendto: Network unreachable
package network

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd5a:091a:a178::/48'

config atm-bridge 'atm'
        option vpi '1'
        option vci '32'
        option encaps 'llc'
        option payload 'bridged'
        option nameprefix 'dsl'

config dsl 'dsl'
        option annex 'a'
        option firmware '/lib/firmware/adsl.bin'

config interface 'lan'
        option type 'bridge'
        option ifname 'eth0'
        option proto 'static'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option ipaddr '192.168.5.250'

config device 'lan_eth0_dev'
        option name 'eth0'
        option macaddr '00:e0:92:00:01:40'

config device 'wan_dsl0_dev'
        option name 'dsl0'
        option macaddr '00:e0:92:00:01:41'

config interface 'wan6'
        option ifname '@wan'
        option proto 'dhcpv6'

config interface 'wwan'
        option proto 'dhcp'

config interface 'GSM'
        option proto 'dhcp'
        option ifname 'usb0'


root@bthh3:~# uci export dhcp; uci export firewall;
package dhcp

config dnsmasq
        option domainneeded '1'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option expandhosts '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.auto'
        option localservice '1'
        option domain 'lan2'
        option local '/lan2/'

config dhcp 'lan'
        option interface 'lan'
        option dhcpv6 'server'
        option ra 'server'
        option ra_management '1'
        option ignore '1'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

config host
        option name 'Note10Lite'
        option mac '28:c2:1f:17:11:80'
        option dns '1'
        option ip '192.168.5.10'

package firewall

config defaults
        option syn_flood '1'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        list network 'lan'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        list network 'wan6'
        list network 'wwan'
        list network 'GSM'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option src_ip 'fc00::/6'
        option dest_ip 'fc00::/6'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config include
        option path '/etc/firewall.user'

config rule
        option src 'wan'
        option name 'Allow luci on wan'
        option dest 'lan'
        option target 'ACCEPT'
        list proto 'tcp'

then why did you hijack the thread ?

did you add a default GW and DNS IP ?

"version": "19.07.10" - this is the newest firmware for this device

I tried with 'IPv4 gateway' and 'Use custom DNS servers' under LAN settings.
I set on second router IPv4 gateway to IP of first router (192.168.5.249) and DNS to 8.8.8.8 but didn't work.

But actually I'm not sure if I should fill this field and what to enter there.

yup, that's why I removed that part of my post.

did you restart the network service/reboot afterwards ?
https://openwrt.org/docs/guide-user/network/wifi/dumbap#configuration_via_luci

alt, configure your LAN side as DHCP client, instead of static IP.

did you restart the network service/reboot afterwards ?

That was the point. I thought that save&apply is sufficient.

After reboot work as it should.

Thx

Save and Apply should be enough, but we cannot know what was the running configuration after you applied it. But since it worked after the reboot, all is well!.