"Dumb AP", router has no internet but clients do, dns and gateway configured

Hi all, I've bought a router with OpenWRT to use as a Dumb AP (static IP, no DHCP server, wireless enabled).
I followed the guide on OpenWRT webpage to configure it as a Dumb AP and wireless clients can connect and access to internet, but the OpenWRT router does not.

From what I've read, this is caused for not configuring the gateway and dns in the "lan" configuration, but I do have them on my setup.

Maybe I'm missing something?
The router I'm using is a GL.iNet MT300N-v2, with OpenWrt 18.06.1 r7258-5eb055306f / LuCI openwrt-18.06 branch (git-18.228.31946-f64b152).

I can ping to 8.8.8.8, but can't ping to 'www.google.com' or 'downloads.openwrt.org'

Command outputs:
Network

uci show network

network.loopback=interface
network.loopback.ifname='lo'
network.loopback.proto='static'
network.loopback.ipaddr='127.0.0.1'
network.loopback.netmask='255.0.0.0'
network.globals=globals
network.globals.ula_prefix='fd03:ed9a:97a0::/48'
network.lan=interface
network.lan.hostname='GL-MT300N-V2-15f'
network.lan.type='bridge'
network.lan.ifname='eth0.1 eth0.2'
network.lan.proto='static'
network.lan.gateway='192.168.1.1'
network.lan.dns='192.168.1.1'
network.lan.ipaddr='192.168.1.2'
network.lan.broadcast='192.168.1.255'
network.lan.netmask='255.255.255.0'
network.@switch[0]=switch
network.@switch[0].name='switch0'
network.@switch[0].reset='1'
network.@switch[0].enable_vlan='1'
network.@switch_vlan[0]=switch_vlan
network.@switch_vlan[0].device='switch0'
network.@switch_vlan[0].vlan='1'
network.@switch_vlan[0].ports='1 6t'
network.@switch_vlan[1]=switch_vlan
network.@switch_vlan[1].device='switch0'
network.@switch_vlan[1].vlan='2'
network.@switch_vlan[1].ports='0 6t'
network.guest=interface
network.guest.ifname='guest'
network.guest.type='bridge'
network.guest.proto='static'
network.guest.ipaddr='192.168.9.1'
network.guest.netmask='255.255.255.0'
network.guest.ip6assign='60'

route -n

route -n

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 br-lan
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 br-lan

/etc/resolv.conf

cat /etc/resolv.conf

search lan
nameserver 127.0.0.1

Firewall

uci show firewall

firewall.@defaults[0]=defaults
firewall.@defaults[0].syn_flood='1'
firewall.@defaults[0].input='ACCEPT'
firewall.@defaults[0].output='ACCEPT'
firewall.@defaults[0].forward='REJECT'
firewall.@zone[0]=zone
firewall.@zone[0].name='lan'
firewall.@zone[0].network='lan'
firewall.@zone[0].input='ACCEPT'
firewall.@zone[0].output='ACCEPT'
firewall.@zone[0].forward='ACCEPT'
firewall.@zone[1]=zone
firewall.@zone[1].name='wan'
firewall.@zone[1].input='REJECT'
firewall.@zone[1].output='ACCEPT'
firewall.@zone[1].forward='REJECT'
firewall.@zone[1].masq='1'
firewall.@zone[1].mtu_fix='1'
firewall.@zone[1].network='wan wan6'
firewall.@forwarding[0]=forwarding
firewall.@forwarding[0].src='lan'
firewall.@forwarding[0].dest='wan'
firewall.@rule[0]=rule
firewall.@rule[0].name='Allow-DHCP-Renew'
firewall.@rule[0].src='wan'
firewall.@rule[0].proto='udp'
firewall.@rule[0].dest_port='68'
firewall.@rule[0].target='ACCEPT'
firewall.@rule[0].family='ipv4'
firewall.@rule[1]=rule
firewall.@rule[1].name='Allow-Ping'
firewall.@rule[1].src='wan'
firewall.@rule[1].proto='icmp'
firewall.@rule[1].icmp_type='echo-request'
firewall.@rule[1].family='ipv4'
firewall.@rule[1].target='ACCEPT'
firewall.@rule[2]=rule
firewall.@rule[2].name='Allow-IGMP'
firewall.@rule[2].src='wan'
firewall.@rule[2].proto='igmp'
firewall.@rule[2].family='ipv4'
firewall.@rule[2].target='ACCEPT'
firewall.@rule[3]=rule
firewall.@rule[3].name='Allow-DHCPv6'
firewall.@rule[3].src='wan'
firewall.@rule[3].proto='udp'
firewall.@rule[3].src_ip='fc00::/6'
firewall.@rule[3].dest_ip='fc00::/6'
firewall.@rule[3].dest_port='546'
firewall.@rule[3].family='ipv6'
firewall.@rule[3].target='ACCEPT'
firewall.@rule[4]=rule
firewall.@rule[4].name='Allow-MLD'
firewall.@rule[4].src='wan'
firewall.@rule[4].proto='icmp'
firewall.@rule[4].src_ip='fe80::/10'
firewall.@rule[4].icmp_type='130/0' '131/0' '132/0' '143/0'
firewall.@rule[4].family='ipv6'
firewall.@rule[4].target='ACCEPT'
firewall.@rule[5]=rule
firewall.@rule[5].name='Allow-ICMPv6-Input'
firewall.@rule[5].src='wan'
firewall.@rule[5].proto='icmp'
firewall.@rule[5].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type' 'router-solicitation' 'neighbour-solicitation' 'router-advertisement' 'neighbour-advertisement'
firewall.@rule[5].limit='1000/sec'
firewall.@rule[5].family='ipv6'
firewall.@rule[5].target='ACCEPT'
firewall.@rule[6]=rule
firewall.@rule[6].name='Allow-ICMPv6-Forward'
firewall.@rule[6].src='wan'
firewall.@rule[6].dest='*'
firewall.@rule[6].proto='icmp'
firewall.@rule[6].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type'
firewall.@rule[6].limit='1000/sec'
firewall.@rule[6].family='ipv6'
firewall.@rule[6].target='ACCEPT'
firewall.@rule[7]=rule
firewall.@rule[7].name='Allow-IPSec-ESP'
firewall.@rule[7].src='wan'
firewall.@rule[7].dest='lan'
firewall.@rule[7].proto='esp'
firewall.@rule[7].target='ACCEPT'
firewall.@rule[8]=rule
firewall.@rule[8].name='Allow-ISAKMP'
firewall.@rule[8].src='wan'
firewall.@rule[8].dest='lan'
firewall.@rule[8].dest_port='500'
firewall.@rule[8].proto='udp'
firewall.@rule[8].target='ACCEPT'
firewall.@include[0]=include
firewall.@include[0].path='/etc/firewall.user'
firewall.@include[0].reload='1'
firewall.gls2s=include
firewall.gls2s.type='script'
firewall.gls2s.path='/var/etc/gls2s.include'
firewall.gls2s.reload='1'
firewall.glfw=include
firewall.glfw.type='script'
firewall.glfw.path='/usr/bin/glfw.sh'
firewall.glfw.reload='1'
firewall.glqos=include
firewall.glqos.type='script'
firewall.glqos.path='/usr/sbin/glqos.sh'
firewall.glqos.reload='1'
firewall.guestzone=zone
firewall.guestzone.name='guestzone'
firewall.guestzone.network='guest'
firewall.guestzone.forward='REJECT'
firewall.guestzone.output='ACCEPT'
firewall.guestzone.input='REJECT'
firewall.guestzone_fwd=forwarding
firewall.guestzone_fwd.src='guestzone'
firewall.guestzone_fwd.dest='wan'
firewall.guestzone_dhcp=rule
firewall.guestzone_dhcp.name='guestzone_DHCP'
firewall.guestzone_dhcp.src='guestzone'
firewall.guestzone_dhcp.target='ACCEPT'
firewall.guestzone_dhcp.proto='udp'
firewall.guestzone_dhcp.dest_port='67-68'
firewall.guestzone_dns=rule
firewall.guestzone_dns.name='guestzone_DNS'
firewall.guestzone_dns.src='guestzone'
firewall.guestzone_dns.target='ACCEPT'
firewall.guestzone_dns.proto='tcp udp'
firewall.guestzone_dns.dest_port='53'
firewall.sambasharewan=rule
firewall.sambasharewan.src='wan'
firewall.sambasharewan.dest_port='137 138 139 445'
firewall.sambasharewan.dest_proto='tcpudp'
firewall.sambasharewan.target='DROP'
firewall.sambasharelan=rule
firewall.sambasharelan.src='lan'
firewall.sambasharelan.dest_port='137 138 139 445'
firewall.sambasharelan.dest_proto='tcpudp'
firewall.sambasharelan.target='ACCEPT'


Adding details for dhcp config file if it helps.

dhcp

/etc/config/dhcp

config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
option rebind_protection '0'

config dhcp 'lan'
option interface 'lan'
option ignore '1'

config dhcp 'wan'
option interface 'wan'
option ignore '1'

config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'

config dhcp 'guest'
option interface 'guest'
option start '100'
option leasetime '12h'
option limit '150'
option dhcpv6 'server'
option ra 'server'

config domain 'localhost'
option name 'console.gl-inet.com'
option ip '192.168.1.2'

Resolve.conf is empty, DNS lookups will not work.

Since you have a static IP set, you have to set DNS IPs too.

1 Like

You are using the DNSMASQ in the OpenWrt device as a DNS cache, but you probably disabled it entirely when you disabled DHCP.

1 Like

There is a guest network set up, and for this one you need dhcp anyway.
What I find strange is, that you have specified a dns server for lan interface, but it is obviously not used.

what happens, if you do a
nslookup www.google.com 192.168.1.1

?

But it is set up already, isn't it?

network.lan=interface
[...]
network.lan.proto='static'
network.lan.gateway='192.168.1.1'
network.lan.dns='192.168.1.1'
network.lan.ipaddr='192.168.1.2'
network.lan.broadcast='192.168.1.255'
network.lan.netmask='255.255.255.0'
[...]

So should I disable DNS cache? (If so, how?)
Or should I enable DHCP service and just ignore it?

Yes, there's a guest network, it came configured by default with the bundled firmware, although it's not enabled (and don't plan to use it).

About the command:
nslookup www.google.com 192.168.1.1
;; connection timed out; no servers could be reached

But this looks like your 192.168.1.1 is not working as DNS. What is the DNS setting of your main router ? Probably you should set that one in your network config. What is the output of traceroute 8.8.8.8 ?

1 Like

Shouldn't the gateway work as the DNS?
All the other clients connected to the gateway and this DumAP do work and have that ip as DNS server (192.168.1.1).

traceroute

traceroute 8.8.8.8

traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 38 byte packets
1 192.168.1.1 (192.168.1.1) 0.679 ms 0.626 ms 0.408 ms
2 181.162.0.1 (181.162.0.1) 2.079 ms 2.265 ms 7.007 ms
3 10.50.3.9 (10.50.3.9) 15.740 ms 9.474 ms 8.419 ms
4 10.50.3.10 (10.50.3.10) 9.529 ms 9.580 ms 9.274 ms
5 72.14.208.62 (72.14.208.62) 7.786 ms 72.14.205.142 (72.14.205.142) 9.703 ms 9.698 ms
6 10.252.42.190 (10.252.42.190) 9.297 ms 74.125.242.1 (74.125.242.1) 8.129 ms 10.23.212.62 (10.23.212.62) 12.163 ms
7 8.8.8.8 (8.8.8.8) 10.085 ms 72.14.237.191 (72.14.237.191) 10.968 ms 8.8.8.8 (8.8.8.8) 9.533 ms


@Stefan1
So, I added a new DNS server to the list of DNS servers in LAN: network.lan.dns='192.168.1.1 1.1.1.1'
Now I can ping, but don't understand why it doesn't work with the default dns server.
This is not an OpenWRT misconfiguration, but a problem with my gateway, right?

I guess so. Can you do the nslookup again ?

interesting would also be a nslookup on another machine to see, where these get the dns name resolved

192.168.1.1

nslookup www.google.com 192.168.1.1

;; connection timed out; no servers could be reached


1.1.1.1

nslookup www.google.com 1.1.1.1
Server:         1.1.1.1
Address:        1.1.1.1#53

Name:      www.google.com
Address 1: 64.233.190.147
Address 2: 64.233.190.99
Address 3: 64.233.190.104
Address 4: 64.233.190.103
Address 5: 64.233.190.105
Address 6: 64.233.190.106
Address 7: 2800:3f0:4003:c01::69
Address 8: 2800:3f0:4003:c01::63
Address 9: 2800:3f0:4003:c01::93
Address 10: 2800:3f0:4003:c01::6a

Not sure what you mean, but the DNSes provided by the DHCP aren't used, if the client have a static IP defined.

You either have to add them manually, or set a static lease in the DHCP, and put the device back in DHCP client mode.

But judging from your last post, it looks like an upstream issue, in your main router.

Ok, this is interesting.

~# nslookup 192.168.1.1 192.168.1.1
;; connection timed out; no servers could be reached

and

~# nslookup 192.168.1.1
Server:         127.0.0.1
Address:        127.0.0.1#53

** server can't find 1.1.168.192.in-addr.arpa: NXDOMAIN

What I meant was that since I configured the gateway address to use as DNS server, the gateway should provide the DNS ¿resolve/lookup/route?.

should is a nice word :wink:

What are the upstream DNSes for 192.168.1.1, either used or forwarded.

Which DNS IPs does your router provide over DHCP ?

1 Like

:cry:

Checking on a computer connected:

DNS Servers . . . . . . . . . . . : 200.28.0.129
                                    200.28.4.129

Yes I could manually configure those, but those are not static.

Well, if it's not announcing itself as a DNS, you can't expect it to work as one.
Set those DNSes where you've used 192.168.1.1, or point to a public DNS, like 1.1.1.1, 8.8.8.8 etc ...

1 Like

OK!
I just made a test on my machine (computer) and when setting a static IP and setting the gateway as the DNS server, it does not work.
Problem solved (ok, not really solved the problem, but I think I understand the reason behind it).

Thanks @frollic

I remember that I didn't use to have this problem before because I had PiHole installed as the server and that did work as a DNS server, but I removed that device recently.
Everyday your learn something new. :smiley:

You would have, if it was set to use 192.168.1.1 as it's own upstream DNS.

If you used the ones predefined in the pihole settings (google, opendns, quad9, Level3, etc...),
they would have made the pihole bypass your ISPs DNSes altogether.

Like I said, if you configure a static DHCP lease for the dumb AP, it'll inherit the DNSes announced by your ISP, and still have a fixed IP.

2 Likes

I can't configure a static DHCP lease on the gateway.
That's where my problems started, I had it working with an ip given by the gateway, but it wasn't static.

Well,

You could move the DHCP to the dumb AP, if it's possible to disable the one in the router.

1 Like