Thanks for your response.
Here is the result from ubus call system board
{
"kernel": "5.4.137",
"hostname": "OpenWrt",
"system": "ARMv8 Processor rev 3",
"model": "Raspberry Pi 4 Model B Rev 1.4",
"board_name": "raspberrypi,4-model-b",
"release": {
"distribution": "OpenWrt",
"version": "21.02.0-rc4",
"revision": "r16256-2d5ee43dc6",
"target": "bcm27xx/bcm2711",
"description": "OpenWrt 21.02.0-rc4 r16256-2d5ee43dc6"
}
}
Network
package network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ipv6 '0'
config device
option name 'eth0'
option ipv6 '0'
config device
option name 'wlan0'
option ipv6 '0'
config device
option type 'bridge'
option name 'br-lan'
option ipv6 '0'
list ports 'eth0'
list ports 'wlan0'
config device
option name 'eth1'
option ipv6 '0'
config device
option name 'eth2'
option ipv6 '0'
config interface 'wlan0'
option device 'wlan0'
option proto 'static'
option ipaddr '192.168.4.1'
option netmask '255.255.255.0'
option gateway '192.168.1.1'
option broadcast '192.168.4.255'
option delegate '0'
list dns '208.67.222.123'
list dns '208.67.220.123'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.4.1'
option netmask '255.255.255.0'
option gateway '192.168.1.1'
option broadcast '192.168.4.255'
option delegate '0'
list dns '208.67.222.123'
list dns '208.67.220.123'
config interface 'wan'
option device 'eth1'
option proto 'static'
option ipaddr '192.168.1.4'
option netmask '255.255.255.0'
option gateway '192.168.1.1'
option broadcast '192.168.1.255'
option delegate '0'
option force_link '1'
option peerdns '0'
list dns '208.67.222.123'
list dns '208.67.220.123'
option metric '30'
config interface 'vwan'
option device 'eth2'
option proto 'static'
option ipaddr '192.168.6.11'
option netmask '255.255.255.0'
option gateway '192.168.6.2'
option broadcast '192.168.6.255'
option delegate '0'
option force_link '1'
option peerdns '0'
list dns '208.67.222.123'
list dns '208.67.220.123'
option metric '20'
DHCP
config dnsmasq
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option localservice '1'
option ednspacket_max '1232'
option domainneeded '1'
list addnhosts '/etc/safe-search/enabled'
config dhcp 'lan'
option interface 'lan'
option dhcpv6 'server'
option ra 'server'
list ra_flags 'managed-config'
list ra_flags 'other-config'
option ra_management '1'
option start '230'
option limit '250'
option leasetime '15m'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
option start '100'
option limit '150'
option leasetime '12h'
list ra_flags 'none'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config dhcp 'wlan0'
option interface 'wlan0'
option start '250'
option limit '250'
option leasetime '15m'
list ra_flags 'none'
option dynamicdhcp '0'
config host
option dns '1'
option name 'AccessPoint1'
list mac 'xx:xx:xx:xx:xx:xx'
list mac 'yy:yy:yy:yy:yy:yy'
option ip '192.168.4.30'
option leasetime '15m'
It has many more devices getting static addresses on the same LAN subnet but that's about it.
Firewall
config defaults
option synflood_protect '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone 'lan'
option name 'lan'
list network 'lan'
list network 'wlan0'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option ip6assign '60'
config zone 'wan'
option name 'wan'
list network 'wan'
list network 'vwan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
option enabled '0'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
option enabled '0'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
option enabled '0'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
option enabled '0'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config rule
option name 'Support-UDP-Traceroute'
option src 'wan'
option dest_port '33434:33689'
option proto 'udp'
option family 'ipv4'
option target 'REJECT'
option enabled 'false'
config include
option path '/etc/firewall.user'
config rule 'samba_nsds'
option name 'Allow-Samba/NS/DS'
option src 'lan'
option dest_port '137-138'
option proto 'udp'
option target 'ACCEPT'
config rule 'samba_ss'
option name 'Allow-Samba/SS'
option src 'lan'
option dest_port '139'
option proto 'tcp'
option target 'ACCEPT'
config rule 'samba_smb'
option name 'Allow-Samba/SMB'
option src 'lan'
option dest_port '445'
option proto 'tcp'
option target 'ACCEPT'
/etc/firewall.user seems empty
# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.
# Internal uci firewall chains are flushed and recreated on reload, so
# put custom rules into the root chains e.g. INPUT or FORWARD or into the
# special user chains, e.g. input_wan_rule or postrouting_lan_rule.
mwan3 is not installed now because it messes up my dhcp and my family complains that some devices are unable to connect to the network but when it is installed it has the following in the conf file
config globals 'globals'
option local_source 'none'
option mmx_mask '0x3F00'
list rt_table_lookup '220'
option logging '1'
option loglevel 'debug'
config interface 'wan'
option enabled '1'
option family 'ipv4'
option initial_state 'online'
option track_method 'ping'
option reliability '1'
option size '56'
option max_ttl '60'
option check_quality '0'
option failure_interval '5'
option interval '5'
option count '1'
option timeout '2'
option recovery_interval '5'
option down '5'
option up '2'
config interface 'vwan'
option enabled '1'
option family 'ipv4'
option initial_state 'online'
option track_method 'ping'
option size '56'
option max_ttl '60'
option check_quality '0'
option failure_interval '5'
option down '5'
option interval '5'
option reliability '1'
option count '1'
option timeout '2'
option recovery_interval '5'
option up '2'
config member 'wan_m1_w3'
option interface 'wan'
option metric '1'
option weight '3'
config member 'wan_m2_w3'
option interface 'wan'
option metric '2'
option weight '3'
config member 'vwan_m1_w2'
option interface 'vwan'
option metric '1'
option weight '2'
config member 'vwan_m2_w2'
option interface 'vwan'
option metric '2'
option weight '2'
config policy 'wan_only'
list use_member 'wan_m1_w3'
config policy 'vwan_only'
list use_member 'vwan_m1_w2'
config policy 'balanced'
list use_member 'wan_m1_w3'
list use_member 'vwan_m1_w2'
config policy 'wan_vwan'
list use_member 'wan_m1_w3'
list use_member 'vwan_m2_w2'
config policy 'vwan_wan'
list use_member 'wan_m2_w3'
list use_member 'vwan_m1_w2'
config rule 'test_rule'
# option family 'ipv4'
option dest_ip 'www.google.com'
option proto 'all'
option sticky '0'
option use_policy 'balanced'
config rule 'vwan users'
# option family 'ipv4'
option proto 'all'
option use_policy 'vwan_only'
option src_ip '192.168.4.86 192.168.4.87 192.168.4.88'
option dest_ip '0.0.0.0/0'
option sticky '1'
option timeout '600000'
option logging '1'
config rule 'default_rule_v4'
option dest_ip '0.0.0.0/0'
# option family 'ipv4'
option proto 'all'
option sticky '0'
option use_policy 'wan_only'
ip 4 info
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
inet 192.168.1.4/24 brd 192.168.1.255 scope global eth1
valid_lft forever preferred_lft forever
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
inet 192.168.6.11/24 brd 192.168.6.255 scope global eth2
valid_lft forever preferred_lft forever
5: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master br-lan state UP group default qlen 1000
inet 192.168.4.1/24 brd 192.168.4.255 scope global wlan0
valid_lft forever preferred_lft forever
6: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
inet 192.168.4.1/24 brd 192.168.4.255 scope global br-lan
valid_lft forever preferred_lft forever
default via 192.168.6.2 dev eth2 proto static metric 20
default via 192.168.1.1 dev eth1 proto static metric 30
192.168.1.0/24 dev eth1 proto static scope link metric 30
192.168.4.0/24 dev br-lan proto kernel scope link src 192.168.4.1
192.168.4.0/24 dev wlan0 proto kernel scope link src 192.168.4.1
192.168.6.0/24 dev eth2 proto static scope link metric 20
broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1
local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1
local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1
broadcast 192.168.1.0 dev eth1 table local proto kernel scope link src 192.168.1.4
local 192.168.1.4 dev eth1 table local proto kernel scope host src 192.168.1.4
broadcast 192.168.1.255 dev eth1 table local proto kernel scope link src 192.168.1.4
broadcast 192.168.4.0 dev br-lan table local proto kernel scope link src 192.168.4.1
broadcast 192.168.4.0 dev wlan0 table local proto kernel scope link src 192.168.4.1
local 192.168.4.1 dev br-lan table local proto kernel scope host src 192.168.4.1
local 192.168.4.1 dev wlan0 table local proto kernel scope host src 192.168.4.1
broadcast 192.168.4.255 dev br-lan table local proto kernel scope link src 192.168.4.1
broadcast 192.168.4.255 dev wlan0 table local proto kernel scope link src 192.168.4.1
broadcast 192.168.6.0 dev eth2 table local proto kernel scope link src 192.168.6.11
local 192.168.6.11 dev eth2 table local proto kernel scope host src 192.168.6.11
broadcast 192.168.6.255 dev eth2 table local proto kernel scope link src 192.168.6.11
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
ip6 info
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
5: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 fe80::dea6:32ff:feb4:4d72/64 scope link
valid_lft forever preferred_lft forever
fe80::/64 dev wlan0 proto kernel metric 256 pref medium
local ::1 dev lo table local proto kernel metric 0 pref medium
anycast fe80:: dev wlan0 table local proto kernel metric 0 pref medium
local fe80::dea6:32ff:feb4:4d72 dev wlan0 table local proto kernel metric 0 pref medium
multicast ff00::/8 dev wlan0 table local proto kernel metric 256 pref medium
0: from all lookup local
32766: from all lookup main
4200000001: from all iif lo failed_policy
4200000003: from all iif eth1 failed_policy
4200000004: from all iif eth2 failed_policy
4200000005: from all iif wlan0 failed_policy
4200000006: from all iif br-lan failed_policy
Resolv info
lrwxrwxrwx 1 root root 16 Jul 31 19:21 /etc/resolv.conf -> /tmp/resolv.conf
-rw-r--r-- 1 root root 47 Sep 17 05:29 /tmp/resolv.conf
-rw-r--r-- 1 root root 275 Sep 17 05:29 /tmp/resolv.conf.d/resolv.conf.auto
/tmp/resolv.conf.d:
-rw-r--r-- 1 root root 275 Sep 17 05:29 resolv.conf.auto
==> /etc/resolv.conf <==
search lan
nameserver 127.0.0.1
nameserver ::1
==> /tmp/resolv.conf <==
search lan
nameserver 127.0.0.1
nameserver ::1
==> /tmp/resolv.conf.d <==
head: /tmp/resolv.conf.d: I/O error
==> /tmp/resolv.conf.d/resolv.conf.auto <==
# Interface lan
nameserver 208.67.222.123
nameserver 208.67.220.123
# Interface wlan0
nameserver 208.67.222.123
nameserver 208.67.220.123
# Interface wanb
nameserver 208.67.222.123
nameserver 208.67.220.123
# Interface wan
nameserver 208.67.222.123
nameserver 208.67.220.123
Looking forward for your feedback.
Thanks.