FRITZ!Box 4040: VLAN on WAN is working but LuCI not reachable

Installing and Using OpenWrt
1

Hi community,
I have set up VLAN on WAN port of my FRITZ!Box 4040 successfully and it's working fine. I can access LuCI via WAN port and interface IP without any issues.

If I connect my computer to one of the LAN ports (eth0), I get an IP address and can access my network properly. But I cannot access LuCI. It looks like that something is blocking me. Do you have any idea what this could be?

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd75:fd:5fe8::/48'

config interface 'vlan10'
	option device 'eth1.10'
	option proto 'static'
	option ipaddr '10.0.10.5'
	option netmask '255.255.255.0'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '0 2 3 4'

config switch_vlan
	option device 'switch0'
	option vlan '10'
	option vid '10'
	option ports '0t 1 5t'

Thanks for your help

2 
config defaults
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option synflood_protect '1'

config zone
	option name 'vlan10'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'
	list network 'vlan'
	list network 'vlan10'
3

It seems that these files are very abbreviated. Can you provide the complete files?

Also important... is this the only router in your network, or is there another one (or more)? If so, how are these connected?

What IP address is your computer getting when it is connected to one of the LAN ports?

This is highly discouraged unless the device is a dumb AP/managed switch type config (such that wan is 'just another port' and not actually the internet) or if you are using this device behind another router such that the wan is a trusted network.

2 Likes
4

No, it's not the only router in my network. There is another router connected to the WAN port of this FRITZ!Box 4040 and sending out DHCP on vlan10.

When I connect a computer to the LAN port 1 (which is part of VLAN10), I get an IP address out of 10.0.10.x, e.g. 10.0.10.200.

I have the feeling that OpenWrt doesn't route clients on LAN port 1 to 10.0.10.5 which is the address of the WAN port and also provides LuCI.

Are there any setting I could do? Because in the default OpenWrt setup without VLAN on WAN port, there is no issue to access LuCI from LAN port.

uci show network

network.loopback=interface
network.loopback.device='lo'
network.loopback.proto='static'
network.loopback.ipaddr='127.0.0.1'
network.loopback.netmask='255.0.0.0'
network.globals=globals
network.globals.ula_prefix='fd75:fd:5fe8::/48'
network.vlan10=interface
network.vlan10.device='eth1.10'
network.vlan10.proto='static'
network.vlan10.ipaddr='10.0.10.5'
network.vlan10.netmask='255.255.255.0'
network.@switch[0]=switch
network.@switch[0].name='switch0'
network.@switch[0].reset='1'
network.@switch[0].enable_vlan='1'
network.@switch_vlan[0]=switch_vlan
network.@switch_vlan[0].device='switch0'
network.@switch_vlan[0].vlan='1'
network.@switch_vlan[0].ports='0 2 3 4'
network.@switch_vlan[1]=switch_vlan
network.@switch_vlan[1].device='switch0'
network.@switch_vlan[1].vlan='10'
network.@switch_vlan[1].vid='10'
network.@switch_vlan[1].ports='0t 1 5t'

uci show firewall

firewall.@defaults[0]=defaults
firewall.@defaults[0].input='ACCEPT'
firewall.@defaults[0].output='ACCEPT'
firewall.@defaults[0].forward='REJECT'
firewall.@defaults[0].synflood_protect='1'
firewall.@zone[0]=zone
firewall.@zone[0].name='vlan10'
firewall.@zone[0].input='ACCEPT'
firewall.@zone[0].output='ACCEPT'
firewall.@zone[0].forward='REJECT'
firewall.@zone[0].device='eth1.10'
firewall.@zone[0].network='vlan10'
5

That's likely correct, as you seem to have deleted all the networks and only have a a single VLAN10 - with no WAN to forward to. Where is your WAN network config, WAN firewall rules and setting to allow forwarding form LAN to WAN?

  • Set it back to this
  • Simply change WAN to be tagged on VLAN 10 (if needed)

Also, it seems you're missing a gateway setting (which won't be needed if you properly setup/kept WAN). So if you're trying to access LuCI from another network - that's won't work.