Help me get me connected to internet, Im using TP-WR740N router

duhrouter · July 14, 2021, 10:05pm

Hello everyone, I'm really new to this Openwrt router setup.
I'm currently using firmware 18.06 (ver 2.1 br) and I'm having problem connecting to the internet with Openwrt. I've done some reading on the documentation how to configure Openwrt. Technically the PPPoe connection to my router was successful, but my LAN and wifi have no access to the internet. For your information, I'm using a VLAN setup for PPPoe which connected into one of LAN trunk ports. I will dump all the necessary information that I have saved . Hopefully someone could help me troubleshoot this.

ifconfig

br-lan    Link encap:Ethernet  HWaddr 54:E6:FC:C0:AD:73  
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fdd7:909f:35d3::1/60 Scope:Global
          inet6 addr: fe80::56e6:fcff:fec0:ad73/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:23690 errors:0 dropped:0 overruns:0 frame:0
          TX packets:22380 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:2166554 (2.0 MiB)  TX bytes:6445324 (6.1 MiB)

eth0      Link encap:Ethernet  HWaddr 54:E6:FC:C0:AD:73  
          inet6 addr: fe80::56e6:fcff:fec0:ad73/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:25198 errors:0 dropped:0 overruns:0 frame:0
          TX packets:14271 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:14253650 (13.5 MiB)  TX bytes:4834135 (4.6 MiB)
          Interrupt:5 

eth0.1    Link encap:Ethernet  HWaddr 54:E6:FC:C0:AD:73  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:17 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:1230 (1.2 KiB)

eth0.500  Link encap:Ethernet  HWaddr 54:E6:FC:C0:AD:73  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:868 errors:0 dropped:0 overruns:0 frame:0
          TX packets:380 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          
lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:1372 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1372 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1 
          RX bytes:104399 (101.9 KiB)  TX bytes:104399 (101.9 KiB)

pppoe-wan Link encap:Point-to-Point Protocol  
          inet addr:123.88.33.8  P-t-P:123.88.34.254  Mask:255.255.255.255
          inet6 addr: fe30::e1ab:b014:3cff:b4dc/10 Scope:Link
          inet6 addr: fe30::e1ab:b014:3cff:b4dc/10 Scope:Link
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1492  Metric:1
          RX packets:20 errors:0 dropped:0 overruns:0 frame:0
          TX packets:355 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3 
          RX bytes:1622 (1.5 KiB)  TX bytes:24486 (23.9 KiB)

wlan0     Link encap:Ethernet  HWaddr 54:E6:FC:C0:AD:74  
          inet6 addr: fe80::56e6:fcff:fec0:ad74/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:4209 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4018 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:466207 (455.2 KiB)  TX bytes:1303413 (1.2 MiB)

ip route

123.88.34.254 dev pppoe-wan scope link  src 123.88.34.238 
192.168.1.0/24 dev br-lan scope link  src 192.168.1.1

cat /etc/config/network

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fdd7:909f:35d3::/48'

config interface 'lan'
        option type 'bridge'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option gateway '192.168.1.1'
        option broadcast '192.168.1.255'
        option dns '192.168.1.1'
        option igmp_snooping '1'
        option ifname 'eth0 eth0.1'

config interface 'wan'
        option proto 'pppoe'
        option ifname 'eth0.500'
        option username 'waawu@www'
        option password '#@$#$%#@'
        option ipv6 'auto'
        option peerdns '0'
        option dns '12.123.12.34 12.321.21.34'
        option keepalive '0'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'
        
config switch_vlan
        option device 'switch0'
        option vlan '1'
        option vid '1'
        option ports '0t 1 2'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '0t 3t'
        option vid '500'

config switch_vlan
        option device 'switch0'
        option vlan '3'
        option ports '3t 4'
        option vid '600'

cat /etc/config/firewall

config defaults
        option syn_flood '1'
        option output 'ACCEPT'
        option input 'DROP'
        option forward 'ACCEPT'

config include
        option path '/etc/firewall.user'

config zone
        option input 'DROP'
        option forward 'ACCEPT'
        option output 'ACCEPT'
        option name 'wan_only'
        option conntrack '1'
        option network 'wan'

config zone
        option forward 'ACCEPT'
        option output 'ACCEPT'
        option input 'ACCEPT'
        option masq '1'
        option name 'wan_to_lan'
        option network ' '

config zone
        option forward 'ACCEPT'
        option output 'ACCEPT'
        option name 'lan'
        option input 'ACCEPT'
        option masq '1'
        option network 'lan'

config redirect
        option target 'DNAT'
        option proto 'tcp'
        option src_dport '80'
        option dest_ip '192.168.1.1'
        option dest_port '80'
        option name 'HTTP'
        option src 'wan_only'
        list src_mac '54:E6:FC:C0:AD:73'
        option dest 'lan'

config redirect
        option target 'DNAT'
        option proto 'tcp'
        option src_dport '443'
        option dest_ip '192.168.1.1'
        option dest_port '443'
        option name 'HTTPS'
        option src 'wan_only'
        list src_mac '54:E6:FC:C0:AD:73'
        option dest 'lan'

config forwarding
        option dest 'wan_to_lan'
        option src 'lan'

config forwarding
        option dest 'lan'
        option src 'wan_to_lan'

Before someone ask regarding the setup, I actually tried to tweak the VLAN value below 15 and that didn't work for pppoe connection. I tried to set up a bridge between wifi and eth0.500 which is the actual WAN, that also made the pppoe failed. Only the current setup that works for pppoe but unfortunately no LAN and wifi connection get to share internet from WAN. Any idea how to fix this?

frollic · July 15, 2021, 5:38am

What DNSes and default gw does your clients get?

trendy · July 15, 2021, 8:47am

It is outdated and unsupported. Please update to stable supported 19.07

You don't need that

wan_to_lan

zone doesn't have any member networks, so the forwarding from lan doesn't work.

tmomas · July 15, 2021, 9:49am

That will be tricky with a device with insufficient flash.

eduperez · July 15, 2021, 10:31am

duhrouter:

config interface 'lan'
        option type 'bridge'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option gateway '192.168.1.1'
        option broadcast '192.168.1.255'
        option dns '192.168.1.1'
        option igmp_snooping '1'
        option ifname 'eth0 eth0.1'

The "gateway" option informs of a gateway accesible to the router on that network, not that clients in that network should use the router as a gateway. You should remove that option.

The same goes for the "dns" option.

You do not need to add interface eth0 to this bridge.

duhrouter · July 15, 2021, 7:46pm

Alright I did all the alteration like you guys said but I still didn't get internet.
Here's the latest info I got from ssh

cat /etc/config/firewall

config defaults
        option syn_flood '1'
        option output 'ACCEPT'
        option input 'DROP'
        option forward 'ACCEPT'

config include
        option path '/etc/firewall.user'

config zone
        option forward 'ACCEPT'
        option output 'ACCEPT'
        option conntrack '1'
        option name 'wan'
        option input 'DROP'
        option network 'wan'

config zone
        option forward 'ACCEPT'
        option output 'ACCEPT'
        option name 'lan'
        option input 'ACCEPT'
        option masq '1'
        option network 'lan'

config redirect
        option target 'DNAT'
        option proto 'tcp'
        option src_dport '80'
        option dest_ip '192.168.1.1'
        option dest_port '80'
        option name 'HTTP'
        option src 'wan'
        list src_mac '54:E6:FC:C0:AD:73'
        option dest 'lan'

config redirect
        option target 'DNAT'
        option proto 'tcp'
        option src_dport '443'
        option dest_ip '192.168.1.1'
        option dest_port '443'
        option name 'HTTPS'
        option src 'wan'
        list src_mac '54:E6:FC:C0:AD:73'
        option dest 'lan'

config forwarding
        option dest 'wan'
        option src 'lan'

cat /etc/hosts

127.0.0.1 localhost

::1     localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

cat /tmp/hosts/dhcp.cfg01411c

# auto-generated config file from /etc/config/dhcp
192.168.1.1 qwerty123
fdd7:909f:35d3::1 qwerty123

netstat

Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       
tcp        0      0 qwerty123.lan:www          Ray.lan:38390          ESTABLISHED 
tcp        0      0 qwerty123.lan:www          Ray.lan:38392          ESTABLISHED 
tcp        0    240 qwerty123.lan:2222         Ray.lan:35886          ESTABLISHED 
tcp        0      0 qwerty123.lan:www          Ray.lan:38388          ESTABLISHED 
tcp        0      0 qwerty123.lan:www          Ray.lan:38374          ESTABLISHED 
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags       Type       State         I-Node Path
unix  8      [ ]         DGRAM                       824 /dev/log
unix  2      [ ]         DGRAM                     27133 /var/run/hostapd/wlan0
unix  3      [ ]         STREAM     CONNECTED        850 
unix  3      [ ]         STREAM     CONNECTED        306 
unix  2      [ ]         DGRAM                     42810 
unix  2      [ ]         DGRAM                      1416 
unix  2      [ ]         DGRAM                     16715 
unix  2      [ ]         DGRAM                      1178 
unix  3      [ ]         STREAM     CONNECTED        851 /var/run/ubus.sock
unix  3      [ ]         STREAM     CONNECTED      36876 /var/run/ubus.sock
unix  3      [ ]         STREAM     CONNECTED      27137 /var/run/ubus.sock
unix  3      [ ]         STREAM     CONNECTED       1181 /var/run/ubus.sock
unix  3      [ ]         STREAM     CONNECTED        827 /var/run/ubus.sock
unix  2      [ ]         DGRAM                       307 
unix  2      [ ]         DGRAM                     36873 
unix  3      [ ]         STREAM     CONNECTED       1239 
unix  3      [ ]         STREAM     CONNECTED      36875 
unix  2      [ ]         DGRAM                      1102 
unix  3      [ ]         STREAM     CONNECTED        826 
unix  3      [ ]         STREAM     CONNECTED        309 /var/run/ubus.sock
unix  2      [ ]         DGRAM                     27111 
unix  3      [ ]         STREAM     CONNECTED       1240 /var/run/ubus.sock
unix  3      [ ]         STREAM     CONNECTED      27136 
unix  3      [ ]         STREAM     CONNECTED       1180

logread

Wed Nov 11 22:32:48 2020 daemon.info dnsmasq[1575]: read /etc/hosts - 4 addresses
Wed Nov 11 22:32:48 2020 daemon.info dnsmasq[1575]: read /tmp/hosts/dhcp.cfg01411c - 2 addresses
Wed Nov 11 22:32:48 2020 daemon.info dnsmasq-dhcp[1575]: read /etc/ethers - 0 addresses
Wed Nov 11 22:32:49 2020 daemon.info dnsmasq[1575]: read /etc/hosts - 4 addresses
Wed Nov 11 22:32:49 2020 daemon.info dnsmasq[1575]: read /tmp/hosts/dhcp.cfg01411c - 2 addresses
Wed Nov 11 22:32:49 2020 daemon.info dnsmasq-dhcp[1575]: read /etc/ethers - 0 addresses
Wed Nov 11 22:33:14 2020 daemon.info hostapd: wlan0: STA c4:17:fe:2f:dc:fa IEEE 802.11: authenticated
Wed Nov 11 22:33:14 2020 daemon.info hostapd: wlan0: STA c4:17:fe:2f:dc:fa IEEE 802.11: associated (aid 1)
Wed Nov 11 22:33:14 2020 daemon.notice hostapd: wlan0: AP-STA-CONNECTED c4:17:fe:2f:dc:fa
Wed Nov 11 22:33:14 2020 daemon.info hostapd: wlan0: STA c4:17:fe:2f:dc:fa WPA: pairwise key handshake completed (RSN)
Wed Nov 11 22:33:22 2020 daemon.info dnsmasq-dhcp[1575]: DHCPDISCOVER(br-lan) c4:17:fe:2f:dc:fa
Wed Nov 11 22:33:22 2020 daemon.info dnsmasq-dhcp[1575]: DHCPOFFER(br-lan) 192.168.1.123 c4:17:fe:2f:dc:fa
Wed Nov 11 22:33:22 2020 daemon.info dnsmasq-dhcp[1575]: DHCPREQUEST(br-lan) 192.168.1.123 c4:17:fe:2f:dc:fa
Wed Nov 11 22:33:22 2020 daemon.info dnsmasq-dhcp[1575]: DHCPACK(br-lan) 192.168.1.123 c4:17:fe:2f:dc:fa Ruru
Wed Nov 11 22:33:23 2020 kern.notice kernel: [   76.436113] random: crng init done
Wed Nov 11 22:36:01 2020 daemon.err uhttpd[906]: luci: accepted login on / for root from 192.168.1.123
Wed Nov 11 22:37:19 2020 authpriv.info dropbear[1620]: Child connection from 192.168.1.123:123456
Wed Nov 11 22:37:35 2020 authpriv.notice dropbear[1620]: Password auth succeeded for 'root' from 192.168.1.123:123456
Wed Nov 11 22:42:43 2020 daemon.info hostapd: wlan0: STA c4:17:fe:2f:dc:fa WPA: group key handshake completed (RSN)
Wed Nov 11 22:50:03 2020 kern.info kernel: [ 1076.062208] br-lan: port 1(eth0) entered disabled state
Wed Nov 11 22:50:03 2020 kern.info kernel: [ 1076.075894] device eth0.1 left promiscuous mode
Wed Nov 11 22:50:03 2020 kern.info kernel: [ 1076.081088] device eth0 left promiscuous mode
Wed Nov 11 22:50:03 2020 kern.info kernel: [ 1076.085794] br-lan: port 2(eth0.1) entered disabled state
Wed Nov 11 22:50:03 2020 kern.info kernel: [ 1076.159517] IPv6: ADDRCONF(NETDEV_UP): eth0.1: link is not ready
Wed Nov 11 22:50:03 2020 kern.info kernel: [ 1076.220015] br-lan: port 1(eth0.1) entered blocking state
Wed Nov 11 22:50:03 2020 kern.info kernel: [ 1076.225450] br-lan: port 1(eth0.1) entered disabled state
Wed Nov 11 22:50:03 2020 kern.info kernel: [ 1076.231668] device eth0.1 entered promiscuous mode
Wed Nov 11 22:50:03 2020 kern.info kernel: [ 1076.236481] device eth0 entered promiscuous mode
Wed Nov 11 22:50:03 2020 kern.info kernel: [ 1076.241497] br-lan: port 1(eth0.1) entered blocking state
Wed Nov 11 22:50:03 2020 kern.info kernel: [ 1076.246950] br-lan: port 1(eth0.1) entered forwarding state
Wed Nov 11 22:50:03 2020 daemon.notice netifd: Interface 'lan' is now down
Wed Nov 11 22:50:03 2020 kern.info kernel: [ 1076.393842] br-lan: port 1(eth0.1) entered disabled state
Wed Nov 11 22:50:03 2020 kern.info kernel: [ 1076.399523] br-lan: port 3(wlan0) entered disabled state
Wed Nov 11 22:50:03 2020 kern.info kernel: [ 1076.567066] eth0: link down
Wed Nov 11 22:50:03 2020 kern.info kernel: [ 1076.617722] device eth0.1 left promiscuous mode
Wed Nov 11 22:50:03 2020 kern.info kernel: [ 1076.622287] device eth0 left promiscuous mode
Wed Nov 11 22:50:03 2020 kern.info kernel: [ 1076.626909] br-lan: port 1(eth0.1) entered disabled state
Wed Nov 11 22:50:03 2020 kern.info kernel: [ 1076.710497] IPv6: ADDRCONF(NETDEV_UP): eth0.1: link is not ready
Wed Nov 11 22:50:03 2020 kern.info kernel: [ 1076.732732] device wlan0 left promiscuous mode
Wed Nov 11 22:50:03 2020 kern.info kernel: [ 1076.737395] br-lan: port 3(wlan0) entered disabled state
Wed Nov 11 22:50:03 2020 daemon.notice netifd: Interface 'lan' is disabled
Wed Nov 11 22:50:03 2020 daemon.notice netifd: Interface 'lan' has link connectivity loss
Wed Nov 11 22:50:03 2020 daemon.notice netifd: Interface 'lan' has link connectivity
Wed Nov 11 22:50:03 2020 kern.info kernel: [ 1076.816698] br-lan: port 1(eth0.1) entered blocking state
Wed Nov 11 22:50:03 2020 kern.info kernel: [ 1076.822266] br-lan: port 1(eth0.1) entered disabled state
Wed Nov 11 22:50:03 2020 kern.info kernel: [ 1076.894978] device eth0.1 entered promiscuous mode
Wed Nov 11 22:50:03 2020 kern.info kernel: [ 1076.900066] device eth0 entered promiscuous mode
Wed Nov 11 22:50:03 2020 kern.info kernel: [ 1076.939748] br-lan: port 2(wlan0) entered blocking state
Wed Nov 11 22:50:03 2020 kern.info kernel: [ 1076.945097] br-lan: port 2(wlan0) entered disabled state
Wed Nov 11 22:50:03 2020 kern.info kernel: [ 1076.967576] device wlan0 entered promiscuous mode
Wed Nov 11 22:50:03 2020 kern.info kernel: [ 1076.985102] br-lan: port 2(wlan0) entered blocking state
Wed Nov 11 22:50:03 2020 kern.info kernel: [ 1076.990559] br-lan: port 2(wlan0) entered forwarding state
Wed Nov 11 22:50:03 2020 daemon.notice netifd: Interface 'lan' is enabled
Wed Nov 11 22:50:03 2020 daemon.warn dnsmasq[1575]: no servers found in /tmp/resolv.conf.auto, will retry
Wed Nov 11 22:50:03 2020 daemon.notice netifd: Interface 'lan' is setting up now
Wed Nov 11 22:50:03 2020 daemon.notice netifd: Interface 'lan' is now up
Wed Nov 11 22:50:04 2020 daemon.notice netifd: Interface 'wan_6' is now down
Wed Nov 11 22:50:04 2020 daemon.notice netifd: Interface 'wan_6' is disabled
Wed Nov 11 22:50:04 2020 daemon.notice netifd: Network alias '' link is down
Wed Nov 11 22:50:04 2020 daemon.notice netifd: Interface 'wan_6' has link connectivity loss
Wed Nov 11 22:50:04 2020 daemon.notice netifd: Network device 'eth0' link is down
Wed Nov 11 22:50:04 2020 daemon.notice netifd: VLAN 'eth0.1' link is down
Wed Nov 11 22:50:04 2020 daemon.notice netifd: VLAN 'eth0.500' link is down
Wed Nov 11 22:50:04 2020 daemon.notice netifd: Interface 'wan' has link connectivity loss
Wed Nov 11 22:50:04 2020 daemon.info pppd[1230]: Terminating on signal 15
Wed Nov 11 22:50:04 2020 daemon.info pppd[1230]: Connect time 17.4 minutes.
Wed Nov 11 22:50:04 2020 daemon.info pppd[1230]: Sent 122719 bytes, received 2154 bytes.
Wed Nov 11 22:50:04 2020 daemon.notice netifd: Network device 'pppoe-wan' link is down
Wed Nov 11 22:50:04 2020 daemon.notice netifd: Network device 'eth0' link is up
Wed Nov 11 22:50:04 2020 kern.info kernel: [ 1077.588881] eth0: link up (1000Mbps/Full duplex)
Wed Nov 11 22:50:04 2020 kern.info kernel: [ 1077.646623] br-lan: port 1(eth0.1) entered blocking state
Wed Nov 11 22:50:04 2020 kern.info kernel: [ 1077.652170] br-lan: port 1(eth0.1) entered forwarding state
Wed Nov 11 22:50:04 2020 daemon.notice netifd: VLAN 'eth0.1' link is up
Wed Nov 11 22:50:04 2020 daemon.notice netifd: VLAN 'eth0.500' link is up
Wed Nov 11 22:50:04 2020 daemon.notice netifd: Interface 'wan' has link connectivity
Wed Nov 11 22:50:05 2020 daemon.info dnsmasq[1575]: read /etc/hosts - 4 addresses
Wed Nov 11 22:50:05 2020 daemon.info dnsmasq[1575]: read /tmp/hosts/odhcpd - 0 addresses
Wed Nov 11 22:50:05 2020 daemon.info dnsmasq[1575]: read /tmp/hosts/dhcp.cfg01411c - 2 addresses
Wed Nov 11 22:50:05 2020 daemon.info dnsmasq-dhcp[1575]: read /etc/ethers - 0 addresses
Wed Nov 11 22:50:05 2020 user.notice firewall: Reloading firewall due to ifup of lan (br-lan)
Wed Nov 11 22:50:07 2020 daemon.notice pppd[1230]: Connection terminated.
Wed Nov 11 22:50:07 2020 daemon.info pppd[1230]: Connect time 17.4 minutes.
Wed Nov 11 22:50:07 2020 daemon.info pppd[1230]: Sent 122719 bytes, received 2154 bytes.
Wed Nov 11 22:50:07 2020 daemon.info pppd[1230]: Sent PADT
Wed Nov 11 22:50:07 2020 daemon.info pppd[1230]: Exit.
Wed Nov 11 22:50:07 2020 daemon.notice netifd: Interface 'wan' is now down
Wed Nov 11 22:50:07 2020 daemon.notice netifd: Interface 'wan' is disabled
Wed Nov 11 22:50:07 2020 daemon.notice netifd: Interface 'wan' is enabled
Wed Nov 11 22:50:07 2020 daemon.notice netifd: Interface 'wan' is setting up now
Wed Nov 11 22:50:07 2020 daemon.err insmod: module is already loaded - slhc
Wed Nov 11 22:50:07 2020 daemon.err insmod: module is already loaded - ppp_generic
Wed Nov 11 22:50:07 2020 daemon.err insmod: module is already loaded - pppox
Wed Nov 11 22:50:07 2020 daemon.err insmod: module is already loaded - pppoe
Wed Nov 11 22:50:07 2020 daemon.info dnsmasq[1575]: exiting on receipt of SIGTERM
Wed Nov 11 22:50:08 2020 daemon.info dnsmasq[2092]: started, version 2.80 cachesize 150
Wed Nov 11 22:50:08 2020 daemon.info dnsmasq[2092]: DNS service limited to local subnets
Wed Nov 11 22:50:08 2020 daemon.info dnsmasq[2092]: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP no-DHCPv6 no-Lua TFTP no-conntrac
k no-ipset no-auth no-DNSSEC no-ID loop-detect inotify dumpfile
Wed Nov 11 22:50:08 2020 daemon.info dnsmasq-dhcp[2092]: DHCP, IP range 192.168.1.100 -- 192.168.1.367, lease time 12h
Wed Nov 11 22:50:08 2020 daemon.info dnsmasq[2092]: using local addresses only for domain test
Wed Nov 11 22:50:08 2020 daemon.info dnsmasq[2092]: using local addresses only for domain onion
Wed Nov 11 22:50:08 2020 daemon.info dnsmasq[2092]: using local addresses only for domain localhost
Wed Nov 11 22:50:08 2020 daemon.info dnsmasq[2092]: using local addresses only for domain local
Wed Nov 11 22:50:08 2020 daemon.info dnsmasq[2092]: using local addresses only for domain invalid
Wed Nov 11 22:50:08 2020 daemon.info dnsmasq[2092]: using local addresses only for domain bind
Wed Nov 11 22:50:08 2020 daemon.info dnsmasq[2092]: using local addresses only for domain lan
Wed Nov 11 22:50:08 2020 daemon.warn dnsmasq[2092]: no servers found in /tmp/resolv.conf.auto, will retry
Wed Nov 11 22:50:08 2020 daemon.info dnsmasq[2092]: read /etc/hosts - 4 addresses
Wed Nov 11 22:50:08 2020 daemon.info dnsmasq[2092]: read /tmp/hosts/odhcpd - 0 addresses
Wed Nov 11 22:50:08 2020 daemon.info dnsmasq[2092]: read /tmp/hosts/dhcp.cfg01411c - 2 addresses
Wed Nov 11 22:50:08 2020 daemon.info dnsmasq-dhcp[2092]: read /etc/ethers - 0 addresses
Wed Nov 11 22:50:08 2020 daemon.info dnsmasq[2092]: read /etc/hosts - 4 addresses
Wed Nov 11 22:50:08 2020 daemon.info dnsmasq[2092]: read /tmp/hosts/odhcpd - 0 addresses
Wed Nov 11 22:50:08 2020 daemon.info dnsmasq[2092]: read /tmp/hosts/dhcp.cfg01411c - 2 addresses
Wed Nov 11 22:50:08 2020 daemon.info dnsmasq-dhcp[2092]: read /etc/ethers - 0 addresses
Wed Nov 11 22:50:08 2020 daemon.info pppd[2115]: Plugin rp-pppoe.so loaded.
Wed Nov 11 22:50:08 2020 daemon.info pppd[2115]: RP-PPPoE plugin version 3.8p compiled against pppd 2.4.7
Wed Nov 11 22:50:08 2020 daemon.notice pppd[2115]: pppd 2.4.7 started by root, uid 0
Wed Nov 11 22:50:08 2020 daemon.info pppd[2115]: PPP session is 45610
Wed Nov 11 22:50:08 2020 daemon.warn pppd[2115]: Connected to 00:00:5e:00:01:38 via interface eth0.500
Wed Nov 11 22:50:08 2020 kern.info kernel: [ 1081.664213] pppoe-wan: renamed from ppp0
Wed Nov 11 22:50:08 2020 daemon.info pppd[2115]: Using interface pppoe-wan
Wed Nov 11 22:50:08 2020 daemon.notice pppd[2115]: Connect: pppoe-wan <--> eth0.500
Wed Nov 11 22:50:11 2020 daemon.info pppd[2115]: Remote message: Authentication success,Welcome!
Wed Nov 11 22:50:11 2020 daemon.notice pppd[2115]: PAP authentication succeeded
Wed Nov 11 22:50:11 2020 daemon.notice pppd[2115]: peer from calling number 00:00:5E:00:01:38 authorized
Wed Nov 11 22:50:11 2020 daemon.notice pppd[2115]: local  LL address fe30::e1ab:b014:3cff:b4dc
Wed Nov 11 22:50:11 2020 daemon.notice pppd[2115]: remote LL address fe30::0200:5eff:fe00:0138
Wed Nov 11 22:50:11 2020 daemon.notice pppd[2115]: local  IP address 123.88.33.8
Wed Nov 11 22:50:11 2020 daemon.notice pppd[2115]: remote IP address 123.88.34.254
Wed Nov 11 22:50:11 2020 daemon.notice pppd[2115]: primary   DNS address 10.54.126.1
Wed Nov 11 22:50:11 2020 daemon.notice pppd[2115]: secondary DNS address 1.9.1.9
Wed Nov 11 22:50:11 2020 daemon.notice netifd: Network device 'pppoe-wan' link is up
Wed Nov 11 22:50:11 2020 daemon.notice netifd: Interface 'wan' is now up
Wed Nov 11 22:50:11 2020 daemon.info dnsmasq[2092]: reading /tmp/resolv.conf.auto
Wed Nov 11 22:50:11 2020 daemon.info dnsmasq[2092]: using local addresses only for domain test
Wed Nov 11 22:50:11 2020 daemon.info dnsmasq[2092]: using local addresses only for domain onion
Wed Nov 11 22:50:11 2020 daemon.info dnsmasq[2092]: using local addresses only for domain localhost
Wed Nov 11 22:50:11 2020 daemon.info dnsmasq[2092]: using local addresses only for domain local
Wed Nov 11 22:50:11 2020 daemon.info dnsmasq[2092]: using local addresses only for domain invalid
Wed Nov 11 22:50:11 2020 daemon.info dnsmasq[2092]: using local addresses only for domain bind
Wed Nov 11 22:50:11 2020 daemon.info dnsmasq[2092]: using local addresses only for domain lan
Wed Nov 11 22:50:11 2020 daemon.info dnsmasq[2092]: using nameserver 12.123.12.34#53
Wed Nov 11 22:50:11 2020 daemon.info dnsmasq[2092]: using nameserver 12.321.21.34#53
Wed Nov 11 22:50:12 2020 daemon.notice netifd: Network alias 'pppoe-wan' link is up
Wed Nov 11 22:50:12 2020 daemon.notice netifd: Interface 'wan_6' is enabled
Wed Nov 11 22:50:12 2020 daemon.notice netifd: Interface 'wan_6' has link connectivity
Wed Nov 11 22:50:12 2020 daemon.notice netifd: Interface 'wan_6' is setting up now
Wed Nov 11 22:50:12 2020 user.notice firewall: Reloading firewall due to ifup of wan (pppoe-wan)
Wed Nov 11 22:50:13 2020 user.notice firewall: Reloading firewall due to ifupdate of wan (pppoe-wan)

When I tried to ping to ip address, it always network unreachable. I even tried disable ipv6, but didn't fix anything. I don't know what's going on anymore

mk24 · July 15, 2021, 8:41pm

When that happens, reset the router to defaults and start over.

Do not change anything about the LAN network or the firewall. The default settings are suitable for this use case.
Note that on this model, eth0 is a direct path from the CPU to the blue WAN port on the back. The notation eth0.500 in your wan section will directly cause packets tagged with 500 to go out the WAN port. It does not involve the switch. The switch is used only for the 4 yellow LAN ports. In keeping with the point above, don't change anything in the switch.
Enter only your pppoe credentials when setting up wan. The ISP should auto configure a working DNS for you.

After you have a basic working Internet connection you can then try to break it again.

eduperez · July 15, 2021, 9:25pm

This goes on the WAN zone, not the LAN one.

eduperez · July 15, 2021, 9:25pm

Solid advice here... OP changed many parameters he didn't need to change.

IanC · July 16, 2021, 9:03am

What is different about your intended use to mean that you need to make changes? Most people set a password, select a way to connect to ISP, ensure wifi is enabled and go with that.

duhrouter · July 17, 2021, 2:05am

I've reverted back the router firewall setting back to its original state.

These are the current setup:
ifconfig

br-lan    Link encap:Ethernet  HWaddr 54:E6:FC:C0:AD:73  
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fd71:253f:4a8b::1/60 Scope:Global
          inet6 addr: fe80::56e6:fcff:fec0:ad73/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:79258 errors:0 dropped:0 overruns:0 frame:0
          TX packets:77393 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:7571423 (7.2 MiB)  TX bytes:42094100 (40.1 MiB)

eth0      Link encap:Ethernet  HWaddr 54:E6:FC:C0:AD:73  
          inet6 addr: fe80::56e6:fcff:fec0:ad73/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:42258 errors:0 dropped:13 overruns:0 frame:0
          TX packets:26333 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:15841816 (15.1 MiB)  TX bytes:4751591 (4.5 MiB)
          Interrupt:5 

eth0.1    Link encap:Ethernet  HWaddr 54:E6:FC:C0:AD:73  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:109 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:16314 (15.9 KiB)

eth0.500  Link encap:Ethernet  HWaddr 54:E6:FC:C0:AD:73  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:8910 errors:0 dropped:0 overruns:0 frame:0
          TX packets:579 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:3493766 (3.3 MiB)  TX bytes:55955 (54.6 KiB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:9742 errors:0 dropped:0 overruns:0 frame:0
          TX packets:9742 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1 
          RX bytes:933590 (911.7 KiB)  TX bytes:933590 (911.7 KiB)

pppoe-wan Link encap:Point-to-Point Protocol  
          inet addr:123.12.23.123  P-t-P:123.12.23.254  Mask:255.255.255.255
          inet6 addr: 1234:e12:1234:a12e:dca1:b37f:f75:4b6b/64 Scope:Global
          inet6 addr: 1234:e12:1236:a12e:dca1:b37f:f75:4b6b/64 Scope:Global
          inet6 addr: fe80::dca1:b37f:f75:4b6b/10 Scope:Link
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1492  Metric:1
          RX packets:506 errors:0 dropped:0 overruns:0 frame:0
          TX packets:553 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3 
          RX bytes:73291 (71.5 KiB)  TX bytes:42984 (41.9 KiB)

wlan0     Link encap:Ethernet  HWaddr 54:E6:FC:C0:AD:74  
          inet6 addr: fe80::56e6:fcff:fec0:ad74/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:4217 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4260 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:552257 (539.3 KiB)  TX bytes:3116998 (2.9 MiB)

cat firewall

config defaults
	option input 'ACCEPT'
	option output 'ACCEPT'
	option syn_flood '1'
	option forward 'REJECT'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	option network 'lan'

config zone
	option name 'wan'
	option output 'ACCEPT'
	option masq '1'
	option mtu_fix '1'
	option network 'wan'
	option input 'REJECT'
	option forward 'REJECT'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option src_ip 'fc00::/6'
	option dest_ip 'fc00::/6'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config include
	option path '/etc/firewall.user'

config forwarding
	option dest 'wan'
	option src 'lan'

Looking back at the firewall status page, as you can see it looks damn weird

Note that on this model, eth0 is a direct path from the CPU to the blue WAN

before I even configured eth0.500 as VLAN wan switch. The original port for wan belongs to eth1 interface which is the blue wan port. eth0 is probably the whole yellow LAN trunk ports. My pppoe connection will not work without eth0.500 configuration setup.