The Router itself now has an internet connection, but my clients don't.
Pinging 8.8.8.8 or openwrt.org works in the web-gui of openwrt
if i connect the PC dircetly to the odu via LAN-Cable, i get an IP and ping works in cmd. So the problem has to be in openwrt
What happens if you ping the same two addresses from your computer?
Let's review the complete configuration of your router now:
Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </>
" button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have:
ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall
root@OpenWrt:~# ubus call system board
{
"kernel": "5.15.162",
"hostname": "OpenWrt",
"system": "ARMv7 Processor rev 5 (v7l)",
"model": "AVM FRITZ!Box 7530",
"board_name": "avm,fritzbox-7530",
"rootfs_type": "squashfs",
"release": {
"distribution": "OpenWrt",
"version": "23.05.4",
"revision": "r24012-d8dd03c46f",
"target": "ipq40xx/generic",
"description": "OpenWrt 23.05.4 r24012-d8dd03c46f"
}
}
root@OpenWrt:~# cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix
config atm-bridge 'atm'
option vpi '1'
option vci '32'
option encaps 'llc'
option payload 'bridged'
option nameprefix 'dsl'
config dsl 'dsl'
option annex 'j'
option tone 'b'
option ds_snr_offset '0'
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
config device
option name 'dsl0'
option macaddr
config interface 'wan'
option proto 'dhcp'
option device 'lan1'
root@OpenWrt:~# cat /etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option path 'platform/soc/a000000.wifi'
option channel '1'
option band '2g'
option htmode 'HT20'
option disabled '1'
config wifi-iface 'default_radio0'
option device 'radio0'
option network 'lan'
option mode 'ap'
option ssid 'OpenWrt'
option encryption 'none'
config wifi-device 'radio1'
option type 'mac80211'
option path 'platform/soc/a800000.wifi'
option channel '36'
option band '5g'
option htmode 'VHT80'
option disabled '1'
config wifi-iface 'default_radio1'
option device 'radio1'
option network 'lan'
option mode 'ap'
option ssid 'OpenWrt'
option encryption 'none'
root@OpenWrt:~# cat /etc/config/dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option cachesize '1000'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
option ednspacket_max '1232'
option filter_aaaa '0'
option filter_a '0'
config dhcp 'lan'
option interface 'lan'
option start '10'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
list ra_flags 'managed-config'
list ra_flags 'other-config'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
root@OpenWrt:~# cat /etc/config/firewall
config defaults
option syn_flood '1'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
list network 'wan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
Hope i didn't forget to redact something
The wan network should not be in the lan firewall zone...
It should be in the wan zone (it is missing):
Remove the wan from the lan zone and add it to the wan zone and it should work after a reboot.
can u tell me how to do that with vi editor?
You might find it easier to do this with the GUI.
Network > Interfaces > Edit wan interface > Firewall Settings
Select wan zone (instead of the lan zone).
ahh okay. My bad. I'm doing a reboot rn
@psherman love you man!!!! It finally worked
Thank you soooo much for helping me. I don't know what time it is at yours. At my location (near vienna) it's 02:15 in the morning/night xD
@psherman hey man!
I'd need your help again...
Do you know some Tweaks to improve Ping and Bandwith? I mean, it's not bad, i'd say it's a bit better than with stock FritzOS. But Bufferbloat-Test gives me an B grade and i wanted to improve the score to A. Bandwith is also still a bit instable while downloading bigger files/databases or games.
SQM and UPnP are installed and working.
Maybe overclocking the CPU and RAM will improve my results? I know OC is not the optimal choice, but i want to test it. Is there a guide how to do? If so, how much u think the CPU and RAM could handle? At the moment CPU is stock on 716MHz, RAM i don't know how to get info via Putty.
Greetings
Generally speaking...
Pings are a function of the ISP and the distance/routes from your device to the servers you are pinging. These are not under your control.
Bandwidth is a bit more complicated, as it depends on many factors
- Your ISP speed tier (what you pay for)
- The actual performance of your ISP to your home which includes
- the signal quality at your home on the ISP side (applies to all mediums, but may be especially critical with wireless ISP delivery)
- the performance of the modem or any other devices required by the ISP
- the speed of the ISPs network
- the speed of the servers that you are using for testing
- Your home network setup, including:
- wired vs wireless, as well as the speed of the link and/or the wireless performance
- the router's bandwidth capabilities
- the capabilities of the end device (computer/phone, etc.)
So we'd need to understand more about the setup and speeds and such to diagnose those.
Bufferbloat is helped by QoS/SQM. Two things to know here:
- Traffic shaping with QoS/SQM tools is very CPU intensive, which means that your router may or may not be able to operate at the expected speeds.
- These tools work by means of actually reducing the maximum bandwidth that the system will use. This means that, when properly tuned, you'll see an increase in the buffer bloat score (i.e. reduced bloat), but you will see a reduction in overall bandwidth.
A not-quite-perfect analogy is a highway that is running slowly due to severe congestion caused by more cars than the original design assumed. If you limit the number of cars that can enter the highway, the ones on that road will be able to drive faster because there are fewer cars and thus less traffic. It's not perfect, though, because while the individual cars travel faster, you may not move the same number of people (essentially the bandwidth) in the same time.
Maybe, maybe not.
Adding RAM is a hardware modification that requires skill and equipment to realize... even if you have those things, it's often more cost effective to buy something more powerful in the first place.
Overclocking may result in overheating and stability issues.
UPnP has nothing to do with traffic shaping. The technology itself actually represents a security risk insofar as devices can open ports without the administrator's knowledge. I don't recommend using it unless it is actually necessary.
All that said, this is really a topic for a new thread if you want to get assistance with SQM/QoS tuning and/or hardware suggestions for better performance.
Okay, i get it.
But i could mod the 7530 wtith a heatsink and a fan to keep it cool afaik.
So is there a guide to overclock the cpu and ram?
I don't know.... I'd search the forum and the internet at large for guides on this. I don't know if this is possible and if so how it would be done. And as mentioned, it could cause more harm than good (up to and including actual hardware damage).
okay. Thank yoú anyway