Initial setup problems

user-name-is-taken · October 16, 2019, 2:54pm

I installed OpenWrt on a netgear WNDR3800CH and put my old actiontec MI424WR-Gen3-Rev-I into bridge mode following these steps. On step 20, I can ping 1.1.1.1 from the router but not google.com or any other non-resolved IP address and I can't even ping 1.1.1.1 from any devices connected to my router. I started looking at the static vs router vs gateway page, but it says the default settings should work unless your address spaces conflict, which mine don't.

br-lan    Link encap:Ethernet  HWaddr 46:94:FC:63:98:98  
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fdd1:dc42:bfd2::1/60 Scope:Global
          inet6 addr: fe80::4494:fcff:fe63:9898/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:28103 errors:0 dropped:38 overruns:0 frame:0
          TX packets:15053 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:3810445 (3.6 MiB)  TX bytes:3417877 (3.2 MiB)

eth0      Link encap:Ethernet  HWaddr 46:94:FC:63:98:98  
          inet6 addr: fe80::4494:fcff:fe63:9898/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:30018 errors:0 dropped:0 overruns:0 frame:0
          TX packets:16850 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:4549193 (4.3 MiB)  TX bytes:4011859 (3.8 MiB)
          Interrupt:4 

eth0.1    Link encap:Ethernet  HWaddr 46:94:FC:63:98:98  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:28147 errors:0 dropped:0 overruns:0 frame:0
          TX packets:15053 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:3812776 (3.6 MiB)  TX bytes:3417877 (3.2 MiB)

eth1      Link encap:Ethernet  HWaddr 44:94:FC:63:98:99  
          inet addr:108.31.94.153  Bcast:108.31.94.255  Mask:255.255.255.0
          inet6 addr: fe80::4694:fcff:fe63:9899/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:7875 errors:0 dropped:0 overruns:0 frame:0
          TX packets:60882 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:1948864 (1.8 MiB)  TX bytes:4937795 (4.7 MiB)
          Interrupt:5 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:3400 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3400 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1 
          RX bytes:308603 (301.3 KiB)  TX bytes:308603 (301.3 KiB)

I've also tried setting dns server for the network interfaces (wan, wan-6 and lan) and setting the DNS in the DHCP and DNS page in luci. Please let me know if you have any ideas what I should try next.

trendy · October 16, 2019, 3:10pm

Please post here the output of the following command, copy and paste the whole block:

uci show network;uci show wireless; \
uci show firewall; uci show dhcp; \
ip -4 addr ; ip -4 ro ; ip -4 ru; \
iptables-save; \
head -n -0 /etc/firewall.user; \
ls -l  /etc/resolv.* /tmp/resolv.*; head -n -0 /etc/resolv.* /tmp/resolv.*

lleachii · October 16, 2019, 3:12pm

@user-name-is-taken, welcome to the community!

Can you please explain your "bridge mode" - given that the instructions are not OpenWrt-based?
Did you ever set a DNS server in OpenWrt?
If you're in bridge mode, why is there a LAN and eth1...please show us your /etc/config/network

user-name-is-taken · October 16, 2019, 3:25pm

@trendy

root@OpenWrt:~# uci show network;uci show wireless; \
> uci show firewall; uci show dhcp; \
> ip -4 addr ; ip -4 ro ; ip -4 ru; \
> iptables-save; \
> head -n -0 /etc/firewall.user; \
> ls -l  /etc/resolv.* /tmp/resolv.*; head -n -0 /etc/resolv.* /tmp/resolv.*
network.loopback=interface
network.loopback.ifname='lo'
network.loopback.proto='static'
network.loopback.ipaddr='127.0.0.1'
network.loopback.netmask='255.0.0.0'
network.globals=globals
network.globals.ula_prefix='fdd1:dc42:bfd2::/48'
network.lan=interface
network.lan.type='bridge'
network.lan.ifname='eth0.1'
network.lan.proto='static'
network.lan.ipaddr='192.168.1.1'
network.lan.netmask='255.255.255.0'
network.lan.ip6assign='60'
network.lan.dns='1.1.1.1 8.8.8.8 8.8.4.4'
network.wan=interface
network.wan.ifname='eth1'
network.wan.proto='dhcp'
network.wan.peerdns='0'
network.wan.dns='1.1.1.1 8.8.8.8 8.8.4.4'
network.wan6=interface
network.wan6.ifname='eth1'
network.wan6.proto='dhcpv6'
network.wan6.reqaddress='try'
network.wan6.reqprefix='auto'
network.wan6.peerdns='0'
network.wan6.dns='2001:4860:4860::8888 2001:4860:4860::8844'
network.@switch[0]=switch
network.@switch[0].name='switch0'
network.@switch[0].reset='1'
network.@switch[0].enable_vlan='1'
network.@switch[0].blinkrate='2'
network.@switch_vlan[0]=switch_vlan
network.@switch_vlan[0].device='switch0'
network.@switch_vlan[0].vlan='1'
network.@switch_vlan[0].ports='0 1 2 3 5t'
network.@switch_port[0]=switch_port
network.@switch_port[0].device='switch0'
network.@switch_port[0].port='1'
network.@switch_port[0].led='6'
network.@switch_port[1]=switch_port
network.@switch_port[1].device='switch0'
network.@switch_port[1].port='2'
network.@switch_port[1].led='9'
network.@switch_port[2]=switch_port
network.@switch_port[2].device='switch0'
network.@switch_port[2].port='5'
network.@switch_port[2].led='2'
wireless.radio0=wifi-device
wireless.radio0.type='mac80211'
wireless.radio0.channel='11'
wireless.radio0.hwmode='11g'
wireless.radio0.path='pci0000:00/0000:00:11.0'
wireless.radio0.htmode='HT20'
wireless.radio0.disabled='1'
wireless.default_radio0=wifi-iface
wireless.default_radio0.device='radio0'
wireless.default_radio0.network='lan'
wireless.default_radio0.mode='ap'
wireless.default_radio0.ssid='OpenWrt'
wireless.default_radio0.encryption='none'
wireless.radio1=wifi-device
wireless.radio1.type='mac80211'
wireless.radio1.channel='36'
wireless.radio1.hwmode='11a'
wireless.radio1.path='pci0000:00/0000:00:12.0'
wireless.radio1.htmode='HT20'
wireless.radio1.disabled='1'
wireless.default_radio1=wifi-iface
wireless.default_radio1.device='radio1'
wireless.default_radio1.network='lan'
wireless.default_radio1.mode='ap'
wireless.default_radio1.ssid='OpenWrt'
wireless.default_radio1.encryption='none'
firewall.@defaults[0]=defaults
firewall.@defaults[0].syn_flood='1'
firewall.@defaults[0].input='ACCEPT'
firewall.@defaults[0].output='ACCEPT'
firewall.@defaults[0].forward='REJECT'
firewall.@zone[0]=zone
firewall.@zone[0].name='lan'
firewall.@zone[0].network='lan'
firewall.@zone[0].input='ACCEPT'
firewall.@zone[0].output='ACCEPT'
firewall.@zone[0].forward='ACCEPT'
firewall.@zone[1]=zone
firewall.@zone[1].name='wan'
firewall.@zone[1].network='wan' 'wan6'
firewall.@zone[1].input='REJECT'
firewall.@zone[1].output='ACCEPT'
firewall.@zone[1].forward='REJECT'
firewall.@zone[1].masq='1'
firewall.@zone[1].mtu_fix='1'
firewall.@forwarding[0]=forwarding
firewall.@forwarding[0].src='lan'
firewall.@forwarding[0].dest='wan'
firewall.@rule[0]=rule
firewall.@rule[0].name='Allow-DHCP-Renew'
firewall.@rule[0].src='wan'
firewall.@rule[0].proto='udp'
firewall.@rule[0].dest_port='68'
firewall.@rule[0].target='ACCEPT'
firewall.@rule[0].family='ipv4'
firewall.@rule[1]=rule
firewall.@rule[1].name='Allow-Ping'
firewall.@rule[1].src='wan'
firewall.@rule[1].proto='icmp'
firewall.@rule[1].icmp_type='echo-request'
firewall.@rule[1].family='ipv4'
firewall.@rule[1].target='ACCEPT'
firewall.@rule[2]=rule
firewall.@rule[2].name='Allow-IGMP'
firewall.@rule[2].src='wan'
firewall.@rule[2].proto='igmp'
firewall.@rule[2].family='ipv4'
firewall.@rule[2].target='ACCEPT'
firewall.@rule[3]=rule
firewall.@rule[3].name='Allow-DHCPv6'
firewall.@rule[3].src='wan'
firewall.@rule[3].proto='udp'
firewall.@rule[3].src_ip='fc00::/6'
firewall.@rule[3].dest_ip='fc00::/6'
firewall.@rule[3].dest_port='546'
firewall.@rule[3].family='ipv6'
firewall.@rule[3].target='ACCEPT'
firewall.@rule[4]=rule
firewall.@rule[4].name='Allow-MLD'
firewall.@rule[4].src='wan'
firewall.@rule[4].proto='icmp'
firewall.@rule[4].src_ip='fe80::/10'
firewall.@rule[4].icmp_type='130/0' '131/0' '132/0' '143/0'
firewall.@rule[4].family='ipv6'
firewall.@rule[4].target='ACCEPT'
firewall.@rule[5]=rule
firewall.@rule[5].name='Allow-ICMPv6-Input'
firewall.@rule[5].src='wan'
firewall.@rule[5].proto='icmp'
firewall.@rule[5].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type' 'router-solicitation' 'neighbour-solicitation' 'router-advertisement' 'neighbour-advertisement'
firewall.@rule[5].limit='1000/sec'
firewall.@rule[5].family='ipv6'
firewall.@rule[5].target='ACCEPT'
firewall.@rule[6]=rule
firewall.@rule[6].name='Allow-ICMPv6-Forward'
firewall.@rule[6].src='wan'
firewall.@rule[6].dest='*'
firewall.@rule[6].proto='icmp'
firewall.@rule[6].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type'
firewall.@rule[6].limit='1000/sec'
firewall.@rule[6].family='ipv6'
firewall.@rule[6].target='ACCEPT'
firewall.@rule[7]=rule
firewall.@rule[7].name='Allow-IPSec-ESP'
firewall.@rule[7].src='wan'
firewall.@rule[7].dest='lan'
firewall.@rule[7].proto='esp'
firewall.@rule[7].target='ACCEPT'
firewall.@rule[8]=rule
firewall.@rule[8].name='Allow-ISAKMP'
firewall.@rule[8].src='wan'
firewall.@rule[8].dest='lan'
firewall.@rule[8].dest_port='500'
firewall.@rule[8].proto='udp'
firewall.@rule[8].target='ACCEPT'
firewall.@include[0]=include
firewall.@include[0].path='/etc/firewall.user'
dhcp.@dnsmasq[0]=dnsmasq
dhcp.@dnsmasq[0].domainneeded='1'
dhcp.@dnsmasq[0].localise_queries='1'
dhcp.@dnsmasq[0].rebind_protection='1'
dhcp.@dnsmasq[0].rebind_localhost='1'
dhcp.@dnsmasq[0].local='/lan/'
dhcp.@dnsmasq[0].domain='lan'
dhcp.@dnsmasq[0].expandhosts='1'
dhcp.@dnsmasq[0].authoritative='1'
dhcp.@dnsmasq[0].readethers='1'
dhcp.@dnsmasq[0].leasefile='/tmp/dhcp.leases'
dhcp.@dnsmasq[0].resolvfile='/tmp/resolv.conf.auto'
dhcp.@dnsmasq[0].nonwildcard='1'
dhcp.@dnsmasq[0].localservice='1'
dhcp.lan=dhcp
dhcp.lan.interface='lan'
dhcp.lan.start='100'
dhcp.lan.limit='150'
dhcp.lan.leasetime='12h'
dhcp.lan.dhcpv6='server'
dhcp.lan.ra='server'
dhcp.lan.ra_management='1'
dhcp.wan=dhcp
dhcp.wan.interface='wan'
dhcp.wan.ignore='1'
dhcp.odhcpd=odhcpd
dhcp.odhcpd.maindhcp='0'
dhcp.odhcpd.leasefile='/tmp/hosts/odhcpd'
dhcp.odhcpd.leasetrigger='/usr/sbin/odhcpd-update'
dhcp.odhcpd.loglevel='4'
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP qlen 1000
    inet 108.31.94.153/24 brd 108.31.94.255 scope global eth1
       valid_lft forever preferred_lft forever
10: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    inet 192.168.1.1/24 brd 192.168.1.255 scope global br-lan
       valid_lft forever preferred_lft forever
default via 108.31.94.1 dev eth1  src 108.31.94.153 
108.31.94.0/24 dev eth1 scope link  src 108.31.94.153 
192.168.1.0/24 dev br-lan scope link  src 192.168.1.1 
0:	from all lookup local 
32766:	from all lookup main 
32767:	from all lookup default 
# Generated by iptables-save v1.6.2 on Thu Aug 16 10:18:52 2018
*nat
:PREROUTING ACCEPT [1176:239864]
:INPUT ACCEPT [377:29166]
:OUTPUT ACCEPT [481:36457]
:POSTROUTING ACCEPT [98:8607]
:postrouting_lan_rule - [0:0]
:postrouting_rule - [0:0]
:postrouting_wan_rule - [0:0]
:prerouting_lan_rule - [0:0]
:prerouting_rule - [0:0]
:prerouting_wan_rule - [0:0]
:zone_lan_postrouting - [0:0]
:zone_lan_prerouting - [0:0]
:zone_wan_postrouting - [0:0]
:zone_wan_prerouting - [0:0]
-A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
-A PREROUTING -i br-lan -m comment --comment "!fw3" -j zone_lan_prerouting
-A PREROUTING -i eth1 -m comment --comment "!fw3" -j zone_wan_prerouting
-A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
-A POSTROUTING -o br-lan -m comment --comment "!fw3" -j zone_lan_postrouting
-A POSTROUTING -o eth1 -m comment --comment "!fw3" -j zone_wan_postrouting
-A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
-A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
-A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule
-A zone_wan_postrouting -m comment --comment "!fw3" -j MASQUERADE
-A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule
COMMIT
# Completed on Thu Aug 16 10:18:52 2018
# Generated by iptables-save v1.6.2 on Thu Aug 16 10:18:52 2018
*mangle
:PREROUTING ACCEPT [6541:1061585]
:INPUT ACCEPT [4234:371802]
:FORWARD ACCEPT [1696:494636]
:OUTPUT ACCEPT [5867:609730]
:POSTROUTING ACCEPT [7563:1104366]
-A FORWARD -o eth1 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
COMMIT
# Completed on Thu Aug 16 10:18:52 2018
# Generated by iptables-save v1.6.2 on Thu Aug 16 10:18:52 2018
*filter
:INPUT ACCEPT [3:120]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:forwarding_lan_rule - [0:0]
:forwarding_rule - [0:0]
:forwarding_wan_rule - [0:0]
:input_lan_rule - [0:0]
:input_rule - [0:0]
:input_wan_rule - [0:0]
:output_lan_rule - [0:0]
:output_rule - [0:0]
:output_wan_rule - [0:0]
:reject - [0:0]
:syn_flood - [0:0]
:zone_lan_dest_ACCEPT - [0:0]
:zone_lan_forward - [0:0]
:zone_lan_input - [0:0]
:zone_lan_output - [0:0]
:zone_lan_src_ACCEPT - [0:0]
:zone_wan_dest_ACCEPT - [0:0]
:zone_wan_dest_REJECT - [0:0]
:zone_wan_forward - [0:0]
:zone_wan_input - [0:0]
:zone_wan_output - [0:0]
:zone_wan_src_REJECT - [0:0]
-A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
-A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
-A INPUT -i br-lan -m comment --comment "!fw3" -j zone_lan_input
-A INPUT -i eth1 -m comment --comment "!fw3" -j zone_wan_input
-A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A FORWARD -i br-lan -m comment --comment "!fw3" -j zone_lan_forward
-A FORWARD -i eth1 -m comment --comment "!fw3" -j zone_wan_forward
-A FORWARD -m comment --comment "!fw3" -j reject
-A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -o br-lan -m comment --comment "!fw3" -j zone_lan_output
-A OUTPUT -o eth1 -m comment --comment "!fw3" -j zone_wan_output
-A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
-A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp-port-unreachable
-A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
-A syn_flood -m comment --comment "!fw3" -j DROP
-A zone_lan_dest_ACCEPT -o br-lan -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
-A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT
-A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
-A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
-A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
-A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_src_ACCEPT -i br-lan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_ACCEPT -o eth1 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
-A zone_wan_dest_ACCEPT -o eth1 -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_REJECT -o eth1 -m comment --comment "!fw3" -j reject
-A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
-A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT
-A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule
-A zone_wan_input -p udp -m udp --dport 68 -m comment --comment "!fw3: Allow-DHCP-Renew" -j ACCEPT
-A zone_wan_input -p icmp -m icmp --icmp-type 8 -m comment --comment "!fw3: Allow-Ping" -j ACCEPT
-A zone_wan_input -p igmp -m comment --comment "!fw3: Allow-IGMP" -j ACCEPT
-A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_REJECT
-A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
-A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
-A zone_wan_src_REJECT -i eth1 -m comment --comment "!fw3" -j reject
COMMIT
# Completed on Thu Aug 16 10:18:52 2018
# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.

# Internal uci firewall chains are flushed and recreated on reload, so
# put custom rules into the root chains e.g. INPUT or FORWARD or into the
# special user chains, e.g. input_wan_rule or postrouting_lan_rule.
lrwxrwxrwx    1 root     root            16 Aug 16 07:51 /etc/resolv.conf -> /tmp/resolv.conf
-rw-r--r--    1 root     root            32 Aug 16 08:48 /tmp/resolv.conf
-rw-r--r--    1 root     root           146 Aug 16 10:13 /tmp/resolv.conf.auto
==> /etc/resolv.conf <==
search lan
nameserver 127.0.0.1

==> /tmp/resolv.conf <==
search lan
nameserver 127.0.0.1

==> /tmp/resolv.conf.auto <==
# Interface lan
nameserver 1.1.1.1
nameserver 8.8.8.8
nameserver 8.8.4.4
# Interface wan
nameserver 1.1.1.1
nameserver 8.8.8.8
nameserver 8.8.4.4

user-name-is-taken · October 16, 2019, 3:26pm

@lleachii

root@OpenWrt:~# cat /etc/config/network

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fdd1:dc42:bfd2::/48'

config interface 'lan'
	option type 'bridge'
	option ifname 'eth0.1'
	option proto 'static'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option dns '1.1.1.1 8.8.8.8 8.8.4.4'

config interface 'wan'
	option ifname 'eth1'
	option proto 'dhcp'
	option peerdns '0'
	option dns '1.1.1.1 8.8.8.8 8.8.4.4'

config interface 'wan6'
	option ifname 'eth1'
	option proto 'dhcpv6'
	option reqaddress 'try'
	option reqprefix 'auto'
	option peerdns '0'
	option dns '2001:4860:4860::8888 2001:4860:4860::8844'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'
	option blinkrate '2'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '0 1 2 3 5t'

config switch_port
	option device 'switch0'
	option port '1'
	option led '6'

config switch_port
	option device 'switch0'
	option port '2'
	option led '9'

config switch_port
	option device 'switch0'
	option port '5'
	option led '2'

user-name-is-taken · October 16, 2019, 3:31pm

The idea behind bridge mode is to use the actiontec as a modem only because my fios network is run as COAX. If I'm understanding correctly, you basically tell the actiontec to not request an IP address from verizon so OpenWrt can request one and you tell it to not serve DHCP, resolve DNS... I don't think the actiontec is the problem because I can ping across the actiontec to 1.1.1.1, but I'm very new to this, so maybe it is. @lleachii

anon50098793 · October 16, 2019, 4:27pm

Pretty odd flow stats there... for a "wan" interface... leave it to trendy / lleachii but a quick scan has me wondering about eth1 at the switch and ip6 issues/mtu... but i'm also confused about where the "bridge" is... i'm thinking your edge device is not quite right... like it's half in half bridge or something...

would be worth just plugging a laptop into it ( the actiontec ) to test if i'm understanding what your trying to do correctly...

lleachii · October 16, 2019, 5:09pm

That would definitely ensure the issue isn't with the Actiontec. I'd also try:

testing a machine in the current setup; but assigning DNS severs directly on the client
resetting OpenWrt to defaults, and only adding DNS servers to WAN/WAN6

user-name-is-taken · October 16, 2019, 5:23pm

I was looking at the firewall rules and they seemed weird. But again I'm a noob.

root@OpenWrt:~# uci show firewall
firewall.@defaults[0]=defaults
firewall.@defaults[0].syn_flood='1'
firewall.@defaults[0].input='ACCEPT'
firewall.@defaults[0].output='ACCEPT'
firewall.@defaults[0].forward='REJECT'
firewall.@zone[0]=zone
firewall.@zone[0].name='lan'
firewall.@zone[0].network='lan'
firewall.@zone[0].input='ACCEPT'
firewall.@zone[0].output='ACCEPT'
firewall.@zone[0].forward='ACCEPT'
firewall.@zone[1]=zone
firewall.@zone[1].name='wan'
firewall.@zone[1].network='wan' 'wan6'
firewall.@zone[1].input='REJECT'
firewall.@zone[1].output='ACCEPT'
firewall.@zone[1].forward='REJECT'
firewall.@zone[1].masq='1'
firewall.@zone[1].mtu_fix='1'
firewall.@forwarding[0]=forwarding
firewall.@forwarding[0].src='lan'
firewall.@forwarding[0].dest='wan'
firewall.@rule[0]=rule
firewall.@rule[0].name='Allow-DHCP-Renew'
firewall.@rule[0].src='wan'
firewall.@rule[0].proto='udp'
firewall.@rule[0].dest_port='68'
firewall.@rule[0].target='ACCEPT'
firewall.@rule[0].family='ipv4'
firewall.@rule[1]=rule
firewall.@rule[1].name='Allow-Ping'
firewall.@rule[1].src='wan'
firewall.@rule[1].proto='icmp'
firewall.@rule[1].icmp_type='echo-request'
firewall.@rule[1].family='ipv4'
firewall.@rule[1].target='ACCEPT'
firewall.@rule[2]=rule
firewall.@rule[2].name='Allow-IGMP'
firewall.@rule[2].src='wan'
firewall.@rule[2].proto='igmp'
firewall.@rule[2].family='ipv4'
firewall.@rule[2].target='ACCEPT'
firewall.@rule[3]=rule
firewall.@rule[3].name='Allow-DHCPv6'
firewall.@rule[3].src='wan'
firewall.@rule[3].proto='udp'
firewall.@rule[3].src_ip='fc00::/6'
firewall.@rule[3].dest_ip='fc00::/6'
firewall.@rule[3].dest_port='546'
firewall.@rule[3].family='ipv6'
firewall.@rule[3].target='ACCEPT'
firewall.@rule[4]=rule
firewall.@rule[4].name='Allow-MLD'
firewall.@rule[4].src='wan'
firewall.@rule[4].proto='icmp'
firewall.@rule[4].src_ip='fe80::/10'
firewall.@rule[4].icmp_type='130/0' '131/0' '132/0' '143/0'
firewall.@rule[4].family='ipv6'
firewall.@rule[4].target='ACCEPT'
firewall.@rule[5]=rule
firewall.@rule[5].name='Allow-ICMPv6-Input'
firewall.@rule[5].src='wan'
firewall.@rule[5].proto='icmp'
firewall.@rule[5].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type' 'router-solicitation' 'neighbour-solicitation' 'router-advertisement' 'neighbour-advertisement'
firewall.@rule[5].limit='1000/sec'
firewall.@rule[5].family='ipv6'
firewall.@rule[5].target='ACCEPT'
firewall.@rule[6]=rule
firewall.@rule[6].name='Allow-ICMPv6-Forward'
firewall.@rule[6].src='wan'
firewall.@rule[6].dest='*'
firewall.@rule[6].proto='icmp'
firewall.@rule[6].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type'
firewall.@rule[6].limit='1000/sec'
firewall.@rule[6].family='ipv6'
firewall.@rule[6].target='ACCEPT'
firewall.@rule[7]=rule
firewall.@rule[7].name='Allow-IPSec-ESP'
firewall.@rule[7].src='wan'
firewall.@rule[7].dest='lan'
firewall.@rule[7].proto='esp'
firewall.@rule[7].target='ACCEPT'
firewall.@rule[8]=rule
firewall.@rule[8].name='Allow-ISAKMP'
firewall.@rule[8].src='wan'
firewall.@rule[8].dest='lan'
firewall.@rule[8].dest_port='500'
firewall.@rule[8].proto='udp'
firewall.@rule[8].target='ACCEPT'
firewall.@include[0]=include
firewall.@include[0].path='/etc/firewall.user'

user-name-is-taken · October 16, 2019, 5:34pm

resetting openwrt did the trick

trendy · October 16, 2019, 6:51pm

Config was fine, I could not spot any mistake. Most likely some glitch that was fixed with the reboot.

user-name-is-taken · October 18, 2019, 4:30pm

@trendy @lleachii I did a lot of fiddling with this. The DNS will work, then stop working... Finally found that restarting the wan (ipv4) interface fixes the DNS problem too (not sure how long the fix will work for though). Is this a known issue?

lleachii · October 18, 2019, 4:53pm

Sounds like an issue with your DHCP from your ISP...what happens if you specify DNS servers on the WAN port?

You can even statically set the ISP's if you prefer.

Screenshot%20from%202019-10-18%2012-53-54

user-name-is-taken · October 18, 2019, 4:55pm

Before I restarted the interface, nslookup google.com 1.1.1.1 was failing, and now it works.

lleachii · October 18, 2019, 5:06pm

I understand...

So...is that a yes or no - if you want to statically setting the servers?

From my understanding, dynamic DNS server settings are controlled by the ISP's response to your DHCP request. So I would try statically setting the servers, or contacting the ISP.

You can also use tcpdump to look at the DHCP replies sent by your ISP - ensure they have DNS servers listed.

user-name-is-taken · October 18, 2019, 5:28pm

DNS on the WAN port only worked after restarting (not before).

user-name-is-taken · October 18, 2019, 5:55pm

Restarting the interface seems to work until the DHCP lease renews, then I have to restart the interface again.

trendy · October 19, 2019, 5:40pm

It seems to me that dnsmasq is hanging. You are using 3 internet based nameservers, so as long as the internet connection works, you should be able to resolve.
Check logs for any issues from dnsmasq.
Assign for testing purposes to one host static NS settings and see if it will work when others (and the router) fail.

user-name-is-taken · October 19, 2019, 7:54pm

Before Interface Reset (right after failure)

nsLookup\ping

From a Host


UN@hostCPU:~$ ping 1.1.1.1

PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data.

^C

--- 1.1.1.1 ping statistics ---

7 packets transmitted, 0 received, 100% packet loss, time 6104ms

UN@hostCPU:~$ nslookup google.com 1.1.1.1

;; connection timed out; no servers could be reached

From the Router


root@OpenWrt:~# ping 1.1.1.1

PING 1.1.1.1 (1.1.1.1): 56 data bytes

64 bytes from 1.1.1.1: seq=0 ttl=255 time=13.776 ms

64 bytes from 1.1.1.1: seq=1 ttl=255 time=8.072 ms

^C

--- 1.1.1.1 ping statistics ---

2 packets transmitted, 2 packets received, 0% packet loss

round-trip min/avg/max = 8.072/10.924/13.776 ms

root@OpenWrt:~# nslookup google.com 1.1.1.1

;; connection timed out; no servers could be reached

sys logs


Sat Oct 19 19:33:53 2019 authpriv.info dropbear[30541]: Child connection from 192.168.1.155:52496

Sat Oct 19 19:34:00 2019 authpriv.notice dropbear[30541]: Password auth succeeded for 'root' from 192.168.1.155:52496

Sat Oct 19 19:38:24 2019 daemon.info dnsmasq-dhcp[28476]: DHCPREQUEST(br-lan) 192.168.1.109 70:ef:00:b3:80:07

Sat Oct 19 19:38:24 2019 daemon.info dnsmasq-dhcp[28476]: DHCPACK(br-lan) 192.168.1.109 70:ef:00:b3:80:07 iPhone-2

Sat Oct 19 19:38:24 2019 daemon.warn odhcpd[1091]: DHCPV6 SOLICIT IA_NA from 000100012188d29370ef00b38007 on br-lan: ok fd00:cb4:be40::65c/128

Sat Oct 19 19:38:25 2019 daemon.warn odhcpd[1091]: DHCPV6 REQUEST IA_NA from 000100012188d29370ef00b38007 on br-lan: ok fd00:cb4:be40::65c/128

Sat Oct 19 19:39:41 2019 daemon.info dnsmasq-dhcp[28476]: DHCPREQUEST(br-lan) 192.168.1.109 70:ef:00:b3:80:07

Sat Oct 19 19:39:41 2019 daemon.info dnsmasq-dhcp[28476]: DHCPACK(br-lan) 192.168.1.109 70:ef:00:b3:80:07 iPhone-2

Sat Oct 19 19:39:43 2019 daemon.warn odhcpd[1091]: DHCPV6 SOLICIT IA_NA from 000100012188d29370ef00b38007 on br-lan: ok fd00:cb4:be40::65c/128

Sat Oct 19 19:39:44 2019 daemon.warn odhcpd[1091]: DHCPV6 REQUEST IA_NA from 000100012188d29370ef00b38007 on br-lan: ok fd00:cb4:be40::65c/128

Sat Oct 19 19:40:48 2019 authpriv.info dropbear[30541]: Exit (root): Disconnect received

Sat Oct 19 19:41:17 2019 authpriv.info dropbear[30624]: Child connection from 192.168.1.155:52502

Sat Oct 19 19:41:25 2019 authpriv.notice dropbear[30624]: Password auth succeeded for 'root' from 192.168.1.155:52502

Sat Oct 19 19:41:30 2019 authpriv.info dropbear[30624]: Exit (root): Disconnect received

Sat Oct 19 19:42:17 2019 daemon.notice netifd: wan (28667): udhcpc: sending renew to 96.241.140.1

Sat Oct 19 19:43:58 2019 daemon.info dnsmasq-dhcp[28476]: DHCPREQUEST(br-lan) 192.168.1.202 10:ce:a9:54:8a:73

Sat Oct 19 19:43:58 2019 daemon.info dnsmasq-dhcp[28476]: DHCPACK(br-lan) 192.168.1.202 10:ce:a9:54:8a:73 SoundTouch-Kitchen

Sat Oct 19 19:44:29 2019 daemon.info dnsmasq-dhcp[28476]: DHCPREQUEST(br-lan) 192.168.1.127 40:bd:32:ab:3b:73

Sat Oct 19 19:44:29 2019 daemon.info dnsmasq-dhcp[28476]: DHCPACK(br-lan) 192.168.1.127 40:bd:32:ab:3b:73 SoundTouch-Family-room

Sat Oct 19 19:45:33 2019 daemon.info dnsmasq-dhcp[28476]: DHCPREQUEST(br-lan) 192.168.1.111 f4:39:09:54:52:8f

Sat Oct 19 19:45:33 2019 daemon.info dnsmasq-dhcp[28476]: DHCPACK(br-lan) 192.168.1.111 f4:39:09:54:52:8f MikePrinter

Sat Oct 19 19:46:46 2019 daemon.warn odhcpd[1091]: DHCPV6 SOLICIT IA_NA from 000100012188d29370ef00b38007 on br-lan: ok fd00:cb4:be40::65c/128

Sat Oct 19 19:46:47 2019 daemon.warn odhcpd[1091]: DHCPV6 REQUEST IA_NA from 000100012188d29370ef00b38007 on br-lan: ok fd00:cb4:be40::65c/128

Note, I SSHed into the router a few times

Kernel logs


[94356.106016] eth1: link down

[94356.116996] IPv6: ADDRCONF(NETDEV_UP): eth1: link is not ready

[94356.124224] ar71xx: pll_reg 0xb8050014: 0x11110000

[94356.124233] eth1: link up (1000Mbps/Full duplex)

[94356.128848] IPv6: ADDRCONF(NETDEV_CHANGE): eth1: link becomes ready

[94365.100318] br-lan: port 1(eth0.1) entered disabled state

[94365.131721] device eth0.1 left promiscuous mode

[94365.136256] device eth0 left promiscuous mode

[94365.140706] br-lan: port 1(eth0.1) entered disabled state

[94365.169327] IPv6: ADDRCONF(NETDEV_UP): eth0.1: link is not ready

[94365.193748] eth0: link down

[94365.242204] ar71xx: pll_reg 0xb8050010: 0x11110000

[94365.242277] eth0: link up (1000Mbps/Full duplex)

[94365.265736] br-lan: port 1(eth0.1) entered blocking state

[94365.271138] br-lan: port 1(eth0.1) entered disabled state

[94365.277058] device eth0.1 entered promiscuous mode

[94365.281886] device eth0 entered promiscuous mode

[94365.327169] br-lan: port 1(eth0.1) entered blocking state

[94365.332619] br-lan: port 1(eth0.1) entered forwarding state

[94377.884731] eth1: link down

[94377.894890] IPv6: ADDRCONF(NETDEV_UP): eth1: link is not ready

[94377.902422] ar71xx: pll_reg 0xb8050014: 0x11110000

[94377.902434] eth1: link up (1000Mbps/Full duplex)

[94377.907072] IPv6: ADDRCONF(NETDEV_CHANGE): eth1: link becomes ready

[94395.112844] eth1: link down

[94395.122520] IPv6: ADDRCONF(NETDEV_UP): eth1: link is not ready

[94395.129694] ar71xx: pll_reg 0xb8050014: 0x11110000

[94395.129701] eth1: link up (1000Mbps/Full duplex)

[94395.151024] IPv6: ADDRCONF(NETDEV_CHANGE): eth1: link becomes ready

[94396.087667] br-lan: port 1(eth0.1) entered disabled state

[94396.115724] device eth0.1 left promiscuous mode

[94396.120253] device eth0 left promiscuous mode

[94396.124765] br-lan: port 1(eth0.1) entered disabled state

[94396.162993] IPv6: ADDRCONF(NETDEV_UP): eth0.1: link is not ready

[94396.183020] eth0: link down

[94396.235097] ar71xx: pll_reg 0xb8050010: 0x11110000

[94396.235133] eth0: link up (1000Mbps/Full duplex)

[94396.261764] br-lan: port 1(eth0.1) entered blocking state

[94396.267161] br-lan: port 1(eth0.1) entered disabled state

[94396.272956] device eth0.1 entered promiscuous mode

[94396.277738] device eth0 entered promiscuous mode

[94396.332234] br-lan: port 1(eth0.1) entered blocking state

[94396.337637] br-lan: port 1(eth0.1) entered forwarding state

(time of error 19:33)

After restart

restarted WAN and LAN interfaces

system logs


Sat Oct 19 19:48:49 2019 daemon.notice netifd: Interface 'lan' is now down

Sat Oct 19 19:48:49 2019 kern.info kernel: [101998.870854] br-lan: port 1(eth0.1) entered disabled state

Sat Oct 19 19:48:49 2019 kern.info kernel: [101998.907618] device eth0.1 left promiscuous mode

Sat Oct 19 19:48:49 2019 kern.info kernel: [101998.912238] device eth0 left promiscuous mode

Sat Oct 19 19:48:49 2019 kern.info kernel: [101998.916800] br-lan: port 1(eth0.1) entered disabled state

Sat Oct 19 19:48:49 2019 kern.info kernel: [101998.949998] IPv6: ADDRCONF(NETDEV_UP): eth0.1: link is not ready

Sat Oct 19 19:48:49 2019 kern.info kernel: [101998.969270] eth0: link down

Sat Oct 19 19:48:49 2019 daemon.notice netifd: Interface 'lan' is disabled

Sat Oct 19 19:48:49 2019 daemon.err odhcpd[1091]: setsockopt(IPV6_ADD_MEMBERSHIP): No such device

Sat Oct 19 19:48:49 2019 daemon.err odhcpd[1091]: setsockopt(SO_BINDTODEVICE): No such device

Sat Oct 19 19:48:49 2019 daemon.notice netifd: VLAN 'eth0.1' link is down

Sat Oct 19 19:48:49 2019 daemon.notice netifd: bridge 'br-lan' link is down

Sat Oct 19 19:48:49 2019 daemon.notice netifd: Interface 'lan' has link connectivity loss

Sat Oct 19 19:48:49 2019 daemon.notice netifd: Network device 'eth0' link is down

Sat Oct 19 19:48:49 2019 kern.debug kernel: [101999.025105] ar71xx: pll_reg 0xb8050010: 0x11110000

Sat Oct 19 19:48:49 2019 kern.info kernel: [101999.025180] eth0: link up (1000Mbps/Full duplex)

Sat Oct 19 19:48:49 2019 kern.info kernel: [101999.059647] br-lan: port 1(eth0.1) entered blocking state

Sat Oct 19 19:48:49 2019 kern.info kernel: [101999.065131] br-lan: port 1(eth0.1) entered disabled state

Sat Oct 19 19:48:49 2019 kern.info kernel: [101999.071031] device eth0.1 entered promiscuous mode

Sat Oct 19 19:48:49 2019 kern.info kernel: [101999.075905] device eth0 entered promiscuous mode

Sat Oct 19 19:48:49 2019 daemon.info dnsmasq[28476]: read /etc/hosts - 4 addresses

Sat Oct 19 19:48:49 2019 daemon.info dnsmasq[28476]: read /tmp/hosts/odhcpd - 0 addresses

Sat Oct 19 19:48:49 2019 daemon.info dnsmasq[28476]: read /tmp/hosts/dhcp.cfg01411c - 2 addresses

Sat Oct 19 19:48:49 2019 daemon.info dnsmasq-dhcp[28476]: read /etc/ethers - 0 addresses

Sat Oct 19 19:48:49 2019 kern.info kernel: [101999.128403] br-lan: port 1(eth0.1) entered blocking state

Sat Oct 19 19:48:49 2019 kern.info kernel: [101999.133893] br-lan: port 1(eth0.1) entered forwarding state

Sat Oct 19 19:48:49 2019 daemon.notice netifd: Interface 'lan' is enabled

Sat Oct 19 19:48:49 2019 daemon.notice netifd: Interface 'lan' is setting up now

Sat Oct 19 19:48:49 2019 daemon.notice netifd: Interface 'lan' is now up

Sat Oct 19 19:48:49 2019 daemon.notice netifd: bridge 'br-lan' link is up

Sat Oct 19 19:48:49 2019 daemon.notice netifd: Interface 'lan' has link connectivity

Sat Oct 19 19:48:49 2019 daemon.notice netifd: Network device 'eth0' link is up

Sat Oct 19 19:48:49 2019 daemon.notice netifd: VLAN 'eth0.1' link is up

Sat Oct 19 19:48:50 2019 user.notice firewall: Reloading firewall due to ifup of lan (br-lan)

Sat Oct 19 19:48:51 2019 daemon.info dnsmasq[28476]: read /etc/hosts - 4 addresses

Sat Oct 19 19:48:51 2019 daemon.info dnsmasq[28476]: read /tmp/hosts/dhcp.cfg01411c.30840 - 0 addresses

Sat Oct 19 19:48:51 2019 daemon.info dnsmasq[28476]: read /tmp/hosts/odhcpd - 5 addresses

Sat Oct 19 19:48:51 2019 daemon.info dnsmasq[28476]: read /tmp/hosts/dhcp.cfg01411c - 2 addresses

Sat Oct 19 19:48:51 2019 daemon.info dnsmasq-dhcp[28476]: read /etc/ethers - 0 addresses

Sat Oct 19 19:48:52 2019 daemon.notice netifd: wan (28667): udhcpc: received SIGTERM

Sat Oct 19 19:48:52 2019 daemon.notice netifd: Interface 'wan' is now down

Sat Oct 19 19:48:52 2019 daemon.notice netifd: Interface 'wan' is setting up now

Sat Oct 19 19:48:52 2019 daemon.warn dnsmasq[28476]: no servers found in /tmp/resolv.conf.auto, will retry

Sat Oct 19 19:48:52 2019 daemon.notice netifd: wan (30914): udhcpc: started, v1.28.3

Sat Oct 19 19:48:52 2019 daemon.notice netifd: wan (30914): udhcpc: sending discover

Sat Oct 19 19:48:52 2019 daemon.info dnsmasq[28476]: read /etc/hosts - 4 addresses

Sat Oct 19 19:48:52 2019 daemon.info dnsmasq[28476]: read /tmp/hosts/odhcpd - 5 addresses

Sat Oct 19 19:48:52 2019 daemon.info dnsmasq[28476]: read /tmp/hosts/dhcp.cfg01411c - 2 addresses

Sat Oct 19 19:48:52 2019 daemon.info dnsmasq-dhcp[28476]: read /etc/ethers - 0 addresses

Sat Oct 19 19:48:55 2019 daemon.notice netifd: wan (30914): udhcpc: sending discover

Sat Oct 19 19:48:55 2019 daemon.notice netifd: wan (30914): udhcpc: sending select for 108.18.37.96

Sat Oct 19 19:48:56 2019 daemon.notice netifd: wan (30914): udhcpc: lease of 108.18.37.96 obtained, lease time 7200

Sat Oct 19 19:48:56 2019 daemon.notice netifd: Interface 'wan' is now up

Sat Oct 19 19:48:56 2019 daemon.info dnsmasq[28476]: reading /tmp/resolv.conf.auto

Sat Oct 19 19:48:56 2019 daemon.info dnsmasq[28476]: using local addresses only for domain test

Sat Oct 19 19:48:56 2019 daemon.info dnsmasq[28476]: using local addresses only for domain onion

Sat Oct 19 19:48:56 2019 daemon.info dnsmasq[28476]: using local addresses only for domain localhost

Sat Oct 19 19:48:56 2019 daemon.info dnsmasq[28476]: using local addresses only for domain local

Sat Oct 19 19:48:56 2019 daemon.info dnsmasq[28476]: using local addresses only for domain invalid

Sat Oct 19 19:48:56 2019 daemon.info dnsmasq[28476]: using local addresses only for domain bind

Sat Oct 19 19:48:56 2019 daemon.info dnsmasq[28476]: using local addresses only for domain lan

Sat Oct 19 19:48:56 2019 daemon.info dnsmasq[28476]: using nameserver 1.1.1.1#53

Sat Oct 19 19:48:56 2019 daemon.info dnsmasq[28476]: using nameserver 8.8.8.8#53

Sat Oct 19 19:48:56 2019 user.notice firewall: Reloading firewall due to ifup of wan (eth1)

Sat Oct 19 19:49:59 2019 daemon.info dnsmasq-dhcp[28476]: DHCPDISCOVER(br-lan) 10:cd:b6:03:3c:45

Sat Oct 19 19:49:59 2019 daemon.info dnsmasq-dhcp[28476]: DHCPOFFER(br-lan) 192.168.1.107 10:cd:b6:03:3c:45

Sat Oct 19 19:49:59 2019 daemon.info dnsmasq-dhcp[28476]: DHCPREQUEST(br-lan) 192.168.1.107 10:cd:b6:03:3c:45

Sat Oct 19 19:49:59 2019 daemon.info dnsmasq-dhcp[28476]: DHCPACK(br-lan) 192.168.1.107 10:cd:b6:03:3c:45

Kernel Log


[101998.870854] br-lan: port 1(eth0.1) entered disabled state

[101998.907618] device eth0.1 left promiscuous mode

[101998.912238] device eth0 left promiscuous mode

[101998.916800] br-lan: port 1(eth0.1) entered disabled state

[101998.949998] IPv6: ADDRCONF(NETDEV_UP): eth0.1: link is not ready

[101998.969270] eth0: link down

[101999.025105] ar71xx: pll_reg 0xb8050010: 0x11110000

[101999.025180] eth0: link up (1000Mbps/Full duplex)

[101999.059647] br-lan: port 1(eth0.1) entered blocking state

[101999.065131] br-lan: port 1(eth0.1) entered disabled state

[101999.071031] device eth0.1 entered promiscuous mode

[101999.075905] device eth0 entered promiscuous mode

[101999.128403] br-lan: port 1(eth0.1) entered blocking state

[101999.133893] br-lan: port 1(eth0.1) entered forwarding state

ping/nslookup

Both work from the router and a host on the network.

trendy · October 19, 2019, 9:53pm

I presume you have one cable from Actiontech LAN going to Netgear WAN and no other connections between those 2 right?
Could you verify that packets come and go through the router or router is dropping them?
Leave this running on the Netgear and when it happens again start a ping from some host on the LAN.
tcpdump -i any -vvn icmp and host 1.1.1.1