Internet is working with wifi but not with ethernet

Hi to everyone,

I've recently installed OpenWRT on the Xiaomi AIoT Router AX3600, which is not completely supported yet, in order to replace the router of my ISP. For context I have a FTTH connection with an ONT that gave me an Rj-45 connection, so the fiber is not connected directly to the router.
The WAN port of the router is set to PPPoE with VLAN 802.1q, as required by my ISP.

Everything works except for the ethernet port that have connection to internet, because from my pc I can ping all sites, but through the browser all the pages doesn't load. With wifi this problem is not present.

Here's the configuration currently active on the device

root@OpenWrt:~# cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fde8:b5d7:5568::/48'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'
        list dns '1.1.1.1'
        list dns '1.0.0.1'

config interface 'wan'
        option device 'VLAN-ONT'
        option proto 'pppoe'
        option username 'vodafoneadsl'
        option password 'vodafoneadsl'
        option ipv6 'auto'
        option force_link '1'

config interface 'wan6'
        option device 'VLAN-ONT'
        option proto 'pppoe'
        option username 'vodafoneadsl'
        option password 'vodafoneadsl'
        option ipv6 'auto'
        option force_link '1'

config device
        option type '8021q'
        option ifname 'eth0'
        option vid '1036'
        option name 'VLAN-ONT'

config device
        option name 'pppoe-wan'
        option type 'tunnel'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth1'
        list ports 'eth2'
        list ports 'eth3'
        option vlan_filtering '0'

config bridge-vlan
        option device 'br-lan'
        option vlan '1'
        list ports 'eth1'
        list ports 'eth2'
        list ports 'eth3'

And the firewall configuration

root@OpenWrt:~# cat /etc/config/firewall

config defaults
        option input 'ACCEPT'
        option output 'ACCEPT'
        option synflood_protect '1'
        option forward 'DROP'

config zone
        option name 'lan'
        list network 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'DROP'

config zone
        option name 'wan'
        list network 'wan'
        list network 'wan6'
        option output 'ACCEPT'
        option masq '1'
        option mtu_fix '1'
        option input 'DROP'
        option forward 'DROP'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option src_ip 'fc00::/6'
        option dest_ip 'fc00::/6'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config rule
        option name 'Support-UDP-Traceroute'
        option src 'wan'
        option dest_port '33434:33689'
        option proto 'udp'
        option family 'ipv4'
        option target 'REJECT'
        option enabled 'false'

config include
        option path '/etc/firewall.user'

config include 'qcanssecm'
        option type 'script'
        option path '/etc/firewall.d/qca-nss-ecm'
        option family 'any'
        option reload '1'

Any possible solution is accepted.

Thanks in advance

Ping how?
By IP or DNS name?

I launch the ping command from Windows cmd and pinging google.com, 8.8.8.8 and google.com ip there is a response. Same if I do a tracert the path that the packet takes is the same as if I connect trough my ISP modem.

So it works in cmd/powershell but not in a browser?

In windows, is your network symbol a globe or a ”ethernet connector”?
Alternative does windows say it has internet connection?

What error code does the browser in Windows give?

Have you tried disable and enable the network adapter in Windows or reboot Windows with fastboot disabled for ever!?

Windows seems to be connected correctly to internet, but if I try to go to Google or any other site it tries to load then it timeout an gave back a connection closed error.

if it works everywhere but the browser, one would assume it's a browser issue ?

If Windows say it has internet and the symbol has changed to the connector symbol then the problem is probably in the web browser in the computer.
Have you tried to flush the browser history, cokies etc?

Do you have any other computer you can connect with ethernet and try the internet connection?
Or connect the windows computer directly to the modem to eliminate router fault?

Try another browser?

I've tried with both Firefox and Edge, but the results are the same, but this happen with every device connected through ethernet, while on wifi everything is flawless.

If it isn’t the computer I think you know where this is going.

What image have you actually installed since we have no AX3600 at all?

I've installed the experimental firmware made by Robimarko, which at the moment is the only one available. I've found it on the device page of OpenWrt

Isn’t that device called x3200? You have x3600.

No, the Xiaomi AX3600 is the one that I have. On the device page is labelled as unsupported because there isn't an official stabe build, the only one avalaible is the one that I've mentioned before which is a snapshot version of the system.

You kind of answering your own question here. What you are doing now is beta testing (at best) and if something doesn’t work then you must get in touch with the developer that is writing the code for that device and file a bug report.