IPv4 does not get routed via DS-Lite interface

Hey there.

Yesterday I setup my old FritzBox 7360 with this image openwrt-18.06.2-lantiq-xrx200-avm_fritz7360sl-squashfs-sysupgrade.bin. I installed the ds-lite package because my provider uses that.

After some trial and error I got everything what I needed up and running. My internal LAN could access WAN hosts through IPv4 and v6. Then I used the instructions on this website to setup an auto-update mechanism for the box. The box did the update but afterwards, traffic to IPv4 hosts didn't get routed anymore.

Pinging hosts from the box itself hangs forever:

root@fritz:/etc/config# ping heise.de
PING heise.de (193.99.144.80): 56 data bytes

From hosts in my LAN I'm getting a timeout.

IPv6 is working like it should:

root@fritz:/etc/config# ping6 heise.de
PING heise.de (2a02:2e0:3fe:1001:302::): 56 data bytes
64 bytes from 2a02:2e0:3fe:1001:302::: seq=0 ttl=58 time=23.841 ms
^C
--- heise.de ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 23.841/23.841/23.841 ms

That's my current network config:

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd0e:976b:0712::/48'

config dsl 'dsl'
        option annex 'b'
        option tone 'av'
        option ds_snr_offset '0'

config interface 'lan'
        option type 'bridge'
        option ifname 'eth0.1'
        option proto 'static'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option ipaddr '192.168.178.1'
        option force_link '0'

config interface 'wan'
        option proto 'pppoe'
        option ifname 'dsl0.40'
        option ipv6 'auto'

config device 'wan_dev'
        option name 'dsl0'
        option macaddr '5c:49:79:68:31:77'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '0 1 2 4 6t'

config interface 'ip4'
        option proto 'dslite'
        option peeraddr 'aftr.prod.m-online.net'

and here my firewall config:

config defaults
        option syn_flood '1'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        option network 'lan'

config zone
        option name 'wan'
        option output 'ACCEPT'
        option masq '1'
        option mtu_fix '1'
        option input 'REJECT'
        option forward 'REJECT'
        option network 'wan dslite ip4'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option src_ip 'fc00::/6'
        option dest_ip 'fc00::/6'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config include
        option path '/etc/firewall.user'

config forwarding
        option dest 'wan'
        option src 'lan'

IP Routes:

root@fritz:/etc/config# ip r s
default dev ds-ip4 scope link
192.0.0.1 dev ds-ip4 scope link  src 192.0.0.2
192.168.178.0/24 dev br-lan scope link  src 192.168.178.1

And IP-Config:

root@fritz:/etc/config# ip a s
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP qlen 1000
    link/ether 5c:49:79:68:31:74 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::5e49:79ff:fe68:3174/64 scope link
       valid_lft forever preferred_lft forever
3: ip6tnl0@NONE: <NOARP> mtu 1452 qdisc noop state DOWN qlen 1
    link/tunnel6 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 brd 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
8: dsl0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP qlen 1000
    link/ether 5c:49:79:68:31:77 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::5e49:79ff:fe68:3177/64 scope link
       valid_lft forever preferred_lft forever
13: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    link/ether 5c:49:79:68:31:74 brd ff:ff:ff:ff:ff:ff
    inet 192.168.178.1/24 brd 192.168.178.255 scope global br-lan
       valid_lft forever preferred_lft forever
    inet6 2001:a62:14e1:9900::1/60 scope global dynamic
       valid_lft 5698sec preferred_lft 2098sec
    inet6 fd0e:976b:712::1/60 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::5e49:79ff:fe68:3174/64 scope link
       valid_lft forever preferred_lft forever
14: eth0.1@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP qlen 1000
    link/ether 5c:49:79:68:31:74 brd ff:ff:ff:ff:ff:ff
15: dsl0.40@dsl0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    link/ether 5c:49:79:68:31:77 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::5e49:79ff:fe68:3177/64 scope link
       valid_lft forever preferred_lft forever
16: pppoe-wan: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1492 qdisc fq_codel state UNKNOWN qlen 3
    link/ppp
    inet6 fe80::a17f:a80b:febc:3307/10 scope link
       valid_lft forever preferred_lft forever
17: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP qlen 1000
    link/ether 5c:49:79:68:31:76 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::5e49:79ff:fe68:3176/64 scope link
       valid_lft forever preferred_lft forever
18: ds-ip4@NONE: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1280 qdisc noqueue state UNKNOWN qlen 1
    link/tunnel6 20:01:0a:62:14:e1:99:00:00:00:00:00:00:00:00:01 peer 20:01:0a:60:00:00:00:06:00:00:00:00:00:00:ff:ff
    inet 192.0.0.2 peer 192.0.0.1/32 brd 255.255.255.255 scope global ds-ip4
       valid_lft forever preferred_lft forever
    inet6 fe80::40b3:9dff:fe60:c273/64 scope link
       valid_lft forever preferred_lft forever

Can someone point me into the right direction?

Thanks in advance!

Alex

Those auto updates are a terrible idea and have caused problems like yours for many people on the forum. Revert to factory settings using firstboot, see the wiki for how, then set up from scratch.

4 Likes

Thanks, you were absolutely right. I did

umount /overlay && firstboot && reboot now

and everything worked okay after configuring... :slight_smile:

Thanks again!
Alex

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.