IPv6 works but IPv4 doesn't

Information

ISP: Spectrum, on their Gigabit plan. They have registered my modem.
Modem: Motorola MB8600
Router: WRT3200ACM running OpenWRT v19.07.5
Test clients: Windows 10 Desktop, Archlinux laptop
Other data: Confirmed my modem is using DOCSIS 3.1 with a support agent, so nothing seems to be wrong on that end.

Configuration was done exclusively via LuCI, because frankly, I don't know if I could have gotten this far without the automatic rollback feature.

Symptoms

I am able to connect to any IPv6 host, but no IPv4 hosts. Clients in the network are included, but the router is somewhat weird. The main page of LuCI shows that I have an IPv4 and IPv6 from upstream, despite the issue I observe. IPv4 pings do work on the router, but not on any client. The router otherwise behaves as though it has no IPv4 connectivity, being able to perform pings but not do more than ping IPv4 hosts.

The following fails to return an IPv4 on any client including the router:
dig +short myip.opendns.com @resolver1.opendns.com

The following returns an IPv6 on all clients including the router:
dig TXT +short o-o.myaddr.l.google.com @ns1.google.com

A Windows desktop plugged into the modem directly is able to get an IPv4 and IPv6 and connect to any host. Curiously, the Arch laptop is not able to get either IP leased and never achieves connectivity. At the direction of a user in the #archlinux IRC, I tested the archiso and observed the same result.

Configs

All my configs are listed here. Passwords are redacted with password, and all files (as shown here to separate them, but not actually) begin with filename:

dhcp:

config dnsmasq
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option authoritative '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.auto'
	option readethers '1'
	option localservice '0'
	list server '1.1.1.1'
	list server '1.0.0.1'
	list server '208.67.222.222'
	list server '208.67.220.220'
	list server '8.8.8.8'
	list server '9.9.9.9'
	list server '149.112.112.112'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv6 'server'
	option ra 'server'
	option ra_management '1'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

dropbear:

config dropbear
	option Port '22'
	option RootPasswordAuth 'off'
	option PasswordAuth 'off'

firewall:

config defaults
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option synflood_protect '1'

config zone
	option name 'lan'
	list network 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'

config zone
	option name 'wan'
	list network 'wan'
	list network 'wan6'
	option output 'ACCEPT'
	option mtu_fix '1'
	option input 'ACCEPT'
	option forward 'ACCEPT'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option src_ip 'fc00::/6'
	option dest_ip 'fc00::/6'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config include
	option path '/etc/firewall.user'

luci:

config core 'main'
	option lang 'auto'
	option mediaurlbase '/luci-static/bootstrap'
	option resourcebase '/luci-static/resources'
	option ubuspath '/ubus/'

config extern 'flash_keep'
	option uci '/etc/config/'
	option dropbear '/etc/dropbear/'
	option openvpn '/etc/openvpn/'
	option passwd '/etc/passwd'
	option opkg '/etc/opkg.conf'
	option firewall '/etc/firewall.user'
	option uploads '/lib/uci/upload/'

config internal 'languages'

config internal 'sauth'
	option sessionpath '/tmp/luci-sessions'
	option sessiontime '3600'

config internal 'ccache'
	option enable '1'

config internal 'themes'
	option Bootstrap '/luci-static/bootstrap'

config internal 'apply'
	option rollback '90'
	option holdoff '4'
	option timeout '5'
	option display '1.5'

config internal 'diag'
	option dns 'openwrt.org'
	option ping 'openwrt.org'
	option route 'openwrt.org'

network:

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd2d:27a1:6ab8::/48'

config interface 'lan'
	option type 'bridge'
	option ifname 'eth0.1'
	option proto 'static'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option force_link '0'
	list dns '1.1.1.1'

config interface 'wan'
	option ifname 'eth1.2'
	option proto 'dhcp'
	option hostname 'OpenWrt'
	list dns '1.1.1.1'
	option peerdns '0'

config interface 'wan6'
	option ifname 'eth1.2'
	option proto 'dhcpv6'
	option reqaddress 'try'
	option reqprefix 'auto'

config switch
	option name 'switch0'
	option reset '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '0 1 2 3 5t'
	option vid '1'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option ports '4 6t'
	option vid '2'

output:
dhcp:

config dnsmasq
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option authoritative '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.auto'
	option readethers '1'
	option localservice '0'
	list server '1.1.1.1'
	list server '1.0.0.1'
	list server '208.67.222.222'
	list server '208.67.220.220'
	list server '8.8.8.8'
	list server '9.9.9.9'
	list server '149.112.112.112'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv6 'server'
	option ra 'server'
	option ra_management '1'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

dropbear:

config dropbear
	option Port '22'
	option RootPasswordAuth 'off'
	option PasswordAuth 'off'

firewall:

config defaults
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option synflood_protect '1'

config zone
	option name 'lan'
	list network 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'

config zone
	option name 'wan'
	list network 'wan'
	list network 'wan6'
	option output 'ACCEPT'
	option mtu_fix '1'
	option input 'ACCEPT'
	option forward 'ACCEPT'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option src_ip 'fc00::/6'
	option dest_ip 'fc00::/6'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config include
	option path '/etc/firewall.user'

luci:

config core 'main'
	option lang 'auto'
	option mediaurlbase '/luci-static/bootstrap'
	option resourcebase '/luci-static/resources'
	option ubuspath '/ubus/'

config extern 'flash_keep'
	option uci '/etc/config/'
	option dropbear '/etc/dropbear/'
	option openvpn '/etc/openvpn/'
	option passwd '/etc/passwd'
	option opkg '/etc/opkg.conf'
	option firewall '/etc/firewall.user'
	option uploads '/lib/uci/upload/'

config internal 'languages'

config internal 'sauth'
	option sessionpath '/tmp/luci-sessions'
	option sessiontime '3600'

config internal 'ccache'
	option enable '1'

config internal 'themes'
	option Bootstrap '/luci-static/bootstrap'

config internal 'apply'
	option rollback '90'
	option holdoff '4'
	option timeout '5'
	option display '1.5'

config internal 'diag'
	option dns 'openwrt.org'
	option ping 'openwrt.org'
	option route 'openwrt.org'

network:

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd2d:27a1:6ab8::/48'

config interface 'lan'
	option type 'bridge'
	option ifname 'eth0.1'
	option proto 'static'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option force_link '0'
	list dns '1.1.1.1'

config interface 'wan'
	option ifname 'eth1.2'
	option proto 'dhcp'
	option hostname 'OpenWrt'
	list dns '1.1.1.1'
	option peerdns '0'

config interface 'wan6'
	option ifname 'eth1.2'
	option proto 'dhcpv6'
	option reqaddress 'try'
	option reqprefix 'auto'

config switch
	option name 'switch0'
	option reset '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '0 1 2 3 5t'
	option vid '1'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option ports '4 6t'
	option vid '2'

output:
rpcd:
config rpcd
	option socket /var/run/ubus.sock
	option timeout 30

config login
	option username 'root'
	option password '$p$root'
	list read '*'
	list write '*'

system:

config system
	option hostname 'OpenWrt'
	option timezone 'UTC'
	option ttylogin '0'
	option log_size '64'
	option urandom_seed '0'

config timeserver 'ntp'
	option enabled '1'
	option enable_server '0'
	list server '0.openwrt.pool.ntp.org'
	list server '1.openwrt.pool.ntp.org'
	list server '2.openwrt.pool.ntp.org'
	list server '3.openwrt.pool.ntp.org'

config led 'led_wan'
	option name 'WAN'
	option sysfs 'pca963x:rango:white:wan'
	option trigger 'netdev'
	option mode 'link tx rx'
	option dev 'eth1'

config led 'led_usb1'
	option name 'USB 1'
	option sysfs 'pca963x:rango:white:usb2'
	option trigger 'usbport'
	list port 'usb1-port1'

config led 'led_usb2'
	option name 'USB 2'
	option sysfs 'pca963x:rango:white:usb3_1'
	option trigger 'usbport'
	list port 'usb2-port1'
	list port 'usb3-port1'

config led 'led_usb2_ss'
	option name 'USB 2 SS'
	option sysfs 'pca963x:rango:white:usb3_2'
	option trigger 'usbport'
	list port 'usb3-port1'

ubootenv:

config ubootenv
	option dev '/dev/mtd1'
	option offset '0x0'
	option envsize '0x20000'
	option secsize '0x20000'

ucitrack:
config network
	option init network
	list affects dhcp
	list affects radvd

config wireless
	list affects network

config firewall
	option init firewall
	list affects luci-splash
	list affects qos
	list affects miniupnpd

config olsr
	option init olsrd

config dhcp
	option init dnsmasq
	list affects odhcpd

config odhcpd
	option init odhcpd

config dropbear
	option init dropbear

config httpd
	option init httpd

config fstab
	option exec '/sbin/block mount'

config qos
	option init qos

config system
	option init led
	option exec '/etc/init.d/log reload'
	list affects luci_statistics
	list affects dhcp

config luci_splash
	option init luci_splash

config upnpd
	option init miniupnpd

config ntpclient
	option init ntpclient

config samba
	option init samba

config tinyproxy
	option init tinyproxy
uhttpd:
# Server configuration
config uhttpd main

	# HTTP listen addresses, multiple allowed
	list listen_http	0.0.0.0:80
	list listen_http	[::]:80

	# HTTPS listen addresses, multiple allowed
	list listen_https	0.0.0.0:443
	list listen_https	[::]:443

	# Redirect HTTP requests to HTTPS if possible
	option redirect_https	1

	# Server document root
	option home		/www

	# Reject requests from RFC1918 IP addresses
	# directed to the servers public IP(s).
	# This is a DNS rebinding countermeasure.
	option rfc1918_filter 1

	# Maximum number of concurrent requests.
	# If this number is exceeded, further requests are
	# queued until the number of running requests drops
	# below the limit again.
	option max_requests 3

	# Maximum number of concurrent connections.
	# If this number is exceeded, further TCP connection
	# attempts are queued until the number of active
	# connections drops below the limit again.
	option max_connections 100

	# Certificate and private key for HTTPS.
	# If no listen_https addresses are given,
	# the key options are ignored.
	option cert		/etc/uhttpd.crt
	option key		/etc/uhttpd.key

	# CGI url prefix, will be searched in docroot.
	# Default is /cgi-bin
	option cgi_prefix	/cgi-bin

	# List of extension->interpreter mappings.
	# Files with an associated interpreter can
	# be called outside of the CGI prefix and do
	# not need to be executable.
#	list interpreter	".php=/usr/bin/php-cgi"
#	list interpreter	".cgi=/usr/bin/perl"

	# List of prefix->Lua handler mappings.
	# Any request to an URL beneath the prefix
	# will be dispatched to the associated Lua
	# handler script. Lua support is disabled when
	# no handler mappings are specified. Lua prefix
	# matches have precedence over the CGI prefix.
	list lua_prefix		"/cgi-bin/luci=/usr/lib/lua/luci/sgi/uhttpd.lua"

	# Specify the ubus-rpc prefix and socket path.
#	option ubus_prefix	/ubus
#	option ubus_socket	/var/run/ubus.sock

	# CGI/Lua timeout, if the called script does not
	# write data within the given amount of seconds,
	# the server will terminate the request with
	# 504 Gateway Timeout response.
	option script_timeout	60

	# Network timeout, if the current connection is
	# blocked for the specified amount of seconds,
	# the server will terminate the associated
	# request process.
	option network_timeout	30

	# HTTP Keep-Alive, specifies the timeout for persistent
	# HTTP/1.1 connections. Setting this to 0 will disable
	# persistent HTTP connections.
	option http_keepalive	20

	# TCP Keep-Alive, send periodic keep-alive probes
	# over established connections to detect dead peers.
	# The value is given in seconds to specify the
	# interval between subsequent probes.
	# Setting this to 0 will disable TCP keep-alive.
	option tcp_keepalive	1

	# Basic auth realm, defaults to local hostname
#	option realm	OpenWrt

	# Configuration file in busybox httpd format
#	option config	/etc/httpd.conf

	# Do not follow symlinks that point outside of the
	# home directory.
#	option no_symlinks	0

	# Do not produce directory listings but send 403
	# instead if a client requests an url pointing to
	# a directory without any index file.
#	option no_dirlists	0

	# Do not authenticate any ubus-rpc requests against
	# the ubus session/access procedure.
	# This is dangerous and should be always left off
	# except for development and debug purposes!
#	option no_ubusauth	0

	# For this instance of uhttpd use the listed httpauth
	# sections to require Basic auth to the specified
	# resources.
#	list httpauth prefix_user


# Defaults for automatic certificate and key generation
config cert defaults

	# Validity time
	option days		730

	# key type: rsa or ec
	option key_type		rsa

	# RSA key size
	option bits		2048

	# EC curve name
	# Curve names vary between mbedtls/px5g and openssl
	# P-256 or P-384 are guaranteed to work
	option ec_curve		P-256

	# Location
	option country		ZZ
	option state		Somewhere
	option location		Unknown

	# Common name
	option commonname	'OpenWrt'

# config httpauth prefix_user
#	option prefix /protected/url/path
#	option username user
#	option password 'plaintext_or_md5_or_$p$user_for_system_user'
wireless:

config wifi-device 'radio0'
	option type 'mac80211'
	option hwmode '11a'
	option path 'soc/soc:pcie/pci0000:00/0000:00:01.0/0000:01:00.0'
	option legacy_rates '0'
	option country 'US'
	option txpower '23'
	option channel 'auto'
	option htmode 'VHT160'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option network 'lan'
	option mode 'ap'
	option key 'password'
	option ssid 'Olympus'
	option encryption 'psk2'

config wifi-device 'radio1'
	option type 'mac80211'
	option hwmode '11g'
	option path 'soc/soc:pcie/pci0000:00/0000:00:02.0/0000:02:00.0'
	option legacy_rates '0'
	option country 'US'
	option txpower '30'
	option channel 'auto'
	option htmode 'HT40'

config wifi-iface 'default_radio1'
	option device 'radio1'
	option network 'lan'
	option mode 'ap'
	option key 'password'
	option ssid 'Olympus'
	option encryption 'psk2'

config wifi-device 'radio2'
	option type 'mac80211'
	option hwmode '11a'
	option path 'platform/soc/soc:internal-regs/f10d8000.sdhci/mmc_host/mmc0/mmc0:0001/mmc0:0001:1'
	option htmode 'VHT80'
	option legacy_rates '0'
	option country 'US'
	option txpower '23'
	option channel 'auto'

config wifi-iface 'default_radio2'
	option device 'radio2'
	option network 'lan'
	option mode 'ap'
	option key 'password'
	option ssid 'Olympus'
	option encryption 'psk2'

rpcd:
config rpcd
	option socket /var/run/ubus.sock
	option timeout 30

config login
	option username 'root'
	option password '$p$root'
	list read '*'
	list write '*'

system:

config system
	option hostname 'OpenWrt'
	option timezone 'UTC'
	option ttylogin '0'
	option log_size '64'
	option urandom_seed '0'

config timeserver 'ntp'
	option enabled '1'
	option enable_server '0'
	list server '0.openwrt.pool.ntp.org'
	list server '1.openwrt.pool.ntp.org'
	list server '2.openwrt.pool.ntp.org'
	list server '3.openwrt.pool.ntp.org'

config led 'led_wan'
	option name 'WAN'
	option sysfs 'pca963x:rango:white:wan'
	option trigger 'netdev'
	option mode 'link tx rx'
	option dev 'eth1'

config led 'led_usb1'
	option name 'USB 1'
	option sysfs 'pca963x:rango:white:usb2'
	option trigger 'usbport'
	list port 'usb1-port1'

config led 'led_usb2'
	option name 'USB 2'
	option sysfs 'pca963x:rango:white:usb3_1'
	option trigger 'usbport'
	list port 'usb2-port1'
	list port 'usb3-port1'

config led 'led_usb2_ss'
	option name 'USB 2 SS'
	option sysfs 'pca963x:rango:white:usb3_2'
	option trigger 'usbport'
	list port 'usb3-port1'

temp.sh:
#!/bin/fish
for filename in *; echo "$filename: "; cat "$filename"; end;
ubootenv:

config ubootenv
	option dev '/dev/mtd1'
	option offset '0x0'
	option envsize '0x20000'
	option secsize '0x20000'

ucitrack:
config network
	option init network
	list affects dhcp
	list affects radvd

config wireless
	list affects network

config firewall
	option init firewall
	list affects luci-splash
	list affects qos
	list affects miniupnpd

config olsr
	option init olsrd

config dhcp
	option init dnsmasq
	list affects odhcpd

config odhcpd
	option init odhcpd

config dropbear
	option init dropbear

config httpd
	option init httpd

config fstab
	option exec '/sbin/block mount'

config qos
	option init qos

config system
	option init led
	option exec '/etc/init.d/log reload'
	list affects luci_statistics
	list affects dhcp

config luci_splash
	option init luci_splash

config upnpd
	option init miniupnpd

config ntpclient
	option init ntpclient

config samba
	option init samba

config tinyproxy
	option init tinyproxy
uhttpd:
# Server configuration
config uhttpd main

	# HTTP listen addresses, multiple allowed
	list listen_http	0.0.0.0:80
	list listen_http	[::]:80

	# HTTPS listen addresses, multiple allowed
	list listen_https	0.0.0.0:443
	list listen_https	[::]:443

	# Redirect HTTP requests to HTTPS if possible
	option redirect_https	1

	# Server document root
	option home		/www

	# Reject requests from RFC1918 IP addresses
	# directed to the servers public IP(s).
	# This is a DNS rebinding countermeasure.
	option rfc1918_filter 1

	# Maximum number of concurrent requests.
	# If this number is exceeded, further requests are
	# queued until the number of running requests drops
	# below the limit again.
	option max_requests 3

	# Maximum number of concurrent connections.
	# If this number is exceeded, further TCP connection
	# attempts are queued until the number of active
	# connections drops below the limit again.
	option max_connections 100

	# Certificate and private key for HTTPS.
	# If no listen_https addresses are given,
	# the key options are ignored.
	option cert		/etc/uhttpd.crt
	option key		/etc/uhttpd.key

	# CGI url prefix, will be searched in docroot.
	# Default is /cgi-bin
	option cgi_prefix	/cgi-bin

	# List of extension->interpreter mappings.
	# Files with an associated interpreter can
	# be called outside of the CGI prefix and do
	# not need to be executable.
#	list interpreter	".php=/usr/bin/php-cgi"
#	list interpreter	".cgi=/usr/bin/perl"

	# List of prefix->Lua handler mappings.
	# Any request to an URL beneath the prefix
	# will be dispatched to the associated Lua
	# handler script. Lua support is disabled when
	# no handler mappings are specified. Lua prefix
	# matches have precedence over the CGI prefix.
	list lua_prefix		"/cgi-bin/luci=/usr/lib/lua/luci/sgi/uhttpd.lua"

	# Specify the ubus-rpc prefix and socket path.
#	option ubus_prefix	/ubus
#	option ubus_socket	/var/run/ubus.sock

	# CGI/Lua timeout, if the called script does not
	# write data within the given amount of seconds,
	# the server will terminate the request with
	# 504 Gateway Timeout response.
	option script_timeout	60

	# Network timeout, if the current connection is
	# blocked for the specified amount of seconds,
	# the server will terminate the associated
	# request process.
	option network_timeout	30

	# HTTP Keep-Alive, specifies the timeout for persistent
	# HTTP/1.1 connections. Setting this to 0 will disable
	# persistent HTTP connections.
	option http_keepalive	20

	# TCP Keep-Alive, send periodic keep-alive probes
	# over established connections to detect dead peers.
	# The value is given in seconds to specify the
	# interval between subsequent probes.
	# Setting this to 0 will disable TCP keep-alive.
	option tcp_keepalive	1

	# Basic auth realm, defaults to local hostname
#	option realm	OpenWrt

	# Configuration file in busybox httpd format
#	option config	/etc/httpd.conf

	# Do not follow symlinks that point outside of the
	# home directory.
#	option no_symlinks	0

	# Do not produce directory listings but send 403
	# instead if a client requests an url pointing to
	# a directory without any index file.
#	option no_dirlists	0

	# Do not authenticate any ubus-rpc requests against
	# the ubus session/access procedure.
	# This is dangerous and should be always left off
	# except for development and debug purposes!
#	option no_ubusauth	0

	# For this instance of uhttpd use the listed httpauth
	# sections to require Basic auth to the specified
	# resources.
#	list httpauth prefix_user


# Defaults for automatic certificate and key generation
config cert defaults

	# Validity time
	option days		730

	# key type: rsa or ec
	option key_type		rsa

	# RSA key size
	option bits		2048

	# EC curve name
	# Curve names vary between mbedtls/px5g and openssl
	# P-256 or P-384 are guaranteed to work
	option ec_curve		P-256

	# Location
	option country		ZZ
	option state		Somewhere
	option location		Unknown

	# Common name
	option commonname	'OpenWrt'

# config httpauth prefix_user
#	option prefix /protected/url/path
#	option username user
#	option password 'plaintext_or_md5_or_$p$user_for_system_user'
wireless:

config wifi-device 'radio0'
	option type 'mac80211'
	option hwmode '11a'
	option path 'soc/soc:pcie/pci0000:00/0000:00:01.0/0000:01:00.0'
	option legacy_rates '0'
	option country 'US'
	option txpower '23'
	option channel 'auto'
	option htmode 'VHT160'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option network 'lan'
	option mode 'ap'
	option key 'password'
	option ssid 'Olympus'
	option encryption 'psk2'

config wifi-device 'radio1'
	option type 'mac80211'
	option hwmode '11g'
	option path 'soc/soc:pcie/pci0000:00/0000:00:02.0/0000:02:00.0'
	option legacy_rates '0'
	option country 'US'
	option txpower '30'
	option channel 'auto'
	option htmode 'HT40'

config wifi-iface 'default_radio1'
	option device 'radio1'
	option network 'lan'
	option mode 'ap'
	option key 'password'
	option ssid 'Olympus'
	option encryption 'psk2'

config wifi-device 'radio2'
	option type 'mac80211'
	option hwmode '11a'
	option path 'platform/soc/soc:internal-regs/f10d8000.sdhci/mmc_host/mmc0/mmc0:0001/mmc0:0001:1'
	option htmode 'VHT80'
	option legacy_rates '0'
	option country 'US'
	option txpower '23'
	option channel 'auto'

config wifi-iface 'default_radio2'
	option device 'radio2'
	option network 'lan'
	option mode 'ap'
	option key 'password'
	option ssid 'Olympus'
	option encryption 'psk2'

Related Issues

My issue seems to be related to the following two, but my symptoms are different and simply restarting has not proven to be a solution thus far.


The most similar issue is this one:


But I don't believe my ISP (Spectrum) is at fault here, unlike the solution provided here. As I noted before, if I plug the modem directly into one of my desktops, the desktop is able to successfully lease an IPv4 and IPv6 and connect to any host without issue. The router is the device failing in this context.

1 Like
uci set firewall.@zone[1].masq="1"
uci commit firewall
/etc/init.d/firewall restart
2 Likes

This worked, but two things:

  1. I don't actually know why this worked. I never interacted with the firewall settings after a factory default reset, so I assume this means I was intended to in some way. What does this change do, and where is it in LuCI?
  2. Clients still are unable to get a reported IPv4 back from sites like , even though LuCI does see an IPv4 upstream like before. Why is that? Actually, this was my mistake. It looks like the sites I was checking were simply caching their last result; I checked ipchicken, which I was unable to check before because it was IPv4 only, and it came up with the public IPv4 I was using on one of my clients. Awesome!

Thanks for the help.

1 Like

LuCI > Network > Firewall > General Settings > Zones > wan > Masquerading > Check > Save & Apply

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.