warp off
gate off
i do it everytime i change a value in the config, with hope to see the fabulous warp ip, but it does not, it just.. snaps... 
wasted almost a week of no sleep but i will not surrender until i find a way to make i work,
I have no clue what you mean, so here it is in-whole:
config route
option interface 'wiro'
option target '0.0.0.0/0'
option table '1'
config rule #<---this should fix all the errors you were getting
option dest '192.168.1.0/24'
option priority '1'
option lookup 'main'
config rule
option src '192.168.1.0/24'
option dest '0.0.0.0/0'
option priority '2' #order in IP_rules
option lookup '1' #table_assigned
That's OK.
- Are you using 1.1.1.1 for DNS?
- What is your IP is it Cloudflare?
- You are on a LAN-connected client, correct?
(Kinda difficult when you're not providing information.)
EDIT: note I reversed the order of the rules. 
added this to /firewall
config rule
option dest '192.168.1.0/24'
option priority '2'
option lookup 'main'
still getting isp ip not warp ip
yes, as the manual says
it is my isp ip... not cloudflare
wlan wireless lan
What!?!?
No.
This all goes in /etc/config/network
This goes in /etc/config/dhcp
This goes in /etc/config/firewall
config zone
option name 'wan'
option output 'ACCEPT'
option masq '1'
option mtu_fix '1'
option input 'DROP'
option forward 'DROP'
list network 'wan'
list network 'wiro' #<---add
Keep the wiro WG network config [obviously].
Done. Nothing more, nothing less. Please let us know if this works.
Not sure why you edited this, though.
1 Like
Oh my god ! sorry for the hazing and the blunder , once i am at home i will try that config correctly, see you back in 10 hours , have a nice day and thanks for your time, i tip my hat !!
hello i am back to the bunker, well i just wanted to have small lease time
added everything as you told me, i hope it could work, will keep you updated, ty
OH MY GOD, IT WORKED MAN, FRANKENSTEIN HAS RISEN
you deserve 0.003 btc
Glad that this is working... and kudos to @lleachii for all the help!
@thejoke123 - please post the complete solution (i.e. firewall and network files) so that others may benefit... it seems that many people have had difficulty setting up CFW, and I'm not sure that there is a single post where the entire solution has been consoldated.
2 Likes
i tought using luci was better, but i was wrong, the best is using pure ssh...
---- config ---
cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
config device
option name 'eth1'
option ipv6 '0'
option igmpversion '3'
config interface 'wan'
option device 'eth1'
option proto 'dhcp'
option peerdns '0'
config interface 'wiro'
option proto 'wireguard'
list addresses '2606:4700:110:87e9:d16e:c246:7da0:7976/128'
list addresses '172.16.0.2/24'
option private_key '---'
config wireguard_wiro
option description 'wgcf-profile.conf'
option public_key '---'
list allowed_ips '0.0.0.0/0,::/0'
option endpoint_host '162.159.192.1'
option endpoint_port '2408'
option route_allowed_ips '1'
option persistent_keepalive '10'
config route
option interface 'wiro'
option target '0.0.0.0/0'
option table '1'
config rule #<---this should fix all the errors you were getting
option dest '192.168.1.0/24'
option priority '1'
option lookup 'main'
config rule
option src '192.168.1.0/24'
option dest '0.0.0.0/0'
option priority '2' #order in IP_rules
option lookup '1' #table_assigned
----------------------------------------------------------------
cat /etc/config/firewall
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option synflood_protect '1'
option forward 'DROP'
option drop_invalid '1'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
config zone
option name 'wan'
option output 'ACCEPT'
option masq '1'
option mtu_fix '1'
option input 'DROP'
option forward 'DROP'
list network 'wan'
list network 'wan6'
list network 'wiro'
config zone
option name 'wirezone'
option input 'DROP'
option forward 'DROP'
list network 'wiro'
option masq '1'
option output 'DROP'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include 'pbr'
option fw4_compatible '1'
option type 'script'
option path '/usr/share/pbr/pbr.firewall.include'
config forwarding
option src 'lan'
option dest 'wirezone'
config rule
option name 'Allow_Wireguard_OUT'
option family 'ipv4'
list proto 'udp'
option dest 'wan'
list dest_ip '162.159.192.1'
option dest_port '2408'
option target 'ACCEPT'
config forwarding
option src 'lan'
option dest 'wan'
-------------------------------------------
cat /etc/config/dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
option ednspacket_max '1232'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '10m'
option dhcpv4 'server'
option dhcpv6 'server'
list dhcp_option '6,1.1.1.1,1.0.0.1'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
i hope it serve of utility for someone.... big thanks for everyone...
2 Likes
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.