ISP Telekom nur IPv6 (kein IPv4)

Klaus · May 20, 2021, 12:57pm

Ich nutze OpenWrt 19.07.7 mit dem Router Linksys WRT1900ACS direkt hinter dem Glasfaser-Modem der Telekom. Den Zugang zum Internet über die Telekom bekomme ich hin. Allerdings wird nur IPv6 unterstützt. IPv6-Ping vom Router aus ist möglich. Beim IPv4-Ping bekomme ich die Meldung "PING openwrt.org (139.59.209.225): 56 data bytes
ping: sendto: Network unreachable". Es ist also ein Teil der Intertseiten nicht aufrufbar.

Ich habe mich bei der Einrichtung des Zugangs an folgdene Anleitung gehalten: https://openwrt.org/docs/guide-user/network/wan/isp-configurations#deutsche_telekom (BNG platform) und keine weiteren Einstellungen an der Standardinstallation von OpenWRT vorgenommen.

Kann mir jemand weiterhelfen?

frollic · May 20, 2021, 12:59pm

start by writing in änglish.

Klaus · May 20, 2021, 1:00pm

Deutsch ist für mich hilfreicher, sonst hätte ich es nicht so geschrieben. Bitte also nicht überheblich sein.

frollic · May 20, 2021, 1:02pm

Writing in != english, and not utilizing google translate (or other tools), is just as arrogant (and lazy) towards the people you want to get help from ....

trendy · May 20, 2021, 1:40pm

You can post the troubleshooting and hopefully we'll be able to understand why IPv4 is not working.

Please run the following commands (copy-paste the whole block) and paste the output here, using the "Preformatted text </> " button:

Remember to redact passwords, MAC addresses and any public IP addresses you may have

ubus call system board; \
uci export network; uci export dhcp; uci export firewall; \
head -n -0 /etc/firewall.user; \
iptables-save -c; ip -4 addr ; ip -4 ro li tab all ; ip -4 ru

Borromini · May 20, 2021, 4:20pm

Per me anche l'italiano va, ma a volte anche francese o olandese. Non è proprio scelta mia.

なんで？

If you want actual help, at least provide an English translation of your question. It's all fine and dandy that German suits you better. Where does that get you if that makes your question off limits for 95% of the forum population?

ASFP · May 20, 2021, 4:41pm

Kann nur openwrt.org nicht gepingt werden oder generell keine ipv4?
Wäre noch interessant zu wissen. Ausserdem wären die Troubleshooting Infos, welche trendy bereits erwähnt hat, ebenfalls hilfreich. (Private Informationen wie MAC Adressen und öffentliche IP-Adressen zensieren)

Is only openwrt.org unreachable or ipv4 in general?
Would be interesting to know. Also the troubleshoot information, already mentioned by trendy, would also be helpfull. (Redact private information like MAC addresses and public IPs)

Klaus · May 20, 2021, 6:58pm

Vielen Dank für deine Hilfe, insbesondere auch für die Übersetzung. Danke auch an alle anderen für das Verständnis.

Es kann generell keine ipv4 vom Router aus ins WAN angepingt werden.

Nachfolgend das Ergebnis des Troubleshootings:

root@OpenWrt:~# ubus call system board; \
> uci export network; uci export dhcp; uci export firewall; \
> head -n -0 /etc/firewall.user; \
> iptables-save -c; ip -4 addr ; ip -4 ro li tab all ; ip -4 ru
{
	"kernel": "4.14.221",
	"hostname": "OpenWrt",
	"system": "ARMv7 Processor rev 1 (v7l)",
	"model": "Linksys WRT1900ACS",
	"board_name": "linksys,shelby",
	"release": {
		"distribution": "OpenWrt",
		"version": "19.07.7",
		"revision": "r11306-c4a6851c72",
		"target": "mvebu/cortexa9",
		"description": "OpenWrt 19.07.7 r11306-c4a6851c72"
	}
}
package network

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd3a:xxxx:xxxx::/48'

config interface 'lan'
	option type 'bridge'
	option ifname 'eth0.1'
	option proto 'static'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'
	option ip6assign '60'

config interface 'wan'
	option proto 'pppoe'
	option password 'xxxxxx'
	option username 'xxxxxxxx'
	option ifname 'eth1.7'
	option defaultroute '0'
	option auto '0'
	option ipv6 'auto'

config interface 'wan6'
	option proto 'dhcpv6'
	option ifname 'eth1.7'
	option reqprefix 'auto'
	option reqaddress 'try'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '0 1 2 3 5t'
	option vid '1'

config switch_vlan
	option device 'switch0'
	option vlan '7'
	option vid '7'
	option ports '4t 6t'

package dhcp

config dnsmasq
	option domainneeded '1'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.auto'
	option localservice '1'
	option logqueries '1'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv6 'server'
	option ra 'server'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

package firewall

config defaults
	option syn_flood '1'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'

config zone
	option name 'lan'
	list network 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'

config zone
	option name 'wan'
	list network 'wan'
	list network 'wan6'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option src_ip 'fc00::/6'
	option dest_ip 'fc00::/6'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config include
	option path '/etc/firewall.user'

# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.

# Internal uci firewall chains are flushed and recreated on reload, so
# put custom rules into the root chains e.g. INPUT or FORWARD or into the
# special user chains, e.g. input_wan_rule or postrouting_lan_rule.
# Generated by iptables-save v1.8.3 on Wed May 19 16:23:01 2021
*nat
:PREROUTING ACCEPT [24:2803]
:INPUT ACCEPT [1:60]
:OUTPUT ACCEPT [17:1252]
:POSTROUTING ACCEPT [17:1252]
:postrouting_lan_rule - [0:0]
:postrouting_rule - [0:0]
:postrouting_wan_rule - [0:0]
:prerouting_lan_rule - [0:0]
:prerouting_rule - [0:0]
:prerouting_wan_rule - [0:0]
:zone_lan_postrouting - [0:0]
:zone_lan_prerouting - [0:0]
:zone_wan_postrouting - [0:0]
:zone_wan_prerouting - [0:0]
[24:2803] -A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
[12:2295] -A PREROUTING -i br-lan -m comment --comment "!fw3" -j zone_lan_prerouting
[0:0] -A PREROUTING -i eth1.7 -m comment --comment "!fw3" -j zone_wan_prerouting
[12:508] -A PREROUTING -i pppoe-wan -m comment --comment "!fw3" -j zone_wan_prerouting
[17:1252] -A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
[0:0] -A POSTROUTING -o br-lan -m comment --comment "!fw3" -j zone_lan_postrouting
[0:0] -A POSTROUTING -o eth1.7 -m comment --comment "!fw3" -j zone_wan_postrouting
[0:0] -A POSTROUTING -o pppoe-wan -m comment --comment "!fw3" -j zone_wan_postrouting
[0:0] -A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
[12:2295] -A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
[0:0] -A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule
[0:0] -A zone_wan_postrouting -m comment --comment "!fw3" -j MASQUERADE
[12:508] -A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule
COMMIT
# Completed on Wed May 19 16:23:01 2021
# Generated by iptables-save v1.8.3 on Wed May 19 16:23:01 2021
*mangle
:PREROUTING ACCEPT [642:64123]
:INPUT ACCEPT [631:61888]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [571:168679]
:POSTROUTING ACCEPT [571:168679]
[0:0] -A FORWARD -o eth1.7 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
[0:0] -A FORWARD -i eth1.7 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
[0:0] -A FORWARD -o pppoe-wan -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
[0:0] -A FORWARD -i pppoe-wan -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
COMMIT
# Completed on Wed May 19 16:23:01 2021
# Generated by iptables-save v1.8.3 on Wed May 19 16:23:01 2021
*filter
:INPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:forwarding_lan_rule - [0:0]
:forwarding_rule - [0:0]
:forwarding_wan_rule - [0:0]
:input_lan_rule - [0:0]
:input_rule - [0:0]
:input_wan_rule - [0:0]
:output_lan_rule - [0:0]
:output_rule - [0:0]
:output_wan_rule - [0:0]
:reject - [0:0]
:syn_flood - [0:0]
:zone_lan_dest_ACCEPT - [0:0]
:zone_lan_forward - [0:0]
:zone_lan_input - [0:0]
:zone_lan_output - [0:0]
:zone_lan_src_ACCEPT - [0:0]
:zone_wan_dest_ACCEPT - [0:0]
:zone_wan_dest_REJECT - [0:0]
:zone_wan_forward - [0:0]
:zone_wan_input - [0:0]
:zone_wan_output - [0:0]
:zone_wan_src_REJECT - [0:0]
[74:7138] -A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
[557:54750] -A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
[544:54182] -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
[12:504] -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
[1:60] -A INPUT -i br-lan -m comment --comment "!fw3" -j zone_lan_input
[0:0] -A INPUT -i eth1.7 -m comment --comment "!fw3" -j zone_wan_input
[12:508] -A INPUT -i pppoe-wan -m comment --comment "!fw3" -j zone_wan_input
[0:0] -A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
[0:0] -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
[0:0] -A FORWARD -i br-lan -m comment --comment "!fw3" -j zone_lan_forward
[0:0] -A FORWARD -i eth1.7 -m comment --comment "!fw3" -j zone_wan_forward
[0:0] -A FORWARD -i pppoe-wan -m comment --comment "!fw3" -j zone_wan_forward
[0:0] -A FORWARD -m comment --comment "!fw3" -j reject
[74:7138] -A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
[497:161541] -A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
[497:161541] -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
[0:0] -A OUTPUT -o br-lan -m comment --comment "!fw3" -j zone_lan_output
[0:0] -A OUTPUT -o eth1.7 -m comment --comment "!fw3" -j zone_wan_output
[0:0] -A OUTPUT -o pppoe-wan -m comment --comment "!fw3" -j zone_wan_output
[11:444] -A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
[1:64] -A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp-port-unreachable
[12:504] -A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
[0:0] -A syn_flood -m comment --comment "!fw3" -j DROP
[0:0] -A zone_lan_dest_ACCEPT -o br-lan -m comment --comment "!fw3" -j ACCEPT
[0:0] -A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
[0:0] -A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT
[0:0] -A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
[0:0] -A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
[1:60] -A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
[0:0] -A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
[1:60] -A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
[0:0] -A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
[0:0] -A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
[1:60] -A zone_lan_src_ACCEPT -i br-lan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
[0:0] -A zone_wan_dest_ACCEPT -o eth1.7 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
[0:0] -A zone_wan_dest_ACCEPT -o eth1.7 -m comment --comment "!fw3" -j ACCEPT
[0:0] -A zone_wan_dest_ACCEPT -o pppoe-wan -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
[0:0] -A zone_wan_dest_ACCEPT -o pppoe-wan -m comment --comment "!fw3" -j ACCEPT
[0:0] -A zone_wan_dest_REJECT -o eth1.7 -m comment --comment "!fw3" -j reject
[0:0] -A zone_wan_dest_REJECT -o pppoe-wan -m comment --comment "!fw3" -j reject
[0:0] -A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
[0:0] -A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
[0:0] -A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
[0:0] -A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
[0:0] -A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT
[12:508] -A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule
[0:0] -A zone_wan_input -p udp -m udp --dport 68 -m comment --comment "!fw3: Allow-DHCP-Renew" -j ACCEPT
[0:0] -A zone_wan_input -p icmp -m icmp --icmp-type 8 -m comment --comment "!fw3: Allow-Ping" -j ACCEPT
[0:0] -A zone_wan_input -p igmp -m comment --comment "!fw3: Allow-IGMP" -j ACCEPT
[0:0] -A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
[12:508] -A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_REJECT
[0:0] -A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
[0:0] -A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
[0:0] -A zone_wan_src_REJECT -i eth1.7 -m comment --comment "!fw3" -j reject
[12:508] -A zone_wan_src_REJECT -i pppoe-wan -m comment --comment "!fw3" -j reject
COMMIT
# Completed on Wed May 19 16:23:01 2021
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
7: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    inet 192.168.1.1/24 brd 192.168.1.255 scope global br-lan
       valid_lft forever preferred_lft forever
11: pppoe-wan: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1492 qdisc fq_codel state UNKNOWN qlen 3
    inet 93.xxx.xx.xxx peer 62.xxx.xxx.xx/32 scope global pppoe-wan
       valid_lft forever preferred_lft forever
62.xxx.xxx.xx dev pppoe-wan scope link  src 93.xxx.xx.xxx 
192.168.1.0/24 dev br-lan scope link  src 192.168.1.1 
local 93.xxx.xx.xxx dev pppoe-wan table local scope host  src 93.xxx.xxx.xxx 
broadcast 127.0.0.0 dev lo table local scope link  src 127.0.0.1 
local 127.0.0.0/8 dev lo table local scope host  src 127.0.0.1 
local 127.0.0.1 dev lo table local scope host  src 127.0.0.1 
broadcast 127.255.255.255 dev lo table local scope link  src 127.0.0.1 
broadcast 192.168.1.0 dev br-lan table local scope link  src 192.168.1.1 
local 192.168.1.1 dev br-lan table local scope host  src 192.168.1.1 
broadcast 192.168.1.255 dev br-lan table local scope link  src 192.168.1.1 
0:	from all lookup local 
32766:	from all lookup main 
32767:	from all lookup default

odrt · May 20, 2021, 7:12pm

Try again, in English please. Thank you.

You ask others for help.

trendy · May 20, 2021, 7:18pm

uci delete network.wan.defaultroute ; uci delete network.wan.auto; uci commit network; ifup wan
Next time don't mess with settings you don't understand.

Klaus · May 20, 2021, 8:12pm

Thank you, it worked. Also thank you for the reactions regarding the language. I will work with the translation programs in forums in the future.

ASFP · May 21, 2021, 4:59am

Sonst vielleicht einmal deepl.com ausprobieren. Der ist nützlich wenn man in beide Richtungen übersetzen muss.

Klaus · May 21, 2021, 5:34am

Der Übersetzer ist großartig. Keine verlinkten Seiten mehr und funktioniert trotz aktiviertem NoScript hervorragend. Also, ich habe meine Lektion gelernt.

The translator is great. No more linked pages and works great despite having NoScript enabled. So, I have learned my lesson.

system · May 31, 2021, 5:35am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.