I cant get my laptop on the lan side of my GL-XE300 to ping any of my tailscale net ips. Below is my info and ideas?
Laptop LAN IP - 192.168.8.x
Tailscale IP - PULI 100.110.34.13
Tailscale IP - Remote PC in other state 100.89.156.46
Linux GL-XE300 5.10.176 #0 Sun Apr 9 12:27:46 2023 mips GNU/Linux
root@GL-XE300:~# cat /etc/openwrt_version
r20123-38ccc47687
config pbr 'config'
option verbosity '2'
option strict_enforcement '1'
option resolver_set 'none'
option ipv6_enabled '0'
list ignored_interface 'vpnserver'
list ignored_interface 'wgserver'
option boot_timeout '30'
option rule_create_option 'add'
option procd_reload_delay '1'
option webui_show_ignore_target '0'
list webui_supported_protocol 'all'
list webui_supported_protocol 'tcp'
list webui_supported_protocol 'udp'
list webui_supported_protocol 'tcp udp'
list webui_supported_protocol 'icmp'
option enabled '1'
list supported_interface 'tailscale0'
option wan_ip_rules_priority '1'
config include
option path '/usr/share/pbr/pbr.user.aws'
option enabled '0'
config include
option path '/usr/share/pbr/pbr.user.netflix'
option enabled '0'
config policy
option name 'Plex/Emby Local Server'
option interface 'wan'
option src_port '8096 8920 32400'
option enabled '0'
config policy
option name 'Plex/Emby Remote Servers'
option interface 'wan'
option dest_addr 'plex.tv my.plexapp.com emby.media app.emby.media tv.emby.media'
option enabled '0'
config policy
option src_addr '192.168.8.0/24'
option interface 'vpn'
Firewall below
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
list network 'wwan'
list network 'modem_1_1_2'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
option input 'DROP'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include 'nat6'
option path '/etc/firewall.nat6'
option reload '1'
config rule 'block_dns'
option name 'block_dns'
option src '*'
option dest_port '53'
option target 'REJECT'
option enabled '0'
option device 'br-*'
config include 'gls2s'
option type 'script'
option path '/var/etc/gls2s.include'
option reload '1'
config include 'glblock'
option type 'script'
option path '/usr/bin/gl_block.sh'
option reload '1'
config zone
option name 'guest'
option network 'guest'
option forward 'REJECT'
option output 'ACCEPT'
option input 'REJECT'
config forwarding
option src 'guest'
option dest 'wan'
config rule
option name 'Allow-DHCP'
option src 'guest'
option target 'ACCEPT'
option proto 'udp'
option dest_port '67-68'
config rule
option name 'Allow-DNS'
option src 'guest'
option target 'ACCEPT'
option proto 'tcp udp'
option dest_port '53'
config include 'vpn_server_policy'
option type 'script'
option path '/etc/firewall.vpn_server_policy.sh'
option reload '1'
option enabled '1'
config zone 'vpn'
option name 'vpn'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list device 'zt+'
config forwarding 'lan_vpn'
option src 'lan'
option dest 'vpn'
config rule 'ssh'
option name 'Allow-SSH'
option src 'vpn'
option dest_port '22'
option proto 'tcp'
option target 'ACCEPT'
config include 'pbr'
option fw4_compatible '1'
option type 'script'
option path '/usr/share/pbr/pbr.firewall.include'
My ips
root@GL-XE300:~# ifconfig
br-lan Link encap:Ethernet HWaddr 94:83:C4:2B:77:A0
inet addr:192.168.8.1 Bcast:192.168.8.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:122161 errors:0 dropped:5 overruns:0 frame:0
TX packets:187655 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:32284839 (30.7 MiB) TX bytes:174001066 (165.9 MiB)
eth0 Link encap:Ethernet HWaddr 94:83:C4:2B:77:A0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:4582 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:757018 (739.2 KiB)
Interrupt:5
eth1 Link encap:Ethernet HWaddr 94:83:C4:2B:77:9F
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Interrupt:4
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:1081 errors:0 dropped:0 overruns:0 frame:0
TX packets:1081 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:147121 (143.6 KiB) TX bytes:147121 (143.6 KiB)
tailscale0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:100.110.34.13 P-t-P:100.110.34.13 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1280 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:105 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:0 (0.0 B) TX bytes:17325 (16.9 KiB)
wlan0 Link encap:Ethernet HWaddr 94:83:C4:2B:77:A1
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:122855 errors:0 dropped:0 overruns:0 frame:0
TX packets:190820 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:34101177 (32.5 MiB) TX bytes:179880096 (171.5 MiB)
wwan0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.112.74.50 P-t-P:10.112.74.50 Mask:255.255.255.252
inet6 addr: fe80::c615:18b3:dbf:3ac1/64 Scope:Link
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:167726 errors:0 dropped:0 overruns:0 frame:0
TX packets:114025 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:154101285 (146.9 MiB) TX bytes:31064543 (29.6 MiB)
ztrf2xb4gd Link encap:Ethernet HWaddr C6:F0:D9:84:68:7C
inet addr:192.168.193.172 Bcast:192.168.193.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:2800 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
PBR Error below
root@GL-XE300:~# service pbr restart
Activating traffic killswitch [✓]
# Warning: iptables-legacy tables present, use iptables-legacy-save to see them
Removing routing for 'wan/eth1/0.0.0.0' [✓]
Removing routing for 'wwan/0.0.0.0' [✓]
Removing routing for 'tailscale/tailscale0/100.110.34.13' [✓]
Deactivating traffic killswitch [✓]
pbr 1.1.1-1 (nft) stopped [✓]
Activating traffic killswitch [✓]
# Warning: iptables-legacy tables present, use iptables-legacy-save to see them
Setting up routing for 'wan/eth1/0.0.0.0' [✓]
Setting up routing for 'wwan/0.0.0.0' [✓]
Setting up routing for 'tailscale/tailscale0/100.110.34.13' [✓]
pbr.cfg066ff5.name is unset and defaults to string Untitled
pbr.cfg066ff5.enabled is unset and defaults to bool 1
pbr.cfg066ff5.interface=vpn validates as or("ignore", "tor", uci("network", "@interface")) with false
pbr.cfg066ff5.proto is unset and defaults to or(string) (null)
pbr.cfg066ff5.chain is unset and defaults to or("", "forward", "input", "output", "prerouting", "postrouting", "FORWARD", "INPUT", "OUTPUT", "PREROUTING", "POSTROUTING") prerouting
pbr.cfg066ff5.src_addr=192.168.8.0/24 validates as list(neg(or(host,network,macaddr,string))) with true
pbr.cfg066ff5.src_port is unset and defaults to list(neg(or(portrange,string))) (null)
pbr.cfg066ff5.dest_addr is unset and defaults to list(neg(or(host,network,string))) (null)
pbr.cfg066ff5.dest_port is unset and defaults to list(neg(or(portrange,string))) (null)
Routing 'Untitled' via [✗]
Routing 'Untitled' via wan [✗]
Deactivating traffic killswitch [✓]
pbr 1.1.1-1 monitoring interfaces: wan wwan tailscale
pbr 1.1.1-1 (nft) started with gateways:
wan/eth1/0.0.0.0
wwan/0.0.0.0
tailscale/tailscale0/100.110.34.13
ERROR: Policy 'Untitled' has no assigned interface!
ERROR: Policy 'Untitled' has no source/destination parameters!```