Lan ports on their own wan network

Installing and Using OpenWrt Network and Wireless Configuration
#1

I have my ISP router connected to an openwrt router by wire. When I plug a device into the openwrt routers wired port, I can only access the device when I am connected to the openwrt router as well, but not when I am connected to my ISPs router. This only applies to the wired ports, for wifi all works fine.

Also, the devices connected to the openwrt lan ports do not get DHCP from my ISP router. I feel like the lan ports are on their own WAN network, if that makes sense.

This wasn't always the case, in the beginning when I installed openwrt it all worked fine.

I have no clue what to check or what to look for to figure out what is wrong. Can someone give some hints?

Some things I checked:

root@openwrt:~# ip link | egrep '^[0-9]'
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master br-lan state UP qlen 1000
6: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
7: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master br-lan state UP qlen 1000

root@openwrt:~# brctl show
bridge name     bridge id               STP enabled     interfaces
br-lan          7fff.880355e82479       no              eth0
                                                        wlan0

image

root@openwrt:~# cat /etc/config/network 

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix '***********'

config interface 'lan'
        option force_link '1'
        option type 'bridge'
        option proto 'dhcp'
        option ip6assign '60'
        option macaddr '*************'
        option _orig_ifname 'eth0 wlan0'
        option _orig_bridge 'true'
        option ifname 'eth0 eth1'

config atm-bridge 'atm'
        option vpi '1'
        option vci '32'
        option encaps 'llc'
        option payload 'bridged'
        option nameprefix 'dsl'

config vdsl 'dsl'
        option annex 'a'
        option firmware '/lib/firmware/vdsl.bin'
        option tone 'av'
        option xfer_mode 'ptm'


root@openwrt:~# ifconfig -a
br-lan    Link encap:Ethernet  HWaddr *****************  
          inet addr:192.168.2.14  Bcast:192.168.2.255  Mask:255.255.255.0
          inet6 addr:******************** Scope:Link
          inet6 addr: *************************** Scope:Global
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:55819 errors:0 dropped:2827 overruns:0 frame:0
          TX packets:19864 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:7760142 (7.4 MiB)  TX bytes:9220407 (8.7 MiB)

eth0      Link encap:Ethernet  HWaddr *****************  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:61099 errors:0 dropped:1 overruns:0 frame:0
          TX packets:26543 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:9656904 (9.2 MiB)  TX bytes:10774167 (10.2 MiB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:8 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:656 (656.0 B)  TX bytes:656 (656.0 B)

wlan0     Link encap:Ethernet  HWaddr ********************  
          inet6 addr: ************** Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:4872 errors:0 dropped:0 overruns:0 frame:0
          TX packets:43117 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:479178 (467.9 KiB)  TX bytes:7103012 (6.7 MiB)


root@openwrt:~# swconfig dev eth0 show
Global attributes:
        enable_vlan: 1
Port 0:
        uvr: 0
        vsr: 0
        vinr: 0
        tvm: 0
        pvid: 0
        link: port:0 link:up speed:100baseT full-duplex auto
Port 1:
        uvr: 0
        vsr: 0
        vinr: 0
        tvm: 0
        pvid: 0
        link: port:1 link:up speed:100baseT full-duplex auto
Port 2:
        uvr: 0
        vsr: 0
        vinr: 0
        tvm: 0
        pvid: 0
        link: port:2 link:down
Port 3:
        uvr: 0
        vsr: 0
        vinr: 0
        tvm: 0
        pvid: 0
        link: port:3 link:down
Port 4:
        uvr: 0
        vsr: 0
        vinr: 0
        tvm: 0
        pvid: 0
        link: port:4 link:up speed:100baseT full-duplex auto
Port 5:
        uvr: 0
        vsr: 0
        vinr: 0
        tvm: 0
        pvid: 0
        link: port:5 link:down
Port 6:
        uvr: 0
        vsr: 0
        vinr: 0
        tvm: 0
        pvid: 0
        link: port:6 link:up speed:1000baseT full-duplex auto
#2

Ok so I am thinking now that this:

root@openwrt:~# swconfig dev eth0 show
Global attributes:
        enable_vlan: 1

is the problem. Should that vlan be on 0? Google says I can change it with:

swconfig dev switch0 set enable_vlan 0
swconfig dev switch0 set apply

But I just don't know if that is it. Right now I don't have an ttl (uart) connection with the device working so according to the documentation it's a good idea to have that. Will have to get that before I play with it. Meanwhile is there someone that knows better than me if this is the problem?

Documentation: https://openwrt.org/docs/techref/swconfig

I do have another openwrt device with no problems but it does not have swconfig devices, so I can't check what the setting there is.

#3

Please run the following commands (copy-paste the whole block) and paste the output here, using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have

ubus call system board; \
uci export network; uci export wireless; \
uci export dhcp; uci export firewall; \
head -n -0 /etc/firewall.user; \
ip -4 addr ; ip -4 ro li tab all ; ip -4 ru; \
ls -l  /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/* ; head -n -0 /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/*
1 Like
#4

I think this is what you asked for:

root@*********************:~# ubus call system board; \
> uci export network; uci export wireless; \
> uci export dhcp; uci export firewall; \
> head -n -0 /etc/firewall.user; \
> ip -4 addr ; ip -4 ro li tab all ; ip -4 ru; \
> ls -l  /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/* ; head -n -0 /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/*

{
        "kernel": "4.14.167",
        "hostname": "*********************",
        "system": "xRX200 rev 1.2",
        "model": "KPN Experiabox V8",
        "board_name": "arcadyan,vgv7519-nor",
        "release": {
                "distribution": "OpenWrt",
                "version": "19.07.1",
                "revision": "r10911-c155900f66",
                "target": "lantiq/xrx200",
                "description": "OpenWrt 19.07.1 r10911-c155900f66"
        }
}
package network

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd95:24aa:41e6::/48'

config interface 'lan'
        option force_link '1'
        option type 'bridge'
        option proto 'dhcp'
        option ip6assign '60'
        option macaddr '*********************'
        option _orig_ifname 'eth0 wlan0'
        option _orig_bridge 'true'
        option ifname 'eth0 eth1'

config atm-bridge 'atm'
        option vpi '1'
        option vci '32'
        option encaps 'llc'
        option payload 'bridged'
        option nameprefix 'dsl'

config vdsl 'dsl'
        option annex 'a'
        option firmware '/lib/firmware/vdsl.bin'
        option tone 'av'
        option xfer_mode 'ptm'

package wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option channel '11'
        option hwmode '11g'
        option path 'pci0000:00/0000:00:0e.0'
        option htmode 'HT20'
        option disabled '0'
        option txpower '20'
        option country '00'

config wifi-iface 'wifinet0'
        option device 'radio0'
        option mode 'ap'
        option network 'lan'
        option encryption 'psk-mixed'
        option key '*********************'
        option ssid '*********************'

package dhcp

config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.auto'
        option localservice '1'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option ignore '1'
        option dhcpv6 'disabled'
        option ra 'disabled'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'

package firewall

config defaults
        option syn_flood '1'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'

config zone
        option name 'lan'
        list network 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'

config zone
        option name 'wan'
        list network 'wan'
        list network 'wan6'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option src_ip 'fe80::/10'
        option src_port '547'
        option dest_ip 'fe80::/10'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config include
        option path '/etc/firewall.user'

config rule
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config include 'miniupnpd'
        option type 'script'
        option path '/usr/share/miniupnpd/firewall.include'
        option family 'any'
        option reload '1'

# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.

# Internal uci firewall chains are flushed and recreated on reload, so
# put custom rules into the root chains e.g. INPUT or FORWARD or into the
# special user chains, e.g. input_wan_rule or postrouting_lan_rule.
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
6: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    inet 192.168.2.14/24 brd 192.168.2.255 scope global br-lan
       valid_lft forever preferred_lft forever
default via 192.168.2.254 dev br-lan  src 192.168.2.14
192.168.2.0/24 dev br-lan scope link  src 192.168.2.14
broadcast 127.0.0.0 dev lo table local scope link  src 127.0.0.1
local 127.0.0.0/8 dev lo table local scope host  src 127.0.0.1
local 127.0.0.1 dev lo table local scope host  src 127.0.0.1
broadcast 127.255.255.255 dev lo table local scope link  src 127.0.0.1
broadcast 192.168.2.0 dev br-lan table local scope link  src 192.168.2.14
local 192.168.2.14 dev br-lan table local scope host  src 192.168.2.14
broadcast 192.168.2.255 dev br-lan table local scope link  src 192.168.2.14
0:      from all lookup local
32766:  from all lookup main
32767:  from all lookup default
ls: /tmp/resolv.*/*: No such file or directory
lrwxrwxrwx    1 root     root            16 Jan 29  2020 /etc/resolv.conf -> /tmp/resolv.conf
lrwxrwxrwx    1 root     root            21 Oct 29  2020 /tmp/resolv.conf -> /tmp/resolv.conf.auto
-rw-r--r--    1 root     root            76 Dec 11 13:23 /tmp/resolv.conf.auto
==> /etc/resolv.conf <==
# Interface lan
nameserver 195.121.1.34
nameserver 195.121.1.66
search home

==> /tmp/resolv.conf <==
# Interface lan
nameserver 195.121.1.34
nameserver 195.121.1.66
search home

==> /tmp/resolv.conf.auto <==
# Interface lan
nameserver 195.121.1.34
nameserver 195.121.1.66
search home
head: /tmp/resolv.*/*: No such file or directory
#5

The device doesn't seem to have the eth1 you are trying to add in the lan bridge. https://openwrt.org/toh/arcadyan/vgv7519#interfaces
If your intention is to use the OpenWrt as a dumbAP, then you should reset it to defaults and follow the guide.
You only need to assign a static IP in the range of the upstream router, say 192.168.2.14/24, gw 192.168.2.254 and dns 195.121.1.34 195.121.1.66 on the lan interface. Switch off dhcp, disable dnsmasq and firewall, and finally connect one lan port to the lan port on the router of your ISP.

1 Like