LAN works, WIFI enabled but no internet connection

Hello all! I am new to the OpenWRT scene. My main goal is to use my Raspberry Pi 4B 8gb as a WAP in the apartment I am in. As it stands, the pi is connected into it's on-board ethernet port (eth0) and is currently working as a ethernet bridge just fine. It has a USB 3.0 to ethernet adapter (eth1) and is connected to a splitter to my machines. My problem is that I have a working WIFI connection, but there is no internet connection on any devices I connect to the signal. Below is my configuration through SSH.

root@OpenWrt:~# cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd76:4342:9e51::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0'

config interface 'wan'
        option proto 'dhcp'
        option device 'eth0'
        option type 'bridge'

config interface 'lan'
        option proto 'static'
        option gateway '**.**.**.***'
        option type 'bridge'
        list ipaddr '192.168.1.2/24'
        option device 'eth1'
        option igmp_snooping '1'
root@OpenWrt:~# cat /etc/config/wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option path 'platform/soc/fe300000.mmcnr/mmc_host/mmc1/mmc1:0001/mmc1:0001:1'
        option channel '36'
        option band '5g'
        option htmode 'VHT20'
        option cell_density '0'
        option country 'US'
        option distance '100'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option mode 'ap'
        option ssid 'DealB.Net'
        option encryption 'psk2'
        option key '***'
        option network 'wan'
root@OpenWrt:~# cat /etc/config/firewall

config defaults
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option synflood_protect '1'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        list network 'lan'
        list network 'LAN'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option masq '1'
        option mtu_fix '1'
        option forward 'ACCEPT'
        list network 'wan'
        list network 'wan6'
        list network 'WAN'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config zone
        option name 'WIfi'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'

config redirect
        option target 'DNAT'
        option name 'Bros_Server'
        option src_ip '192.168.1.185'
        option src_port '25567'
        option src_dport '25567'
        option src 'wan'
        option dest 'lan'

config nat
        option dest_ip '**.**.**.***'
        option target 'SNAT'
        option snat_ip '**.**.**.***'
        option device 'eth0'
        list proto 'all'
        option src 'lan'

Any help would be much appreciated!

You have several problems:

First, br-lan:

eth0 is used both in br-lan and in the wan interface. If eth0 (onboard ethernet) is connected to the upstream/wan, it should be removed from br-lan. Then, you should add eth1 to br-lan because you're using that for your lan (in addition to the onbaord wifi). It will look like this:

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth1'

Next, wan interface. Remove the bridge type (which is not needed at all) so that it looks like this:

config interface 'wan'
        option proto 'dhcp'
        option device 'eth0'

And then the lan interface...

Remove the bridge line here, too -- in this case, you need to use a bridge, but it is no longer valid to include it here... bridges are defined as devices (such as br-lan), so you don't put that type here anymore. Next, change the device to br-lan, and remove the gateway.

Then, what is the address of your upstream router? If it is 192.168.1.1 (or anything in the 192.168.1.0/24 network), you must have a different subnet on your Pi's lan -- for example, 192.168.2.1/24 would work.

IGMP snooping is probalby not neceesary and can be removed, unless you've set it up for a specific reason.

In the end, it should probably look like this:

config interface 'lan'
        option proto 'static'
        list ipaddr '192.168.2.1/24'
        option device 'br-lan'

Next, your AP should be conncted to the lan, not the wan, like this:

config wifi-iface 'default_radio0'
        option device 'radio0'
        option mode 'ap'
        option ssid 'DealB.Net'
        option encryption 'psk2'
        option key '***'
        option network 'lan'

You can delete the upper case LAN network from below.

And same for uppercase WAN:

(also, typically forward is set to reject on the wan zone, but that's not really a big deal here).

Delete thse:

and is this supposed to be port forwarding? It may need to change address if you changed the lan address of the OpenWrt side to 192.168.2.1.

1 Like

Thank you for the reply! I changed all of those settings and it is now working, but now I have another issue, which is now the ethernet connection has no internet connection... I'm a bit lost as to how that works. Is it only able to handle one or the other? Do I have to buy an external antenna for it to be able to do both?

Did you install the relevant packages for the USB ethernet adapter you are using?

Post your latest config.

Here is the latest config. I do not have a USB ethernet adapter, and was planning on using the built-in WIFI card this raspberry pi has. It is the Cypress CYW43455 802.11acbgn. I attached a picture from the LuCi interface of the wireless tab.

root@OpenWrt:~# cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd76:4342:9e51::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth1'

config interface 'wan'
        option proto 'dhcp'
        option device 'eth0'

config interface 'lan'
        option proto 'static'
        list ipaddr '192.168.2.1/24'
        option device 'br-lan'
root@OpenWrt:~# cat /etc/config/wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option path 'platform/soc/fe300000.mmcnr/mmc_host/mmc1/mmc1:0001/mmc1:0001:1'
        option channel '36'
        option band '5g'
        option htmode 'VHT20'
        option cell_density '0'
        option country 'US'
        option distance '100'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option mode 'ap'
        option ssid 'DealB.Net'
        option encryption 'psk2'
        option key '***'
        option network 'lan'
root@OpenWrt:~# cat /etc/config/firewall

config defaults
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option synflood_protect '1'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        list network 'lan'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option masq '1'
        option mtu_fix '1'
        option forward 'ACCEPT'
        list network 'wan'
        list network 'wan6'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config redirect
        option target 'DNAT'
        option name 'Bros_Server'
        option src_ip '192.168.1.185'
        option src_port '25567'
        option src_dport '25567'
        option src 'wan'
        option dest 'lan'

You don't?? What about this?

Just as an FYI, the Pi's built-in wifi is terrible. It functions, yes, but it's extremely limited due to the low-end chipset. It has a very basic 1x1 antenna system with a PCB based antenna, so it will be limited on general bandwidth and will rapidly show degrading performance with multiple simultaneous devices. The power and range are poor, too.

Apologies, I thought you had said what WIFI adapter. The ethernet adapter is a WALNEW ethernet 3.0 ethernet adapter off amazon. I can link it if you'd like. It has a RTL8153 chipset of which I already installed the drivers for, but I will check again to see if they are missing!

The software for the adapter is there, and it is up to date, but the ethernet connection to my PC is still without internet connection. Could there be another issue? Thank you again for all the help.

You mentioned this earlier...

I assume this is an ethernet switch you're talking about?
Have you tried forcing your PC to renew the DHCP lease? If that doesn't work, try connecting the PC's ethernet cable directly to the WALNEW ethernet 3.0 ethernet adapter (bypassing the switch) and see if that helps.

Ahh, thank you very much! The ethernet switch was the issue! I really appreciate all the help and am so sorry to bother you with such a mundane problem! I will mark your first response as the solution :+1:

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.