i have a router that is connected to the internet (wan). the router has 4 ports (lan). One of those ports has a device. I type "ping google.com" on the device and it errors out every time.
Any help appreciated
Can you copy ping error text?
Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have:
ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall
root@Cisco:/usr/bin# cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fdff:db21:85ad::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth1.1'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '172.16.20.30'
option netmask '255.255.255.224'
option ip6assign '60'
config interface 'wan'
option device 'eth0.2'
option proto 'dhcp'
config interface 'wan6'
option device 'eth0.2'
option proto 'dhcpv6'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '0t 3 4 5'
option vid '1'
option description 'Lan'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '6t 1'
option vid '2'
option description 'Wan'
config switch_vlan
option device 'switch0'
option vlan '3'
option ports '0t 2'
option vid '3'
option description 'Samsung'
config device
option name 'br-guest'
option type 'bridge'
list ports 'eth1.3'
config interface 'guest'
option proto 'static'
option ipaddr '172.16.7.30'
option netmask '255.255.255.224'
option device 'br-guest'
root@Cisco:/usr/bin# cat /etc/config/dhcp
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option cachesize '1000'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option localservice '1'
option ednspacket_max '1232'
list server '/mask.icloud.com/'
list server '/mask-h2.icloud.com/'
list server '/use-application-dns.net/'
list server '127.0.0.1#5053'
list server '127.0.0.1#5054'
option dhcpleasemax '20'
option doh_backup_noresolv '-1'
option noresolv '1'
list doh_backup_server '/mask.icloud.com/'
list doh_backup_server '/mask-h2.icloud.com/'
list doh_backup_server '/use-application-dns.net/'
list doh_backup_server '127.0.0.1#5053'
list doh_backup_server '127.0.0.1#5054'
list doh_server '127.0.0.1#5053'
list doh_server '127.0.0.1#5054'
config dhcp 'lan'
option interface 'lan'
option start '1'
option limit '20'
option leasetime '12h'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
list ra_flags 'managed-config'
list ra_flags 'other-config'
list dhcp_option '6,1.1.1.1,1.0.0.1'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config dhcp 'guest'
option interface 'guest'
option start '1'
option limit '29'
option leasetime '12h'
list dhcp_option '6,1.1.1.1,1.0.0.1'
config domain
option name 'Obi'
option ip '172.16.20.26'
config domain
option name 'Beagle'
option ip '172.16.20.27'
config host
option name 'Samsung'
list mac ''
option ip '172.16.7.1'
option leasetime '24h'
config host
option name 'Roku'
list mac ':'
option ip '172.16.7.2'
option leasetime '24h'
config host
option name 'Moto'
list mac ''
option ip '172.16.7.3'
option leasetime '12h'
config host
option name 'Kindle'
list mac ''
option ip '172.16.7.4'
option leasetime '24h'
config host
option name 'DESKTOP-HR9O9JD'
option ip '172.16.20.8'
option mac ''
root@Cisco:/usr/bin# cat /etc/config/firewall
config defaults
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'wan'
list network 'wan6'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'RTP'
option src 'wan'
option dest 'lan'
option target 'ACCEPT'
option src_port '5000-31000'
option dest_port '5000-31000'
list dest_ip '172.16.20.27'
option family 'ipv4'
list proto 'tcp'
list proto 'udp'
config rule
option name 'Callcentric SIP'
option direction 'in'
option device 'eth0.2'
list proto 'udp'
option src 'wan'
option ipset 'Callcentric'
option dest 'lan'
option target 'ACCEPT'
list dest_ip '172.16.20.27'
option dest_port '5586'
option family 'ipv4'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config zone
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option name 'Guestwifi'
list network 'guest'
config forwarding
option dest 'wan'
config forwarding
option src 'Guestwifi'
option dest 'wan'
config rule
option name 'Guest DHCP'
option family 'ipv4'
list proto 'udp'
option src 'Guestwifi'
option dest_port '67'
option target 'ACCEPT'
config rule
option name 'Guest DNS'
option src 'Guestwifi'
option dest_port '443'
option target 'ACCEPT'
config forwarding
option src 'wan'
option dest 'Samsung'
config redirect
option dest 'lan'
option target 'DNAT'
option name 'Lets Encrypt'
option src 'wan'
option src_dport '80'
option dest_ip '172.16.20.27'
option dest_port '10005'
config ipset
option name 'Callcentric'
option family 'ipv4'
list match 'src_ip'
option maxelem '2'
list entry '204.11.192.0/22'
list entry '199.87.144.0/21'
config rule
config rule
config rule
root@Cisco:/usr/bin#
You left out this:
I see some very odd things in your config, but primarily, it's not clear why you've setup DoH only to then advertise DHCP option 6 for cloud flare DNS servers.
Which network is having issues? lan, guest, or both?
Using the computer that couldn't ping out... what happens if you do:
nslookup openwrt.org
nslookup openwrt.org 1.1.1.1
nslookup openwrt.org 8.8.8.8
(or whatever lookup tool you have on that computer, but you must be able to specify a DNS server to use for that specific lookup).
root@beaglebone:~# ping google.com
ping: google.com: Temporary failure in name resolution
root@beaglebone:~# nslookup openwrt.org 1.1.1.1
-bash: nslookup: command not found
does your beagle bone have dig? Or any other DNS lookup method?
dig not found - any other choices?
Another device/system, maybe? It's unusual for that not to be pre-installed... it makes me wonder if maybe your BeagleBone device isn't even handling DNS properly (on its own, regardless of the upstream).
You need a DNS lookup utility.
Do you have a standard Linux/Mac/Windows machine you can plug in to that network?
I have a win 11 machine
ok... try that. Make sure whatever lookup tool you use can use the default/system resolver and can also accept an alternate server.
C:\Windows\System32>nslookup openwrt.org 1.1.1.1
Server: one.one.one.one
Address: 1.1.1.1
Non-authoritative answer:
Name: openwrt.org
Addresses: 2a03:b0c0:3:d0::1a51:c001
64.226.122.113
C:\Windows\System32>nslookup openwrt 1.1.1.1
Server: one.one.one.one
Address: 1.1.1.1
*** one.one.one.one can't find openwrt: Non-existent domain
C:\Windows\System32>nslookup openwrt.org 1.1.1.1
Server: one.one.one.one
Address: 1.1.1.1
Non-authoritative answer:
Name: openwrt.org
Addresses: 2a03:b0c0:3:d0::1a51:c001
64.226.122.113
Looks like it's working. But you only ran one of the three commands:
C:\Windows\System32>nslookup openwrt.org 8.8.8.8
Server: dns.google
Address: 8.8.8.8
Non-authoritative answer:
Name: openwrt.org
Addresses: 2a03:b0c0:3:d0::1a51:c001
64.226.122.113
C:\Windows\System32>nslookup openwrt.org
Server: Cisco.lan
Address: fdff:db21:85ad::1
DNS request timed out.
timeout was 2 seconds.
Ok... so what's interesting here is that your DHCP option 6 specification doesn't seem to be doing anything...
Is the Windows machine getting an address via DHCP? What does it have for the DNS entry?
And please post this:
ubus call system board
{
"kernel": "6.6.86",
"hostname": "Cisco",
"system": "Qualcomm Atheros QCA9558 ver 1 rev 0",
"model": "TP-Link Archer C7 v2",
"board_name": "tplink,archer-c7-v2",
"rootfs_type": "squashfs",
"release": {
"distribution": "OpenWrt",
"version": "24.10.1",
"revision": "r28597-0425664679",
"target": "ath79/generic",
"description": "OpenWrt 24.10.1 r28597-0425664679",
"builddate": "1744562312"
Windows is hard coded to use 1.1.1.1 - HTTPS ????
Is it??? Are you sure? (I don't use Windows, so I don't know). What does the DHCP information show?
Consider trying a standard linux distro like Ubuntu. You can install it on a flash drive and use the live-USB stick to boot... no need to install it onto your computer.
I seem to remember the '6,1.1.1.1,1.0.0.1' only works in certain fields.I have a blank "Use custom DNS servers" under lan interface
Those are two different config items... one for the lan network interface (in /etc/config/network) and the other in the DHCP server for the lan (/etc/config/dhcp).
Please show a screenshot or text dump of the DHCP IP address information that windows is showing.
do you mean the bare "nslookup openwrt.org" ?
C:\Windows\System32>nslookup openwrt.org
Server: Cisco.lan
Address: fdff:db21:85ad::1
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to Cisco.lan timed-out
No. Please look at your network adapter (ethernet or wifi) and check the configuration. Is it set to obtain an address via DHCP? If so, what does it show for all of the information it got from the DHCP server (IP address, subnet mask, router/gateway, DNS server). This can be done in the command line or via the GUI. I want to see what is provided to the host from the router.