Hello everyone,
Please feel free to merge this if need be, I've done what searching I could on my mangled mess of a network, and couldn't find anything specific.
I have been running OpenWrt 23.05.5 on a Raspberry Pi 4 since roughly November of 2024. I was using Deco X60 nodes as access points through a TL SG108E to eventually set up VLANS for my lesser trusted devices (MagicMirror, etc). From the TL managed switch, I had my media server and Kubernetes project hooked up via Ethernet backhaul. All of the CNAME management to keep the server local was done through the Pi4 router. I had also installed AdGuard Home acting as a DNS server to block any ads served to my NVIDIA Shield.
Last night, rather erroneously, I unplugged everything in an attempt to get a new Blink Sync Module XR working. I had problems with the Sync Module 2 in the past, but largely abandoned the whole thing until last night. I figured the issue lied with the Deco pods not wanting to cooperate with the module, so I decided to restructure the topology only to legitimately ruin everything. I followed the Bridged AP over Ethernet guide, not understanding that it completely didn't apply to my Deco nodes. I can't even SSH into the Pi from direct Ethernet into the LAN port anymore. I still have direct access with via HDMI and keyboard.
When it came to the point where I change the IPv4 interface to 192.168.1.2, that's where everything went downhill and I lost connectivity, and to be completely honest all memory of any other meaningful changes made. I really only stuck to editing /etc/config/network afterwards, but I'm not entirely sure.
I'd greatly appreciate any help. I would much rather not have to set up CNAME and dnsmasq again, because quite honestly I think I just lucked out and got it right the first time. Nuking my Pi image would set me back quite a bit.
Thank you all
Starting with your pi4 main router… (serial is also fine)
Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have:
ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall
1 Like
ubus call system board
{
"kernel": "5.15.167",
"hostname": "OpenWrt",
"system": "ARMv8 Processor rev 3",
"model": "Raspberry Pi 4 Model B Rev 1.4",
"board_name": "raspberrypi,4-model-b",
"rootfs_type": "ext4",
"release": {
"distribution": "OpenWrt",
"version": "23.05.5",
"revision": "r24106-10cc5fc400",
"target": "bcm27xx/bcm2711",
"description": "OpenWrt 23.05.5 r24106-10cc5fc400"
}
}
/etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fdf5:b1bc:f4bf::/48'
option packet_steering '1'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ip6assign '60'
option gateway '192.168.68.101'
option dns '192.168.1.1'
config interface 'wan'
option proto 'dhcp'
option device 'eth1'
option type 'bridge'
config interface 'docker'
option device 'docker0'
option proto 'none'
option auto '0'
config device
option type 'bridge'
option name 'docker0'
/etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option path 'platform/soc/fe300000.mmcnr/mmc_host/mmc1/mmc1:0001/mmc1:0001:1'
option channel 'auto'
option band '2g'
option cell_density '0'
option country 'US'
option disabled '1'
config wifi-iface 'wifinet0'
option device 'radio0'
option mode 'sta'
option ssid 'REDACTED'
option encryption 'psk2'
option key 'REDACTED'
option disabled '1'
/etc/config/dhcp
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option cachesize '1000'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option localservice '1'
option ednspacket_max '1232'
list server '192.168.1.1#5353'
option noresolv '1'
list address '/*.[REDACTED_CNAME]/192.168.1.187'
list address '/*.homer.lan/100.103.54.106'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
list ra_flags 'managed-config'
list ra_flags 'other-config'
list dhcp_option '6'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config host
option name 'chiefjellyfin3'
list mac '[REDACTED_MAC]'
option ip '192.168.1.191'
option leasetime 'infinite'
config host
list mac '[REDACTED_MAC]'
option ip '192.168.1.188'
option leasetime 'infinite'
list tag 'cluster'
list match_tag 'known'
option name 'chiefjellyfin2'
config host
option name 'chiefjellyfin1'
list mac '[REDACTED_MAC]'
option ip '192.168.1.189'
option leasetime 'infinite'
list tag 'cluster'
list match_tag 'known'
config host
option name 'chiefjellyfin'
list mac '[REDACTED_MAC]'
option ip '192.168.1.190'
list tag 'cluster'
list match_tag 'known'
option leasetime 'infinite'
config host
option name 'homer'
list mac '[REDACTED_MAC]'
option ip '192.168.1.187'
option leasetime 'infinite'
list tag 'homer'
list match_tag 'known'
config host
option name 'nfs'
list mac '[REDACTED_MAC]'
option ip '192.168.1.148'
option leasetime 'infinite'
list tag 'nfs'
list match_tag 'known'
config host
option ip '192.168.1.183'
option mac '[REDACTED_MAC]'
option name 'SHIELD'
option leasetime 'infinite'
config host
option name 'MainDeco'
list mac '[REDACTED_MAC]'
option ip '192.168.1.1'
option leasetime 'infinite
/etc/config/firewall
config defaults
option syn_flood '1'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'wan'
list network 'wan6'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config zone 'docker'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option name 'docker'
list network 'docker'
config redirect
option target 'DNAT'
option name 'Intercept-DNS'
option src 'lan'
option src_dport '53'
config redirect 'dns_int'
option name 'Intercept-DNS'
option src 'lan'
option src_dport '53'
option proto 'tcp udp'
option target 'DNAT'
Thank you for your prompt response, and apologies for my tardiness. I had to copy the files over to my main PC and manually redact anything since I can't shell into my OpenWRT router. The only thing I've changed thus far is the physical hardware of my setup and the config interface 'lan' portion of /etc/config/network.
There is no address on the lan interface - that needs to be added. And the gateway line should be removed.
Remove the bridge line from the wan interface.