Lost network connection

I lose my internet connection and to restore it I log into the router to run the 'service firewall reload' command and everything returns to normal.

I'm still looking for a way to identify through a script if the firewall fails, any ideas or clues you can give me?

ubus call system board

{
        "kernel": "5.4.143",
        "hostname": "R10",
        "system": "MediaTek MT7621 ver:1 eco:3",
        "model": "Xiaomi Mi Router 3G v2",
        "board_name": "xiaomi,mi-router-3g-v2",
        "release": {
                "distribution": "OpenWrt",
                "version": "21.02.0",
                "revision": "r16279-5cc0535800",
                "target": "ramips/mt7621",
                "description": "OpenWrt 21.02.0 r16279-5cc0535800"
        }
}

cat /etc/config/network

config interface 'loopback'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'
        option device 'lo'

config globals 'globals'

config interface 'lan'
        option proto 'static'
        option device 'br-lan'
        option delegate '0'
        option ipaddr '192.168.10.1'
        list dns '192.168.10.1'
        option netmask '255.255.255.0'
        option ipv6 '0'

config device
        option name 'br-lan'
        option type 'bridge'
        option ipv6 '0'
        option igmp_snooping '1'
        option rpfilter 'loose'

config device
        option name 'wan'
        option ipv6 '0'

config device
        option name 'eth0'
        option ipv6 '0'

config interface 'wan10'
        option device 'wan'
        option proto 'dhcp'
        option delegate '0'
        option metric '10'
        option ipv6 '0'

config device
        option name 'ioft'
        option ipv6 '0'
        option macaddr 'EC:41:18:C5:D9:B0'

config device
        option name 'ligoria'
        option acceptlocal '1'
        option ipv6 '0'
        option macaddr 'EC:41:18:C5:D9:B1'

config device
        option name 'multimedia'
        option ipv6 '0'
        option rpfilter 'loose'
        option macaddr 'EC:41:18:C5:D9:A2'

config device
        option name 'trabajo'
        option ipv6 '0'
        option macaddr 'EC:41:18:C5:D9:A1'

config route
        option target '192.168.3.1'
        option interface 'wan10'
        option netmask '255.255.255.0'

config interface 'OpenVPN'
        option proto 'none'
        option device 'tun0'

cat /etc/config/wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option hwmode '11g'
        option path '1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0'
        option cell_density '2'
        option legacy_rates '1'
        option htmode 'HT20'
        option channel 'auto'

config wifi-device 'radio1'
        option type 'mac80211'
        option hwmode '11a'
        option path '1e140000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0'
        option cell_density '0'
        option htmode 'VHT80'
        option channel '48'

config wifi-iface 'wifinet2'
        option ssid 'IofT'
        option device 'radio0'
        option mode 'ap'
        option key 'ioft-100'
        option ifname 'ioft'
        option encryption 'psk'
        option disassoc_low_ack '0'
        option network 'lan'

config wifi-iface 'wifinet3'
        option ssid 'Multimedia'
        option encryption 'psk2'
        option device 'radio1'
        option mode 'ap'
        option key 'multi-100'
        option ifname 'multimedia'
        option short_preamble '0'
        option disassoc_low_ack '0'
        option network 'lan'

config wifi-iface 'wifinet4'
        option ssid 'Trabajo'
        option encryption 'psk2'
        option device 'radio1'
        option mode 'ap'
        option key 'work-100'
        option network 'lan'
        option ifname 'trabajo'

config wifi-iface 'wifinet5'
        option ssid 'Ligoria'
        option device 'radio0'
        option mode 'ap'
        option key 'ligoria100'
        option encryption 'psk2'
        option ifname 'ligoria'
        option disassoc_low_ack '0'
        option short_preamble '0'
        option network 'lan'
        option isolate '1'

cat /etc/config/dhcp

config dnsmasq
        option domainneeded '1'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option localservice '1'
        option serversfile '/var/run/simple-adblock.servers'

config dhcp 'lan'
        option interface 'lan'
        option limit '250'
        option start '50'
        option leasetime '1h'
        list ra_flags 'none'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

cat /etc/config/firewall

config defaults
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        option conntrack '1'
        option family 'ipv4'
        list network 'lan'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        option conntrack '1'
        list device 'tun0'
        list network 'wan10'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config include
        option path '/etc/firewall.user'

config include 'miniupnpd'
        option type 'script'
        option path '/usr/share/miniupnpd/firewall.include'
        option family 'any'
        option reload '1'

config forwarding
        option dest 'wan'
        option src 'lan'

config rule
        option weekdays 'Sun Mon Tue Wed Thu Fri Sat'
        option src 'lan'
        option dest '*'
        option target 'REJECT'
        option start_time '00:00:00'
        option stop_time '03:00:00'
        list src_ip '192.168.10.52'
        option name 'RejectDevicesTime'
        option enabled '0'

A review of your config is usually the best start.

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:

Remember to redact passwords, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall

Instead of employing kludges like this, figure out why the firewall appears to disable the internet. Because that isn't normal behavior for basically any firewall (OpenWrt or not) unless configured otherwise.

Here's some basic troubleshooting steps to help you get started:

• Does the internet connection drop randomly or is there a pattern?
• In addition to what psherman asks of you, look at the system log for any firewall/network related entries, ideally around when the connection fails.
• Is this running the default configuration or did you change anything firewall/network related?

What does this mean, exactly? Can you ping the router? Can you ping an external host by address? Does name resolution work? ...?

I can ping to the router from my computer.
I can ping to 8.8.8.8 from the router but not from my computer.
Name resolution work only on router, not from my computer.

Drop a randomly.
Will wait to next scenario to collect data, how i can collect it?
On firewall is running default configuration.

Let's review your config.... we can do that now, without having to wait for the next time the problem manifests.