Hi . i configure ncm as protoco and everything is ok but after lte interface gets ip from network , it dosnt reply the pings
Looks like you have a virtual interface that is not assigned to a firewall zone.
Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have:
ubus call system board
cat /etc/config/network
cat /etc/config/firewall
1 Like
"kernel": "5.15.162",
"hostname": "OpenWrt",
"system": "ARMv7 Processor rev 5 (v7l)",
"model": "MikroTik hAP ac3 LTE6 kit",
"board_name": "mikrotik,hap-ac3-lte6-kit",
"rootfs_type": "squashfs",
"release": {
"distribution": "OpenWrt",
"version": "23.05.4",
"revision": "r24012-d8dd03c46f",
"target": "ipq40xx/mikrotik",
"description": "OpenWrt 23.05.4 r24012-d8dd03c46f"
}
}
root@OpenWrt:~# cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd38:e5de:93a3::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
config device
option name 'lan1'
option macaddr '48:a9:8a:0e:8a:f1'
config device
option name 'lan2'
option macaddr '48:a9:8a:0e:8a:f1'
config device
option name 'lan3'
option macaddr '48:a9:8a:0e:8a:f1'
config device
option name 'lan4'
option macaddr '48:a9:8a:0e:8a:f1'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
list dns '4.2.2.4'
list dns '8.8.8.8'
config device
option name 'wan'
option macaddr '48:a9:8a:0e:8a:f0'
config interface 'wan'
option device 'wan'
option proto 'dhcp'
config interface 'wan6'
option device 'wan'
option proto 'dhcpv6'
config interface 'LTE'
option proto 'ncm'
option device '/dev/ttyACM0'
option mode 'lte'
option pdptype 'IP'
option apn 'internet'
option ipv6 'auto'
option force_link '1'
How about the firewall file?
sorry , missed that part
config defaults
option syn_flood '1'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'wan'
list network 'wan6'
list network 'LTE'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
Yes you need to add LTE_4 to the wan zone.
On LTE your IPv4 address is almost never a real public address that can be pinged or otherwise take an incoming connection from the Internet.
its not possible to edit virtual interface
If Luci doesn't support this, you can always edit /etc/config/firewall directly.
i am not expert
There is nothing wrong with the virtual interface, with one exception - it has an IP address that belongs to US militaries (21.0.0.0/8 [AS749] DoD Network Information Center).
The Mikrotik modems use those instead of legit private IPs. Those modems are strange. There is no problem with it other than that you cannot route to any actual external site which might exist in that /24.
If your ISP supports IPv6, using IPv6 works more conventionally.
its been few months that i have challenge with this router and LTE
If you can log in by SSH you can do this.
vi /etc/config/firewall
Type an i.
Use the arrows to move to the wan section and press enter to open a new line. Type tab and list network 'LTE_4' to add this line. Type esc w and q to close out vi (you should have a new command prompt) Run service network restart
Try another provider SIM if you have one. Show the output of
ifstatus LTE_4
ip r
ip link sh dev eth1
There is nothing wrong with the firewall yet.
root@OpenWrt:~# ifstatus LTE_4
{
"up": false,
"pending": true,
"available": true,
"autostart": true,
"dynamic": true,
"proto": "dhcp",
"device": "eth1",
"data": {
"zone": "wan"
}
}
root@OpenWrt:~# ip r
192.168.1.0/24 dev br-lan scope link src 192.168.1.1
root@OpenWrt:~# ip link sh dev eth1
11: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN qlen 1000
link/ether ac:50:43:1a:ee:fd brd ff:ff:ff:ff:ff:ff
Please repeat with connection established.
main interface is LTE
root@OpenWrt:~# ifstatus LTE
{
"up": true,
"pending": false,
"available": true,
"autostart": true,
"dynamic": false,
"uptime": 585,
"l3_device": "eth1",
"proto": "ncm",
"updated": [
"data"
],
"metric": 0,
"dns_metric": 0,
"delegation": true,
"ipv4-address": [
],
"ipv6-address": [
],
"ipv6-prefix": [
],
"ipv6-prefix-assignment": [
],
"route": [
],
"dns-server": [
],
"dns-search": [
],
"neighbors": [
],
"inactive": {
"ipv4-address": [
],
"ipv6-address": [
],
"route": [
],
"dns-server": [
],
"dns-search": [
],
"neighbors": [
]
},
"data": {
"manufacturer": "\"mikrotik\""
}
}
Never asked about this. Good luck. Bye.
1 Like
Thank you for taking the time to help and for your response. However, I just wanted to say that if I knew how to solve the issue myself, I wouldn’t be asking here. I think it would be great if you could be a bit more patient with newcomers like me, as we really rely on your guidance. My problem still isn't fully resolved, but I appreciate your help nonetheless.
interface is up but no internet .also when i restart the modem , it wil not recognize the device.i
root@OpenWrt:~# ifstatus LTE_4
{
"up": true,
"pending": false,
"available": true,
"autostart": true,
"dynamic": true,
"uptime": 46,
"l3_device": "eth1",
"proto": "dhcp",
"device": "eth1",
"updated": [
"addresses",
"routes",
"data"
],
"metric": 0,
"dns_metric": 0,
"delegation": true,
"ipv4-address": [
{
"address": "22.75.50.211",
"mask": 24
}
],
"ipv6-address": [
],
"ipv6-prefix": [
],
"ipv6-prefix-assignment": [
],
"route": [
{
"target": "0.0.0.0",
"mask": 0,
"nexthop": "22.75.50.44",
"source": "22.75.50.211/32"
}
],
"dns-server": [
"10.185.68.114",
"10.185.68.113"
],
"dns-search": [
"lan"
],
"neighbors": [
],
"inactive": {
"ipv4-address": [
],
"ipv6-address": [
],
"route": [
],
"dns-server": [
],
"dns-search": [
],
"neighbors": [
]
},
"data": {
"zone": "wan",
"dhcpserver": "22.75.50.44",
"hostname": "OpenWrt",
"leasetime": 120,
"zone": "wan"