Need Guidance - Trying to Install on X86 Hardware

Downloading https://downloads.openwrt.org/releases/23.05.5/targets/x86/64/packages/Packages.gz
Failed to send request: Operation not permitted
*** Failed to download the package list from https:/downloads.openwrt.org/releases/23.05.5/targets/x86/64/packages/Packages.gz

And it just repeats over and over until I force stop it.

I believe this indicates a routing problem. Do you have another router in this network or is this the only router?

And what's the output of these commands (run on your router via SSH):

nslookup downloads.openwrt.org
ping -c 3 -4 downloads.openwrt.org
ping -c 3 -6 downloads.openwrt.org

This is the only router in the setup.

ISP Fiber line from outside -> ISP Fiber line to Fiber Modem-> Ethernet from ISP Fiber Modem to OpenWRT x86-64 Router eth2(wan) interface -> Ethernet from eth0 (lan) on OpenWRT x86-64 Router to client computer with no internet access.

The system is stock with next to no alterations from the defaults. I have only assigned the eth2 interface to the WAN and then plugged in the WAN connection from the Fiber Modem to try and get an IP, which I do get, but no client machine connected to the router can access any website.

root@OpenWRT:~# ping -c 3 -4 downloads.openwrt.org
PING downloads.openwrt.org (146.75.106.132): 56 data bytes

--- downloads.openwrt.org ping statistics ---
3 packets transmitted, 0 packets received, 100% packet loss

root@OpenWRT:~# exit

My ISP does not provide IPv6 addresses so the IPv6 ping test won't work.

It doesn't appear that we've ever reviewed the config...

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/dhcp
cat /etc/config/firewall
ifstatus wan | grep address
ping 64.226.122.113
ping openwrt.org

I have had these problems when the dns resolver was failing. A temporary fix could be to change the /etc/resolv.conf file from "nameserver 127.0.0.1" to "nameserver 8.8.8.8". The /tmp/resolv.conf.d/resolv.conf.auto can be checked and should have the nameservers provided by the ISP dhcp server.

ubus call system board

root@OpenWRT:~# ubus call system board
{
        "kernel": "5.15.167",
        "hostname": "OpenWRT",
        "system": "Intel(R) Core(TM) i5-4570 CPU @ 3.20GHz",
        "model": "Dell Inc. OptiPlex 9020",
        "board_name": "dell-inc-optiplex-9020",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "23.05.5",
                "revision": "r24106-10cc5fcd00",
                "target": "x86/64",
                "description": "OpenWrt 23.05.5 r24106-10cc5fcd00"
        }
}
root@OpenWRT:~#

cat /etc/config/network

root@OpenWRT:~# cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd9c:0370:2208::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'
        list dns '8.8.8.8'
        list dns '8.8.4.4'

config interface 'wan'
        option device 'eth2'
        option proto 'dhcp'

config interface 'wan6'
        option device 'eth2'
        option proto 'dhcpv6'
        option reqaddress 'try'
        option reqprefix 'auto'

root@OpenWRT:~#

cat /etc/config/dhcp

root@OpenWRT:~# cat /etc/config/dhcp

config dnsmasq
        option domainneeded '1'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option cachesize '1000'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option localservice '1'
        option ednspacket_max '1232'
        option sequential_ip '1'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option dhcpv6 'server'
        option ra 'server'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

root@OpenWRT:~#

cat /etc/config/firewall

root@OpenWRT:~# cat /etc/config/firewall
config defaults
        option syn_flood        1
        option input            REJECT
        option output           ACCEPT
        option forward          REJECT
# Uncomment this line to disable ipv6 rules
#       option disable_ipv6     1

config zone
        option name             lan
        list   network          'lan'
        option input            ACCEPT
        option output           ACCEPT
        option forward          ACCEPT

config zone
        option name             wan
        list   network          'wan'
        list   network          'wan6'
        option input            REJECT
        option output           ACCEPT
        option forward          REJECT
        option masq             1
        option mtu_fix          1

config forwarding
        option src              lan
        option dest             wan

# We need to accept udp packets on port 68,
# see https://dev.openwrt.org/ticket/4108
config rule
        option name             Allow-DHCP-Renew
        option src              wan
        option proto            udp
        option dest_port        68
        option target           ACCEPT
        option family           ipv4

# Allow IPv4 ping
config rule
        option name             Allow-Ping
        option src              wan
        option proto            icmp
        option icmp_type        echo-request
        option family           ipv4
        option target           ACCEPT

config rule
        option name             Allow-IGMP
        option src              wan
        option proto            igmp
        option family           ipv4
        option target           ACCEPT

# Allow DHCPv6 replies
# see https://github.com/openwrt/openwrt/issues/5066
config rule
        option name             Allow-DHCPv6
        option src              wan
        option proto            udp
        option dest_port        546
        option family           ipv6
        option target           ACCEPT

config rule
        option name             Allow-MLD
        option src              wan
        option proto            icmp
        option src_ip           fe80::/10
        list icmp_type          '130/0'
        list icmp_type          '131/0'
        list icmp_type          '132/0'
        list icmp_type          '143/0'
        option family           ipv6
        option target           ACCEPT

# Allow essential incoming IPv6 ICMP traffic
config rule
        option name             Allow-ICMPv6-Input
        option src              wan
        option proto    icmp
        list icmp_type          echo-request
        list icmp_type          echo-reply
        list icmp_type          destination-unreachable
        list icmp_type          packet-too-big
        list icmp_type          time-exceeded
        list icmp_type          bad-header
        list icmp_type          unknown-header-type
        list icmp_type          router-solicitation
        list icmp_type          neighbour-solicitation
        list icmp_type          router-advertisement
        list icmp_type          neighbour-advertisement
        option limit            1000/sec
        option family           ipv6
        option target           ACCEPT

# Allow essential forwarded IPv6 ICMP traffic
config rule
        option name             Allow-ICMPv6-Forward
        option src              wan
        option dest             *
        option proto            icmp
        list icmp_type          echo-request
        list icmp_type          echo-reply
        list icmp_type          destination-unreachable
        list icmp_type          packet-too-big
        list icmp_type          time-exceeded
        list icmp_type          bad-header
        list icmp_type          unknown-header-type
        option limit            1000/sec
        option family           ipv6
        option target           ACCEPT

config rule
        option name             Allow-IPSec-ESP
        option src              wan
        option dest             lan
        option proto            esp
        option target           ACCEPT

config rule
        option name             Allow-ISAKMP
        option src              wan
        option dest             lan
        option dest_port        500
        option proto            udp
        option target           ACCEPT
root@OpenWRT:~#

ifstatus wan | grep address

root@OpenWRT:~# ifstatus wan | grep address
        "ipv4-address": [
                        "address": "172.X.X.X",
        "ipv6-address": [
                "ipv4-address": [
                "ipv6-address": [
root@OpenWRT:~#

Again ISP does not provide IPV6 addresses due to their network design choices.

ping 64.226.122.113

root@OpenWRT:~# ping 64.226.122.113
PING 64.226.122.113 (64.226.122.113): 56 data bytes
^C
--- 64.226.122.113 ping statistics ---
39 packets transmitted, 0 packets received, 100% packet loss
root@OpenWRT:~#

ping openwrt.org

root@OpenWRT:~# ping openwrt.org
PING openwrt.org (64.226.122.113): 56 data bytes
^C
--- openwrt.org ping statistics ---
2 packets transmitted, 0 packets received, 100% packet loss
root@OpenWRT:~#

Is the next octet a value between 16 and 31? (172.16.x.x to 172.31.x.x)?

If so, you're behind some other NAT layer here and we'll need to make sure that is working as expected.

1 Like

Yes. The next octet is a value between 16 and 31.

When traceroute goes several hops into the ISP's system and then stops, that usually means that they are blocking your account's access to the Internet. It could be that you need to register the MAC of your new router with them.

3 Likes

So, I just need to give them the MAC address to my WAN interface on this Router PC?

Omg... This was my issue. ugh. Thank you!

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.