Netgear R-7800 smart phone tethering no internet connection

Hello,
because they are working on the physical network outside my house I wanted to connect my Huawei P30 Android smartphone to my Netgear router using USB tethering.
I followed the instructions on : https://openwrt.org/docs/guide-user/network/wan/smartphone.usb.tethering
I can see the interface is up running and it is assigned to WAN. But I can't ping openwrt.org from diagnostics in Luci or open pages on my connected PC.
What did I do wrong? or forgot?

Thank you very much.

greets tom

Hello, in LuCi->Network->Interfaces->TetheringWAN->Physical settings, I enabled Bridge interfaces and in Interfaces I selected wan,wan6 and usb0.
After save and Apply it seems to work and my lan can access the internet.

Because I want to use my phone as a backup line in case of WAN failure, is this the correct way to connect?
Secondly, can I leave this setting as is and will it revert to my WAN when it's back online?

Thank you very much.

No, don't bridge different wan interfaces.
Undo that and post here the following.

Please run the following commands (copy-paste the whole block) and paste the output here, using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have

ubus call system board; \
uci export network; uci export dhcp; uci export firewall; \
head -n -0 /etc/firewall.user; \
ip -4 addr ; ip -4 ro li tab all ; ip -4 ru; \
ls -l  /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/* ; head -n -0 /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/*
1 Like
ubus call system board; \
> uci export network; uci export dhcp; uci export firewall; \
> head -n -0 /etc/firewall.user; \
> ip -4 addr ; ip -4 ro li tab all ; ip -4 ru; \
> ls -l  /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/* ; head -n -0 /etc/resolv.* 
/tmp/resolv.* /tmp/resolv.*/*
{
	"kernel": "4.14.221",
	"hostname": "Netgear_R-7800",
	"system": "ARMv7 Processor rev 0 (v7l)",
	"model": "Netgear Nighthawk X4S R7800",
	"board_name": "netgear,r7800",
	"release": {
		"distribution": "OpenWrt",
		"version": "19.07.7",
		"revision": "r11306-c4a6851c72",
		"target": "ipq806x/generic",
		"description": "OpenWrt 19.07.7 r11306-c4a6851c72"
	}
}
package network

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd36:54c6:1cb8::/48'

config interface 'lan'
	option type 'bridge'
	option ifname 'eth1.1'
	option proto 'static'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option ipaddr '192.168.8.1'
	option gateway '192.168.1.1'

config interface 'wan'
	option ifname 'eth0.2'
	option proto 'static'
	option netmask '255.255.255.0'
	option ipaddr '192.168.1.2'
	option gateway '192.168.1.1'
	list dns '192.168.1.1'

config interface 'wan6'
	option ifname 'eth0.2'
	option proto 'dhcpv6'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '1 2 3 4 6t'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option ports '5 0t'

config interface 'guest'
	option type 'bridge'
	option proto 'static'
	option ipaddr '192.168.3.1'
	option netmask '255.255.255.0'
	option gateway '192.168.1.2'

config interface 'TetheringWAN'
	option proto 'dhcp'
	option type 'bridge'
	option ifname 'eth0.2 usb0'

package dhcp

config dnsmasq
	option domainneeded '1'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.auto'
	option localservice '1'
	list server '192.168.8.1#5353'

config dhcp 'lan'
	option interface 'lan'
	option limit '150'
	option ra 'server'
	option ra_management '1'
	option start '10'
	option leasetime '168h'
	option dhcpv6 'disabled'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'


config dhcp 'guest'
	option interface 'guest'
	option start '100'
	option limit '150'
	option leasetime '1h'

package firewall

config defaults
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option synflood_protect '1'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	option masq '1'
	option network 'lan wg0'

config zone
	option name 'wan'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'
	option network 'wan wan6 TetheringWAN'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option src_ip 'fc00::/6'
	option dest_ip 'fc00::/6'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config include
	option path '/etc/firewall.user'

config redirect
	option src 'wan'
	option name 'L2TP (VPN)'
	option target 'DNAT'
	option dest_ip '192.168.8.252'
	option dest 'lan'
	list proto 'udp'
	option dest_port '1701'
	option src_dport '1701'

config redirect
	option src 'wan'
	option name 'PPTP (VPN) '
	option src_dport '1723'
	option target 'DNAT'
	option dest_ip '192.168.8.252'
	option dest 'lan'
	list proto 'tcp'
	option dest_port '1723'

config redirect
	option src 'wan'
	option name 'L2TP (VPN)'
	option target 'DNAT'
	option dest_ip '192.168.8.252'
	option dest 'lan'
	list proto 'udp'
	option dest_port '1701'
	option src_dport '1701'

config redirect
	option src 'wan'
	option name 'PPTP (VPN) '
	option src_dport '1723'
	option target 'DNAT'
	option dest_ip '192.168.8.252'
	option dest 'lan'
	list proto 'tcp'
	option dest_port '1723'

config redirect
	option src 'wan'
	option name 'OPENVPN (VPN)'
	option dest 'lan'
	option dest_ip '192.168.8.252'
	option target 'DNAT'
	option dest_port '1194'
	list proto 'tcp'
	list proto 'udp'
	option src_dport '1194'

config redirect
	option dest_port '13131'
	option src 'wan'
	option name 'telnet'
	option src_dport '13131'
	option target 'DNAT'
	option dest_ip '192.168.8.252'
	option dest 'lan'
	list proto 'tcp'

config redirect
	option dest_port '8081'
	option src 'wan'
	option name 'webserver'
	option src_dport '8081'
	option target 'DNAT'
	option dest_ip '192.168.8.252'
	option dest 'lan'
	list proto 'tcp'

config redirect
	option dest_port '500'
	option src 'wan'
	option src_dport '500'
	option target 'DNAT'
	option dest_ip '192.168.8.252'
	option dest 'lan'
	list proto 'udp'
	option name 'ISAKMP (VPN)'

config redirect
	option dest_port '4500'
	option src 'wan'
	option name 'IPSec NAT (VPN)'
	option src_dport '4500'
	option target 'DNAT'
	option dest_ip '192.168.8.252'
	option dest 'lan'
	list proto 'udp'

config redirect
	option dest_port '20'
	option src 'wan'
	option name 'FTP (DATA)'
	option src_dport '20'
	option target 'DNAT'
	option dest_ip '192.168.8.252'
	option dest 'lan'
	list proto 'tcp'

config redirect
	option dest_port '21'
	option src 'wan'
	option name 'FTP (CONTROL)'
	option src_dport '21'
	option target 'DNAT'
	option dest_ip '192.168.8.252'
	option dest 'lan'
	list proto 'tcp'

config rule
	option src '*'
	option target 'ACCEPT'
	option proto 'udp'
	option dest_port '51820'
	option name 'Allow-Wireguard-Inbound'

config redirect
	option dest_port '1197'
	option src 'wan'
	option name 'Openvpn (client'
	option src_dport '1197'
	option target 'DNAT'
	option dest_ip '192.168.8.251'
	option dest 'lan'

config rule
	option src '*'
	option target 'ACCEPT'
	option proto 'udp'
	option dest_port '51820'
	option name 'Allow-Wireguard-Inbound'

config rule
	option src '*'
	option target 'ACCEPT'
	option proto 'udp'
	option dest_port '51820'
	option name 'Allow-Wireguard-Inbound'

config zone 'guest'
	option name 'guest'
	option network 'guest'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'

config forwarding 'guest_wan'
	option src 'guest'
	option dest 'wan'

config rule 'guest_dns'
	option name 'Allow-DNS-Guest'
	option src 'guest'
	option dest_port '53'
	option proto 'tcp udp'
	option target 'ACCEPT'

config rule 'guest_dhcp'
	option name 'Allow-DHCP-Guest'
	option src 'guest'
	option dest_port '67'
	option proto 'udp'
	option family 'ipv4'
	option target 'ACCEPT'

# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.

# Internal uci firewall chains are flushed and recreated on reload, so
# put custom rules into the root chains e.g. INPUT or FORWARD or into the
# special user chains, e.g. input_wan_rule or postrouting_lan_rule.
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
7: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    inet 192.168.8.1/24 brd 192.168.8.255 scope global br-lan
       valid_lft forever preferred_lft forever
9: eth0.2@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-TetheringWAN state UP qlen 1000
    inet 192.168.1.2/24 brd 192.168.1.255 scope global eth0.2
       valid_lft forever preferred_lft forever
10: br-guest: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    inet 192.168.3.1/24 brd 192.168.3.255 scope global br-guest
       valid_lft forever preferred_lft forever
17: br-TetheringWAN: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    inet 192.168.42.216/24 brd 192.168.42.255 scope global br-TetheringWAN
       valid_lft forever preferred_lft forever
default via 192.168.42.129 dev br-TetheringWAN  src 192.168.42.216 
192.168.1.0/24 dev eth0.2 scope link  src 192.168.1.2 
192.168.3.0/24 dev br-guest scope link  src 192.168.3.1 
192.168.8.0/24 dev br-lan scope link  src 192.168.8.1 
192.168.42.0/24 dev br-TetheringWAN scope link  src 192.168.42.216 
broadcast 127.0.0.0 dev lo table local scope link  src 127.0.0.1 
local 127.0.0.0/8 dev lo table local scope host  src 127.0.0.1 
local 127.0.0.1 dev lo table local scope host  src 127.0.0.1 
broadcast 127.255.255.255 dev lo table local scope link  src 127.0.0.1 
broadcast 192.168.1.0 dev eth0.2 table local scope link  src 192.168.1.2 
local 192.168.1.2 dev eth0.2 table local scope host  src 192.168.1.2 
broadcast 192.168.1.255 dev eth0.2 table local scope link  src 192.168.1.2 
broadcast 192.168.3.0 dev br-guest table local scope link  src 192.168.3.1 
local 192.168.3.1 dev br-guest table local scope host  src 192.168.3.1 
broadcast 192.168.3.255 dev br-guest table local scope link  src 192.168.3.1 
broadcast 192.168.8.0 dev br-lan table local scope link  src 192.168.8.1 
local 192.168.8.1 dev br-lan table local scope host  src 192.168.8.1 
broadcast 192.168.8.255 dev br-lan table local scope link  src 192.168.8.1 
broadcast 192.168.42.0 dev br-TetheringWAN table local scope link  src 192.168.42.216 
local 192.168.42.216 dev br-TetheringWAN table local scope host  src 192.168.42.216 
broadcast 192.168.42.255 dev br-TetheringWAN table local scope link  src 192.168.42.216 
0:	from all lookup local 
32766:	from all lookup main 
32767:	from all lookup default 
ls: /tmp/resolv.*/*: No such file or directory
lrwxrwxrwx    1 root     root            16 Feb 15 16:22 /etc/resolv.conf -> /tmp/resolv.conf
-rw-r--r--    1 root     root            32 Jun 25 10:01 /tmp/resolv.conf
-rw-r--r--    1 root     root            90 Jun 25 11:35 /tmp/resolv.conf.auto
==> /etc/resolv.conf <==
search lan
nameserver 127.0.0.1

==> /tmp/resolv.conf <==
search lan
nameserver 127.0.0.1

==> /tmp/resolv.conf.auto <==
# Interface TetheringWAN
nameserver 192.168.42.129
# Interface wan
nameserver 192.168.1.1
head: /tmp/resolv.*/*: No such file or directory

Remove the gateway from the lan interface.

Remove the gateway from the guest interface.

I already asked you to remove the bridge from the TetheringWAN.
Add metrics in wan and TetheringWAN interfaces. Lower metric on wan to have precedence over the TetheringWAN. It would be best to utilize mwan3 for better control over multiple wan interfaces.

1 Like

Sorry, I posted the wrong version WITH the bridge still activated. My error.
Here is the correct one:

root@Netgear_R-7800:~# ubus call system board; \
> uci export network; uci export dhcp; uci export firewall; \
> head -n -0 /etc/firewall.user; \
> ip -4 addr ; ip -4 ro li tab all ; ip -4 ru; \
> ls -l  /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/* ; head -n -0 /etc/resolv.* 
/tmp/resolv.* /tmp/resolv.*/*
{
	"kernel": "4.14.221",
	"hostname": "Netgear_R-7800",
	"system": "ARMv7 Processor rev 0 (v7l)",
	"model": "Netgear Nighthawk X4S R7800",
	"board_name": "netgear,r7800",
	"release": {
		"distribution": "OpenWrt",
		"version": "19.07.7",
		"revision": "r11306-c4a6851c72",
		"target": "ipq806x/generic",
		"description": "OpenWrt 19.07.7 r11306-c4a6851c72"
	}
}
package network

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd36:54c6:1cb8::/48'

config interface 'lan'
	option type 'bridge'
	option ifname 'eth1.1'
	option proto 'static'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option ipaddr '192.168.8.1'
	option gateway '192.168.1.1'

config interface 'wan'
	option ifname 'eth0.2'
	option proto 'static'
	option netmask '255.255.255.0'
	option ipaddr '192.168.1.2'
	option gateway '192.168.1.1'
	list dns '192.168.1.1'

config interface 'wan6'
	option ifname 'eth0.2'
	option proto 'dhcpv6'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '1 2 3 4 6t'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option ports '5 0t'

config interface 'guest'
	option type 'bridge'
	option proto 'static'
	option ipaddr '192.168.3.1'
	option netmask '255.255.255.0'
	option gateway '192.168.1.2'

config interface 'TetheringWAN'
	option proto 'dhcp'
	option ifname 'eth0'

package dhcp

config dnsmasq
	option domainneeded '1'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.auto'
	option localservice '1'
	list server '192.168.8.1#5353'

config dhcp 'lan'
	option interface 'lan'
	option limit '150'
	option ra 'server'
	option ra_management '1'
	option start '10'
	option leasetime '168h'
	option dhcpv6 'disabled'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'


config dhcp 'guest'
	option interface 'guest'
	option start '100'
	option limit '150'
	option leasetime '1h'

package firewall

config defaults
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option synflood_protect '1'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	option masq '1'
	option network 'lan wg0'

config zone
	option name 'wan'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'
	option network 'wan wan6 TetheringWAN'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option src_ip 'fc00::/6'
	option dest_ip 'fc00::/6'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config include
	option path '/etc/firewall.user'

config redirect
	option src 'wan'
	option name 'L2TP (VPN)'
	option target 'DNAT'
	option dest_ip '192.168.8.252'
	option dest 'lan'
	list proto 'udp'
	option dest_port '1701'
	option src_dport '1701'

config redirect
	option src 'wan'
	option name 'PPTP (VPN) '
	option src_dport '1723'
	option target 'DNAT'
	option dest_ip '192.168.8.252'
	option dest 'lan'
	list proto 'tcp'
	option dest_port '1723'

config redirect
	option src 'wan'
	option name 'L2TP (VPN)'
	option target 'DNAT'
	option dest_ip '192.168.8.252'
	option dest 'lan'
	list proto 'udp'
	option dest_port '1701'
	option src_dport '1701'

config redirect
	option src 'wan'
	option name 'PPTP (VPN) '
	option src_dport '1723'
	option target 'DNAT'
	option dest_ip '192.168.8.252'
	option dest 'lan'
	list proto 'tcp'
	option dest_port '1723'

config redirect
	option src 'wan'
	option name 'OPENVPN (VPN)'
	option dest 'lan'
	option dest_ip '192.168.8.252'
	option target 'DNAT'
	option dest_port '1194'
	list proto 'tcp'
	list proto 'udp'
	option src_dport '1194'

config redirect
	option dest_port '13131'
	option src 'wan'
	option name 'telnet'
	option src_dport '13131'
	option target 'DNAT'
	option dest_ip '192.168.8.252'
	option dest 'lan'
	list proto 'tcp'

config redirect
	option dest_port '8081'
	option src 'wan'
	option name 'webserver'
	option src_dport '8081'
	option target 'DNAT'
	option dest_ip '192.168.8.252'
	option dest 'lan'
	list proto 'tcp'

config redirect
	option dest_port '500'
	option src 'wan'
	option src_dport '500'
	option target 'DNAT'
	option dest_ip '192.168.8.252'
	option dest 'lan'
	list proto 'udp'
	option name 'ISAKMP (VPN)'

config redirect
	option dest_port '4500'
	option src 'wan'
	option name 'IPSec NAT (VPN)'
	option src_dport '4500'
	option target 'DNAT'
	option dest_ip '192.168.8.252'
	option dest 'lan'
	list proto 'udp'

config redirect
	option dest_port '20'
	option src 'wan'
	option name 'FTP (DATA)'
	option src_dport '20'
	option target 'DNAT'
	option dest_ip '192.168.8.252'
	option dest 'lan'
	list proto 'tcp'

config redirect
	option dest_port '21'
	option src 'wan'
	option name 'FTP (CONTROL)'
	option src_dport '21'
	option target 'DNAT'
	option dest_ip '192.168.8.252'
	option dest 'lan'
	list proto 'tcp'

config rule
	option src '*'
	option target 'ACCEPT'
	option proto 'udp'
	option dest_port '51820'
	option name 'Allow-Wireguard-Inbound'

config redirect
	option dest_port '1197'
	option src 'wan'
	option name 'Openvpn (client'
	option src_dport '1197'
	option target 'DNAT'
	option dest_ip '192.168.8.251'
	option dest 'lan'

config rule
	option src '*'
	option target 'ACCEPT'
	option proto 'udp'
	option dest_port '51820'
	option name 'Allow-Wireguard-Inbound'

config rule
	option src '*'
	option target 'ACCEPT'
	option proto 'udp'
	option dest_port '51820'
	option name 'Allow-Wireguard-Inbound'

config zone 'guest'
	option name 'guest'
	option network 'guest'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'

config forwarding 'guest_wan'
	option src 'guest'
	option dest 'wan'

config rule 'guest_dns'
	option name 'Allow-DNS-Guest'
	option src 'guest'
	option dest_port '53'
	option proto 'tcp udp'
	option target 'ACCEPT'

config rule 'guest_dhcp'
	option name 'Allow-DHCP-Guest'
	option src 'guest'
	option dest_port '67'
	option proto 'udp'
	option family 'ipv4'
	option target 'ACCEPT'

# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.

# Internal uci firewall chains are flushed and recreated on reload, so
# put custom rules into the root chains e.g. INPUT or FORWARD or into the
# special user chains, e.g. input_wan_rule or postrouting_lan_rule.
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
7: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    inet 192.168.8.1/24 brd 192.168.8.255 scope global br-lan
       valid_lft forever preferred_lft forever
9: eth0.2@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    inet 192.168.1.2/24 brd 192.168.1.255 scope global eth0.2
       valid_lft forever preferred_lft forever
10: br-guest: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    inet 192.168.3.1/24 brd 192.168.3.255 scope global br-guest
       valid_lft forever preferred_lft forever
default via 192.168.1.1 dev eth0.2 
192.168.1.0/24 dev eth0.2 scope link  src 192.168.1.2 
192.168.3.0/24 dev br-guest scope link  src 192.168.3.1 
192.168.8.0/24 dev br-lan scope link  src 192.168.8.1 
broadcast 127.0.0.0 dev lo table local scope link  src 127.0.0.1 
local 127.0.0.0/8 dev lo table local scope host  src 127.0.0.1 
local 127.0.0.1 dev lo table local scope host  src 127.0.0.1 
broadcast 127.255.255.255 dev lo table local scope link  src 127.0.0.1 
broadcast 192.168.1.0 dev eth0.2 table local scope link  src 192.168.1.2 
local 192.168.1.2 dev eth0.2 table local scope host  src 192.168.1.2 
broadcast 192.168.1.255 dev eth0.2 table local scope link  src 192.168.1.2 
broadcast 192.168.3.0 dev br-guest table local scope link  src 192.168.3.1 
local 192.168.3.1 dev br-guest table local scope host  src 192.168.3.1 
broadcast 192.168.3.255 dev br-guest table local scope link  src 192.168.3.1 
broadcast 192.168.8.0 dev br-lan table local scope link  src 192.168.8.1 
local 192.168.8.1 dev br-lan table local scope host  src 192.168.8.1 
broadcast 192.168.8.255 dev br-lan table local scope link  src 192.168.8.1 
0:	from all lookup local 
32766:	from all lookup main 
32767:	from all lookup default 
ls: /tmp/resolv.*/*: No such file or directory
lrwxrwxrwx    1 root     root            16 Feb 15 16:22 /etc/resolv.conf -> /tmp/resolv.conf
-rw-r--r--    1 root     root            32 Jun 25 12:01 /tmp/resolv.conf
-rw-r--r--    1 root     root            39 Jun 25 12:01 /tmp/resolv.conf.auto
==> /etc/resolv.conf <==
search lan
nameserver 127.0.0.1

==> /tmp/resolv.conf <==
search lan
nameserver 127.0.0.1

==> /tmp/resolv.conf.auto <==
# Interface wan
nameserver 192.168.1.1
head: /tmp/resolv.*/*: No such file or directory
root@Netgear_R-7800:~# 

Remove the gateway from the lan interface.

Remove the gateway from the guest interface.

Add metrics in wan and TetheringWAN interfaces. Lower metric on wan to have precedence over the TetheringWAN. It would be best to utilize mwan3 for better control over multiple wan interfaces.

1 Like

Disable networks wan and wan6 while your wired WAN is not available. Re-enable them when you go back to wired WAN.

The new network for the phone tether ('TetheringWAN') needs to be

  • proto DHCP
  • physical device usb0
  • not a bridge
  • in the wan firewall zone

These are the only changes needed from a stock configuration. option gateway and option dns belong only in your static IP wired WAN (which you are not using at the moment). They are only going to break things used in other places.

Thank you Trendy and mk24,

'option gateway '192.168.1.1' and option gateway '192.168.1.2' -->removed

mwan3 installed, thanks for the tip. Dive in tomorrow.

Tetheringwan is configured as mk24 said.

1 Like

Hello,

this morning I connected my phone in USB tethering mode.(without mwan3)
Set Wan as metric 0 and Tethering as 1, rebooted.
Disabled the WAN interface but I could not connect to the internet through the Tethering interface.

any help would be kindly appreciated.

thank you

edit: I noticed in the wiki they mentioned xhci-ehci, my log says xhci-hcd

[ 920.282748] usb 3-1: USB disconnect, device number 2
[ 1504.752137] usb 3-1: new high-speed USB device number 3 using xhci-hcd
[ 1510.212079] usb 3-1: USB disconnect, device number 3
[ 1510.811458] usb 3-1: new high-speed USB device number 4 using xhci-hcd
[ 1511.026349] rndis_host 3-1:1.0 usb0: register 'rndis_host' at usb-xhci-hcd.1.auto-1, RNDIS device, 42:94

tom

ip -4 ro after you disconnect wan.

Hello, I connected my phone and tether USB on. Disconnected physically wan cable and entered:

root@Netgear_R-7800:~# ip -4 ro
default via 192.168.1.1 dev eth0.2  metric 10 
default via 192.168.42.129 dev usb0  src 192.168.42.70  metric 40 
192.168.1.0/24 dev eth0.2 scope link  metric 10 
192.168.3.0/24 dev wlan0-1 scope link  src 192.168.3.1 
192.168.8.0/24 dev br-lan scope link  src 192.168.8.1 
192.168.42.0/24 dev usb0 scope link  metric 40

still no internet on lan.

edit: I don't have to reboot my LAN devices to obtain a connection by USB tether?

edit2: after disconnecting the phone and reconnecting the wan, internet was NOT redirected to WAN. I had to reboot the router.

edit3: I will load factory settings tomorrow and give it another try.

It doesn't seem to be disconnected.

There is still a stale entry with lower metric which has precedence.
Maybe mwan3 will do a better job detecting faulty links and failover to the tethering.

This morning I did the following:

  1. factory reset the router (modem 192.168.1.1<->192.168.1.2/gw192.168.1.1/DNS192.168.1.1(DMZ)<->LAN 192.168.8.1
  2. installed packages needed for USB tethering
  3. connected phone and created IF,USB0 assigned to WAN in FW and put phone in USB tethering
  4. disconnected wan cable
    Router diagnostics no ping to openwrt and IP -4 ro keeps displaying to 192.168.1.1 even after reboot.

Nothing helped. No internet connection via smartphone. I also tested USB tethering, laptop<->phone which works.

I don't have any clues left.

greetz tom

Must have something to do with the static protocol of the wan interface.
Use mwan3 package which tracks the interfaces for connectivity upstream and forces the traffic to the tethering if isp link is not working.

Hello trendy,

as I only want to use my smartphone as a backup wan interface in case of emergency and USB tethering doesn't seem to work in my configuration, I used my phone as a wireless hotspot and connected the router wirelessly. After disconnecting the wan interface I had my internet connection immediately through my phone's hotspot.
So, my goal is reached and I want to thank you for your technical support.
Hopefully I won't need it too much.

greetings tom

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.