I'm running OpenWrt 19.07.7 on a raspberry pi 3 and trying to get it to act as a router. My lan is on eth0 172.16.1.x. I've installed a usb-ethernet adaptor that is 192.168.0.1 which is connected to a dsl modem and I've set up a successful pppoe connection but I can't get internet.
what I want is for the lan traffic on 172.16.1.x to go through to the usb ethernet on 192.168.0.1 and then out to the internet. here is my ifconfig:
Note this is a replacement of the default wan network. Do not create additional networks; for a basic main router you only need wan and lan. It is important this network be named 'wan' because that is already set up in the firewall.
Do not add gateway or dns options to the lan. They will be set automatically. If you want to send users to a DNS other than the one the ISP advertises via pppoe, set option peerdns 0 and option dns '<your.preferred.server>', in the wan configuration.
When the wan (pppoe-wan) interface starts up, routes will be automatically installed, which you can examine with route, and the firewall is already set to NAT the lan into the wan. Internet access from the router or from the lan should be possible.
Taking in consideration the weird interface names I'd guess that you didn't update the firewall accordingly.
Please run the following commands (copy-paste the whole block) and paste the output here.
Remember to redact passwords, MAC addresses and any public IP addresses you may have
uci export network; uci export dhcp; uci export firewall; \
head -n -0 /etc/firewall.user; \
ip -4 addr ; ip -4 ro li tab all ; ip -4 ru; \
ls -l /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/* ; head -n -0 /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/*
thankyou for your response. here are the outputs from your commands:
root@pi-3-openwrt-router:~# uci export network; uci export dhcp; uci export fire
wall; \
package network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd8a:e78b:66dc::/48'
config interface 'lan'
option type 'bridge'
option ifname 'eth0'
option proto 'static'
option ipaddr '172.16.1.245'
option netmask '255.255.0.0'
option gateway '192.168.0.1'
option dns '8.8.8.8 8.8.4.4'
option ip6assign '60'
config interface 'ppp'
option proto 'pppoe'
option password '<password>'
option ipv6 'auto'
option username '<username>'
option type 'bridge'
option ifname 'eth1'
config interface 'wan'
option proto 'static'
option ifname 'eth1'
option ipaddr '192.168.0.1'
option gateway '<my-piblic-ip-address>'
list dns '8.8.8.8'
list dns '8.8.4.4'
option netmask '255.255.255.0'
package dhcp
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
option localservice '1'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv6 'server'
option ra 'server'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
package firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option disable_ipv6 '1'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
option network 'wan6 wan'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
root@pi-3-openwrt-router:~# head -n -0 /etc/firewall.user;
no content except comments
root@pi-3-openwrt-router:~# ip -4 addr ; ip -4 ro li tab all ; ip -4 ru;
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
3: eth1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq_codel master br-ppp state DOWN qlen 1000
inet 192.168.0.1/24 brd 192.168.0.255 scope global eth1
valid_lft forever preferred_lft forever
5: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
inet 172.16.1.245/16 brd 172.16.255.255 scope global br-lan
valid_lft forever preferred_lft forever
172.16.0.0/16 dev br-lan scope link src 172.16.1.245
192.168.0.0/24 dev eth1 scope link src 192.168.0.1
broadcast 127.0.0.0 dev lo table local scope link src 127.0.0.1
local 127.0.0.0/8 dev lo table local scope host src 127.0.0.1
local 127.0.0.1 dev lo table local scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo table local scope link src 127.0.0.1
broadcast 172.16.0.0 dev br-lan table local scope link src 172.16.1.245
local 172.16.1.245 dev br-lan table local scope host src 172.16.1.245
broadcast 172.16.255.255 dev br-lan table local scope link src 172.16.1.245
broadcast 192.168.0.0 dev eth1 table local scope link src 192.168.0.1
local 192.168.0.1 dev eth1 table local scope host src 192.168.0.1
broadcast 192.168.0.255 dev eth1 table local scope link src 192.168.0.1
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
root@pi-3-openwrt-router:~# ls -l /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/* ; head -n -0 /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/*
ls: /tmp/resolv.*/*: No such file or directory
lrwxrwxrwx 1 root root 16 Feb 15 15:22 /etc/resolv.conf -> /tmp/resolv.conf
-rw-r--r-- 1 root root 32 Apr 9 15:06 /tmp/resolv.conf
-rw-r--r-- 1 root root 108 Apr 9 15:06 /tmp/resolv.conf.auto
==> /etc/resolv.conf <==
search lan
nameserver 127.0.0.1
==> /tmp/resolv.conf <==
search lan
nameserver 127.0.0.1
==> /tmp/resolv.conf.auto <==
# Interface lan
nameserver 8.8.8.8
nameserver 8.8.4.4
# Interface wan
nameserver 8.8.8.8
nameserver 8.8.4.4
head: /tmp/resolv.*/*: No such file or directory
From lan interface remove gateway and dns.
Wan interface must have the pppoe protocol and all the settings, without the bridge type.
ppp interface is not assigned to any firewall zone, hence it cannot be used, better remove it altogether.
The rest looks very close to default to me, so it should work immediately as soon as the pppoe is configured on wan interface.
thankyou mk24 and trendy your advice worked, I have a basic internet connection now however there is a further complication I didn't mention in my OP. I have a proxy server on my lan that runs squid. the lan input is on 172.16.1.x and it comes out of the proxy on 192.168.0.x. this is why I tried to integrate 192.168.0.x into openwrt. do you think there's a way to get openwrt to take input traffic in on 192.158.0.1 and send it out over pppoe?
You'll need to create another interface which will be in the 192.168.0.X, so that you can have communication to the squid. However the proxy is a per device or per application setting. Therefore the lan devices or applications in the lan should be configured accordingly, and the squid should be using the 192.168.0.X address of OpenWrt as gateway. Alternatively you could migrate the squid into the lan.