No connection via Ethernet port, Wireless is working perfectly

Gnoth-404 · April 28, 2024, 10:56am

Hi, i could not figure out why so wanna ask for help. My Ethernet port/ Lan port is not working, can not access to Luci. Wireless is working fine with internet connection. My guess is i messed up with Firewall configuration.
Thanks
Attached is my config and setup

{
	"kernel": "5.15.134",
	"hostname": "OpenWrt",
	"system": "MediaTek MT7628AN ver:1 eco:2",
	"model": "TP-Link Archer C50 v4",
	"board_name": "tplink,archer-c50-v4",
	"rootfs_type": "squashfs",
	"release": {
		"distribution": "OpenWrt",
		"version": "23.05.0",
		"revision": "r23497-6637af95aa",
		"target": "ramips/mt76x8",
		"description": "OpenWrt 23.05.0 r23497-6637af95aa"
	}
}

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd29:27b5:7e87::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth0.1'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'
	option ip6assign '60'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '0'

config interface 'wan'
	option proto 'static'
	option device 'eth0'
	option ipaddr '130.83.x.x'
	option gateway '130.83.x.x'
	list dns '130.83.x.x'
	list dns '130.83.x.x'
	option type 'bridge'
	option netmask '255.255.252.0'


config dnsmasq
	option domainneeded '1'
	option boguspriv '1'
	option filterwin2k '0'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option nonegcache '0'
	option cachesize '1000'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option nonwildcard '1'
	option localservice '1'
	option ednspacket_max '1232'
	option filter_aaaa '0'
	option filter_a '0'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'server'
	option dhcpv6 'server'
	option ra 'server'
	option ra_slaac '1'
	list ra_flags 'managed-config'
	list ra_flags 'other-config'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

config dhcp 'wan'
	option interface 'wan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option ignore '1'

config host
	option name 'ender5'
	option ip '192.168.1.216'
	option mac 'E4:5F:01:43:DF:CA'

config defaults
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option synflood_protect '1'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	list network 'lan'
	option masq '1'

config zone
	option name 'wan'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'
	list network 'wan'

config forwarding
	option src 'lan'
	option dest 'wan'

psherman · April 28, 2024, 12:30pm

Gnoth-404:

config interface 'wan'
	option proto 'static'
	option device 'eth0'
	option ipaddr '130.83.x.x'
	option gateway '130.83.x.x'
	list dns '130.83.x.x'
	list dns '130.83.x.x'
	option type 'bridge'
	option netmask '255.255.252.0'

Remove the bridge line.

Turn off masquerading on the lan

There appears to be a lot of stuff missing from the configs you shared. Did you omit content, or was what you shared all there is??

mk24 · April 28, 2024, 12:43pm

In particular, most of the switch config is gone. I believe the MT7628 is not DSA, so you need a proper switch config for the Ethernet ports to work. This includes running VLANs internally in the switch. Without switch VLANs running, eth0.1 goes nowhere.

The rule is to start with a default configuration, change only what is needed to meet your use case, and leave the rest alone.

When lan is a bridge, in the case where a wifi AP and an Ethernet port are both in br-lan, traffic between them occurs at layer 2. The firewall (layer 3) does not get involved.

Gnoth-404 · April 28, 2024, 12:44pm

No, i hid some configs related to my internet access. I lived in the dorm.

Gnoth-404 · April 28, 2024, 12:46pm

Hi, here is my current switch config. Should i turn it on?

mk24 · April 28, 2024, 12:49pm

Yes you would need to check the enable VLAN box and build out two VLANs in the switch, one attaching the four lan ports to eth0.1 and one attaching the wan port to eth0.2. That is already done in the default configuration and you would not need to change it. I suggest resetting to defaults and configuring the router all over.

system · May 8, 2024, 12:50pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.