No internet connection with fritzbox 7362SL

I have openWRT installed on a FB 7362SL. It has one DSL port and 4 LAN ports. I would like to use LAN1 as WAN port and turn off the DSL modem. In the UI I have swapped DSL for LAN1. LAN1 has got an IP address from the provider. Nevertheless openWRT has no internet access. The software list cannot be downloaded. Which settings do I have to change? The LAN ports are displayed as if they are internally connected to eth0 via a switch. can they be managed individually? Can I use LAN1 as WAN port and LAN2 to 3 for different subnets? The FB gets very warm. Is it possible to save power by turning off the DSL modem?
Thanks for the help.

Hello,
you could start with the output of:
ubus call system board
and
cat /etc/config/network

Hello,
here are the two information blocks:

root@OpenWrt:~# ubus call system board
{
        "kernel": "5.10.176",
        "hostname": "OpenWrt",
        "system": "xRX200 rev 1.2",
        "model": "AVM FRITZ!Box 7362 SL",
        "board_name": "avm,fritz7362sl",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "22.03.5",
                "revision": "r20134-5f15225c1e",
                "target": "lantiq/xrx200",
                "description": "OpenWrt 22.03.5 r20134-5f15225c1e"
        }
}
--------------------------------------------------------------
root@OpenWrt:~# cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd69:e840:3e13::/48'

config atm-bridge 'atm'
        option vpi '1'
        option vci '32'
        option encaps 'llc'
        option payload 'bridged'
        option nameprefix 'dsl'

config dsl 'dsl'
        option annex 'b'
        option tone 'av'
        option ds_snr_offset '0'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan2'
        list ports 'lan3'
        list ports 'lan4'

config device
        option name 'lan1'
        option macaddr '32:83:D4:2C:47:89'

config device
        option name 'lan2'
        option macaddr '32:83:D4:2C:47:89'

config device
        option name 'lan3'
        option macaddr '32:83:D4:2C:47:89'

config device
        option name 'lan4'
        option macaddr '32:83:D4:2C:47:89'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option ipaddr '192.168.1.2'

config device
        option name 'dsl0'
        option macaddr '36:81:C2:2B:47:9C'

config interface 'wan'
        option device 'lan1'
        option proto 'dhcp'

config interface 'wan6'
        option proto 'dhcpv6'
        option device 'lan1'
        option reqaddress 'try'
        option reqprefix 'auto'

config interface 'Buchse2'
        option proto 'static'
        option device 'lan2'
        option ipaddr '192.168.12.4'
        option netmask '255.255.255.0'
        option ip6assign '64'

root@OpenWrt:~#

Thanks for the help

The config looks fine for me.

Is it (much) warmer now than with the stock firmware?
What does Status->Overview-> Load average show?

The modem can't be turned off, except by a hardware modification.

Can you elaborate this?
Which IP address did the FB got?
Can you ping this address from the 7362?
Can you ping both 8.8.8.8 and google.com from the FB?

And all the same from a connected PC?

I think the temperatu is about the same with openWRT. The display is: Load Average 0.82, 0.82, 0.87

The modem can't be turned off, except by a hardware modification.

What needs to be changed in the hardware? I could install a jumper.

Can you elaborate this?

At this moment the openWRT FB is in the network of another FB. So it has got an address like this: 192.168.x.x
But I get no answer from the internet with "opkg update". The ping to this 192.168.x.x address works from the console of the openWRT FB. It does not work from the network of the upstream FB. The ping to 8.8.8.8 does not work either. The ping to 8.8.8.8 works from the network of the upstream FB.
From a PC connected to the 7362 the ping to 8.8.8.8 does not work.

Which one exactly? As they're private addresses, it doesn't make sense to obfuscate them.
I assume, the upstream FB is on stock firmware?
It seems, there is gateway and default route missing.
What does route say?

The full IP address is 192.168.20.91

This is the answer of route:

root@OpenWrt:~# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 192.168.20.1 0.0.0.0 UG 0 0 0 lan1
192.168.1.0 * 255.255.255.0 U 0 0 0 br-lan
192.168.20.0 * 255.255.255.0 U 0 0 0 lan2
192.168.20.0 * 255.255.255.0 U 0 0 0 lan1

The upstream FB is on stock firmware.

lan2 is used in two places -- br-lan and Buchse2 -- this will cause a problem. Remove lan2 from br-lan and that may help.

The hint about lan2 was good. Now the router is reachable on lan2 and lan3 with different ip addresses. The console also responds faster. This error had probably kept him very busy.

But the internet connection still does not work. ping 8.8.8.8 in the console brings no results.

Can you help there too?

let's see the complete configuration as it is right now:

Please copy the output of the following commands and post it here using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have:

ifconfig
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall
1 Like
root@OpenWrt:~# ifconfig
br-lan    Link encap:Ethernet  HWaddr 
          inet addr:192.168.1.2  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: aaaa::3681:c4ff:fe2b:4999/64 Scope:Link
          inet6 addr: bbbb:ea40:3e53::5/60 Scope:Global
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:1998 errors:0 dropped:562 overruns:0 frame:0
          TX packets:1215 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:271051 (264.6 KiB)  TX bytes:899841 (878.7 KiB)

eth0      Link encap:Ethernet  HWaddr x:x:x:x:x:x
          inet6 addr: x:x:x:x:x:x/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1508  Metric:1
          RX packets:20570 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2816 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:2482090 (2.3 MiB)  TX bytes:1637395 (1.5 MiB)

lan1      Link encap:Ethernet  HWaddr x:x:x:x:x:x
          inet addr:192.168.20.91  Bcast:192.168.20.255  Mask:255.255.255.0
          inet6 addr: x:x:x:x:x:x/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:10059 errors:0 dropped:4665 overruns:0 frame:0
          TX packets:355 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1168425 (1.1 MiB)  TX bytes:32638 (31.8 KiB)

lan2      Link encap:Ethernet  HWaddr x:x:x:x:x:x
          inet addr:192.168.20.4  Bcast:192.168.20.255  Mask:255.255.255.0
          inet6 addr: aaaa::3681:c4ff:fe2b:4999/64 Scope:Link
          inet6 addr: bbbb:ea40:3e53:31::5/64 Scope:Global
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:8162 errors:0 dropped:3795 overruns:0 frame:0
          TX packets:1231 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:859092 (838.9 KiB)  TX bytes:689622 (673.4 KiB)

lan3      Link encap:Ethernet  HWaddr x:x:x:x:x:x
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:2333 errors:0 dropped:10 overruns:0 frame:0
          TX packets:1214 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:288589 (281.8 KiB)  TX bytes:899787 (878.6 KiB)

lan4      Link encap:Ethernet  HWaddr x:x:x:x:x:x
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:1251 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1251 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:107409 (104.8 KiB)  TX bytes:107409 (104.8 KiB)

root@OpenWrt:~# cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'cccc:ea40:3223::/48'

config atm-bridge 'atm'
        option vpi '1'
        option vci '32'
        option encaps 'llc'
        option payload 'bridged'
        option nameprefix 'dsl'

config dsl 'dsl'
        option annex 'b'
        option tone 'av'
        option ds_snr_offset '0'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan3'
        list ports 'lan4'

config device
        option name 'lan1'
        option macaddr 'x:x:x:x:x:x'

config device
        option name 'lan2'
        option macaddr 'x:x:x:x:x:x'

config device
        option name 'lan3'
        option macaddr 'x:x:x:x:x:x'

config device
        option name 'lan4'
        option macaddr 'x:x:x:x:x:x'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option ipaddr '192.168.1.2'

config device
        option name 'dsl0'
        option macaddr 'x:x:x:x:x:x'

config interface 'wan'
        option device 'lan1'
        option proto 'dhcp'

config interface 'wan6'
        option proto 'dhcpv6'
        option device 'lan1'
        option reqaddress 'try'
        option reqprefix 'auto'

config interface 'Buchse2'
        option proto 'static'
        option device 'lan2'
        option ipaddr '192.168.20.4'
        option netmask '255.255.255.0'
        option ip6assign '64'
root@OpenWrt:~# cat /etc/config/wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option path 'pci0000:00/0000:00:00.0/0000:01:00.0'
        option channel '1'
        option band '2g'
        option htmode 'HT20'
        option disabled '1'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option network 'lan'
        option mode 'ap'
        option ssid 'OpenWrt'
        option encryption 'none'
root@OpenWrt:~# cat /etc/config/dhcp

config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option nonwildcard '1'
        option localservice '1'
        option ednspacket_max '1232'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option dhcpv6 'server'
        option ra 'server'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'
        option ignore '1'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'
        option start '100'
        option limit '150'
        option leasetime '12h'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

config dhcp 'Buchse2'
        option interface 'Buchse2'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option ignore '1'
root@OpenWrt:~# cat /etc/config/firewall

config defaults
        option syn_flood '1'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        list network 'lan'
        list network 'Buchse2'

config zone
        option name 'wan'
        list network 'wan'
        list network 'wan6'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

There's something i haven't noticed before.
lan1 (which is now wan) and lan2 are in the same subnet.
That won't work.
The 192.168.20.x net is from the upstream router, and so will be the wan address for the 7362.
You do need another subnet for lan2 (maybe 192.168.30.x).

1 Like

Now I have changed the subnet of lan2. But the ping 8.8.8.8 unfortunately still does not work.
Can it be that a definition is missing?

How does openWRT know where the Internet gateway is?

The gateway information should be provided by the DHCP server that is upstream. In your case, whatever is connected to lan1 which is associated with the wan interface. The wan interface is then associated with the wan firewall zone which has masquerading enabled (and blocks unsolicited inbound connetions by default), allowing it to share a single IP address with the entire network behind the router.

For a simple wan/lan configuration, the system will automatically determine the upstream network and gateway so that it can route appropriately.

After you changed the subnet of lan2, did you restart your router?

1 Like

Thank you. That is completely understandable. The problem here is that dhcp server has communicated a wrong gateway address. After assigning a static IP address on the WAN interface with the correct gateway address, the internet connection worked.
Thank you very much for your support.
Now the problem is that the internet connection works only over lan2 and unfortunately not over lan3 and 4. Does this fit in this thread or should I open a new topic?

That is really unusual, unless either the DHCP server is misconfigured, or if there is another DHCP server on the network.

Do you have any other routers or other devices that could have a DHCP server that are connected to the upstream network?

I think the problem is here:

The above is the DHCP server for your lan -- and it is set to ignore. In other words, the DHCP server is disabled on the lan network interface (which is connecte to ports lan3 and lan4).

Yes, there are several routers with Internet access in the network but only one with DHCP server. This router does not have Internet access at the moment.

For these tests I work with static IP addresses. Later I need a DHCP server at lan2 and no DHCP server at lan3 and lan4. lan2, lan3 and lan4 shall get own IP ranges and shall not see each other. Is it then necessary for each lan to define its own firewall zone?

Maybe you can show us a topology diagram, including the wan/lan interfaces and IP addresses on each interface?

What IP address are you assigning on the hosts that are connected to lan3 and lan4? Based on the below stanza, it must be in the 192.168.1.0/24 network, avoiding a last octet of 0, 2, and 255, and obviously avoiding any conflict with any other hosts on the network. You also need to make sure you populate the correct gateway and dns (192.168.1.2) and subnet mask (255.255.255.0)

Also, what is the upstream network IP address (i.e. the wan on lan1 -- you set a static IP, what is it)?

It's easy enough to prevent them from seeing each other even if they are in the same zone -- just set the forward zone rule to reject or drop. But if they should be in the same zone or not ultimately depends on the goals -- if the allowances/restrictions are similar for all of the networks, putting them in the same zone is easy and works well. If there are significant differences in how each of the networks should behave, you may want different zones.