No Internet on LAN to 4g WAN modem. Router not routing

Installing and Using OpenWrt
#1

Hello everyone. I am new to networking and Openwrt but not to linux. This is my frst time posting on the forum so bare with me. I will try to explain my situation as best as possible. My router is connected to the internet using PCI Modem: EP06-A. I can ping openwrt.org IPv4/6 and download opkg apps while ssh'd into the router from the PC. However I cannot ping/connect to the internet from the LAN zone, wired or wireless. How did I get to this point? Im glad you asked. After a fresh openwrt install. I connect/join the router's wlan interface to my other home wifi network from the wireless luci page. I click ok and save/apply without changing any configuration settings. After a quick reboot for good luck I have internet connection to my router AND my PC. At this point the LAN zone is being properly routed and I can ping and access the internet from the web browser.

Now what I really want is to get my PCI modem to provide my internet NOT my other home wireless network. So I SSH into the router and run:

root@OpenWrt:~# opkg update && opkg install socat chat libusb-1.0-0 usb-modeswitch wireless-tools pciutils usbutils ppp uqmi umbim comgt comgt-ncm luci-proto-ncm luci-proto-3g luci-proto-qmi kmod-mii kmod-usb-core kmod-usb-serial kmod-usb-serial-option kmod-usb-serial-wwan kmod-usb-acm kmod-usb-wdm kmod-usb-net kmod-usb-net-qmi-wwan kmod-usb-net-rndis kmod-usb-net-cdc-ether kmod-usb-net-huawei-cdc-ncm kmod-usb-net-cdc-mbim kmod-macvlan mwan3 luci-app-mwan3 qmi-utils

Then I reboot. Now that I got the apps that I need, I disable and delete wlan0 interface and disable mwan3 to avoid conflict then reboot again for good luck. Once rebooted I create a new interface called mwan (for mobile wan) and I select qmi protocol, select /dev/cdm0, fill in my APN and select the PDP type, and assign the firewall to the wan zone. Save and apply. Now at this point I have 5 interfaces: the 3 defaults: lan, wan, wan6, my newly created mwan and an automatically created virtual dynamic interface (DHCP client) mwan_4. At this point my mwan interfaces are up and running and connected to my SIM provider. I can now ping ipv4 and ipv6 from the router BUT I cannot ping from my PC.

Questions:
Do I have to setup port forwarding, NAT, or something? <---highly suspect but I don't know how to setup correctly
Is my ISP blocking my lan some how? <---no clue
Am I just a noob? <---- ding, ding, ding
All the above

I trying to learn more about networking but I'm stuck right now. I would like a solution and a detailed explanation as to why this is happening.

Thanx for hearing me out. If any more info is needed please let me know.

Here is all the current details about my rig:

PC: Kali Linux
Router: WE826-T
Firmware: openwrt-19.07.6-ramips-mt7620-zbt-we826-16M-squashfs-sysupgrade.bin (also tried openwrt rooter with the same results)
PCI Modem: EP06-A
SIM Service Provider: StraightTalk/Tracfone

# Kali Linux PC network connection settings while ethernet is connected to Openwrt router (ping to router works but ping to internet does not work)
root:~ # ifconfig 
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.3.243  netmask 255.255.255.0  broadcast 192.168.3.255
        inet6 fe80::35c8:5805:b549:563  prefixlen 64  scopeid 0x20<link>
        inet6 fd16:86ad:2bcb::36b  prefixlen 128  scopeid 0x0<global>
        inet6 2600:380:414f:a0ce::36b  prefixlen 128  scopeid 0x0<global>
        inet6 2600:380:414f:a0ce:b118:101c:73d7:914a  prefixlen 64  scopeid 0x0<global>
        inet6 fd16:86ad:2bcb:0:434f:6695:1e53:123b  prefixlen 64  scopeid 0x0<global>
        ether xx:xx:xx:xx:xx:xx  txqueuelen 1000  (Ethernet)
        RX packets 41991376  bytes 61493911052 (57.2 GiB)
        RX errors 0  dropped 1  overruns 0  frame 0
        TX packets 9582881  bytes 787895966 (751.3 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device interrupt 20  memory 0xd5900000-d5920000  

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 43862  bytes 10813607 (10.3 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 43862  bytes 10813607 (10.3 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        
root:~ [!1] # ping 192.168.3.1
PING 192.168.3.1 (192.168.3.1) 56(84) bytes of data.
64 bytes from 192.168.3.1: icmp_seq=1 ttl=64 time=0.596 ms
64 bytes from 192.168.3.1: icmp_seq=2 ttl=64 time=0.757 ms
64 bytes from 192.168.3.1: icmp_seq=3 ttl=64 time=0.646 ms
64 bytes from 192.168.3.1: icmp_seq=4 ttl=64 time=0.655 ms
64 bytes from 192.168.3.1: icmp_seq=5 ttl=64 time=0.713 ms
^C
--- 192.168.3.1 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4094ms
rtt min/avg/max/mdev = 0.596/0.673/0.757/0.055 ms

root:~ # ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
^C
--- 8.8.8.8 ping statistics ---
33 packets transmitted, 0 received, 100% packet loss, time 32762ms

root@OpenWrt:~# cat /etc/config/network 
config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd16:86ad:2bcb::/48'

config interface 'lan'
	option type 'bridge'
	option ifname 'eth0.1'
	option proto 'static'
	option ipaddr '192.168.3.1'
	option netmask '255.255.255.0'
	option ip6assign '60'

config device 'lan_eth0_1_dev'
	option name 'eth0.1'
	option macaddr 'xx:xx:xx:xx:xx:xx'

config interface 'wan'
	option ifname 'eth0.2'
	option proto 'dhcp'

config device 'wan_eth0_2_dev'
	option name 'eth0.2'
	option macaddr 'xx:xx:xx:xx:xx:xx'

config interface 'wan6'
	option ifname 'eth0.2'
	option proto 'dhcpv6'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '0 1 2 3 6t'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option ports '4 6t'

config interface 'mwan'
	option proto 'qmi'
	option device '/dev/cdc-wdm0'
	option pdptype 'ipv4v6'
	option apn 'reseller'
	option auth 'none'


root@OpenWrt:~# cat /etc/config/firewall 

config defaults
	option syn_flood '1'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	option network 'lan'

config zone
	option name 'wan'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'
	option network 'wan wan6 mwan'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option src_ip 'fc00::/6'
	option dest_ip 'fc00::/6'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config include
	option path '/etc/firewall.user'

root@OpenWrt:~# uqmi -d /dev/cdc-wdm0 --get-signal-info
{
	"type": "lte",
	"rssi": -81,
	"rsrq": -13,
	"rsrp": -109,
	"snr": 28
}

root@OpenWrt:~# uqmi -d /dev/cdc-wdm0 --get-data-status
"connected"

root@OpenWrt:~# qmicli -d /dev/cdc-wdm0 --wda-get-data-format 
[/dev/cdc-wdm0] Successfully got data format
                   QoS flow header: no
               Link layer protocol: 'raw-ip'
  Uplink data aggregation protocol: 'disabled'
Downlink data aggregation protocol: 'disabled'
                     NDP signature: '0'
Downlink data aggregation max datagrams: '0'
Downlink data aggregation max size: '0'

root@OpenWrt:~# cat  /sys/class/net/wwan0/qmi/raw_ip
Y

root@OpenWrt:~# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: seq=0 ttl=115 time=64.535 ms
64 bytes from 8.8.8.8: seq=1 ttl=115 time=81.975 ms
64 bytes from 8.8.8.8: seq=2 ttl=115 time=45.757 ms
64 bytes from 8.8.8.8: seq=3 ttl=115 time=45.417 ms
^C
--- 8.8.8.8 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 45.417/59.421/81.975 ms

root@OpenWrt:~# opkg update
Downloading http://downloads.openwrt.org/releases/19.07.6/targets/ramips/mt7620/packages/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_core
Downloading http://downloads.openwrt.org/releases/19.07.6/targets/ramips/mt7620/packages/Packages.sig
Signature check passed.
^C

root@OpenWrt:~# route 
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         10.34.149.52    0.0.0.0         UG    0      0        0 wwan0
10.34.149.48    *               255.255.255.248 U     0      0        0 wwan0
192.168.3.0     *               255.255.255.0   U     0      0        0 br-lan
#2

At first sight, everything looks correct in your configuration. My first bet is that your ISP si blocking the connection.

Could you please do a traceroute from the computer?

1 Like
#3

Thank you for your quick response. You caught me in the middle of a firmware change. I was having issues with the qmi driver where it stopped creating my modem interface all of a sudden.(i'll make a new topic about that soon as im finished with this one) So I changed back to "rooter" firmware for now to continue my mission. Here's what i got so far:

root:~ # traceroute 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
 1  ROOter.lan (192.168.1.1)  0.581 ms  0.780 ms  0.744 ms
 2  172.21.0.14 (172.21.0.14)  35.109 ms * *
 3  * * *
 4  107.77.242.118 (107.77.242.118)  43.886 ms 107.77.242.116 (107.77.242.116)  43.853 ms 107.77.242.118 (107.77.242.118)  43.819 ms
 5  12.249.2.61 (12.249.2.61)  46.645 ms  46.611 ms  50.716 ms
 6  12.83.178.17 (12.83.178.17)  50.630 ms 12.83.178.29 (12.83.178.29)  43.665 ms  45.343 ms
 7  wswdc21crs.ip.att.net (12.122.2.33)  47.503 ms 12.122.116.37 (12.122.116.37)  38.343 ms wswdc21crs.ip.att.net (12.122.2.33)  46.725 ms
 8  12.122.116.37 (12.122.116.37)  39.834 ms 12.255.11.0 (12.255.11.0)  41.380 ms 12.255.11.8 (12.255.11.8)  37.744 ms
 9  * * 108.170.246.1 (108.170.246.1)  40.911 ms
10  * * *
11  dns.google (8.8.8.8)  42.972 ms  40.546 ms  39.092 ms

root:~ # traceroute openwrt.org
traceroute to openwrt.org (139.59.209.225), 30 hops max, 60 byte packets
 1  ROOter.lan (192.168.1.1)  0.502 ms  0.699 ms  0.930 ms
 2  172.21.0.6 (172.21.0.6)  38.745 ms * *
 3  * * *
 4  107.77.242.118 (107.77.242.118)  42.656 ms  42.621 ms 107.77.242.116 (107.77.242.116)  42.585 ms
 5  12.249.2.61 (12.249.2.61)  43.897 ms 12.249.2.57 (12.249.2.57)  49.502 ms 12.249.2.61 (12.249.2.61)  47.612 ms
 6  12.83.178.29 (12.83.178.29)  47.578 ms 12.83.178.17 (12.83.178.17)  42.932 ms 12.83.178.29 (12.83.178.29)  48.606 ms
 7  wswdc401igs.ip.att.net (12.122.113.37)  43.301 ms  39.408 ms igs1.wswdc.ip.att.net (12.122.134.133)  42.988 ms
 8  192.205.37.54 (192.205.37.54)  42.940 ms  42.907 ms  41.652 ms
 9  ae-9.r25.asbnva02.us.bb.gin.ntt.net (129.250.5.153)  43.576 ms  43.509 ms  44.663 ms
10  * ae-7.r21.londen12.uk.bb.gin.ntt.net (129.250.2.110)  118.886 ms  114.848 ms
11  ae-7.r00.londen14.uk.bb.gin.ntt.net (129.250.3.191)  112.054 ms  114.704 ms  115.889 ms
12  ae-1.a01.londen14.uk.bb.gin.ntt.net (129.250.2.235)  113.509 ms  114.602 ms  110.082 ms
13  ae-1.digital-ocean.londen14.uk.bb.gin.ntt.net (83.231.181.122)  113.646 ms  114.417 ms 62.73.179.138 (62.73.179.138)  111.188 ms
14  * * *
15  * * *
16  * * *
17  * * *
18  * wiki-01.infra.openwrt.org (139.59.209.225)  146.708 ms  146.466 ms

root:~ # ping google.com
PING google.com(iad30s21-in-x0e.1e100.net (2607:f8b0:4004:811::200e)) 56 data bytes
From 2600:380:410f:a3f::1 (2600:380:410f:a3f::1) icmp_seq=1 Destination unreachable: No route
From 2600:380:410f:a3f::1 (2600:380:410f:a3f::1) icmp_seq=2 Destination unreachable: No route
From 2600:380:410f:a3f::1 (2600:380:410f:a3f::1) icmp_seq=3 Destination unreachable: No route
From 2600:380:410f:a3f::1 (2600:380:410f:a3f::1) icmp_seq=4 Destination unreachable: No route
^C
--- google.com ping statistics ---
4 packets transmitted, 0 received, +4 errors, 100% packet loss, time 3004ms

root:~ [!1] # ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=115 time=79.5 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=115 time=40.7 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=115 time=59.1 ms
64 bytes from 8.8.8.8: icmp_seq=4 ttl=115 time=57.3 ms
^C
--- 8.8.8.8 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3005ms
rtt min/avg/max/mdev = 40.698/59.169/79.535/13.778 ms

I'm guessing it's a NAT or routing issue?

#4

Rooter is not OpenWrt, you might want to open a thread in their support forum.

Anyway, notice how IPv4 seems to work, but IPv6 fails. I would focus on IPv6 now.

2 Likes
#5

Yeah I know. I don't plan on staying on "rooter" i was just using it to test what might be going on with my connection. I'm gonna switch back to openwrt in a couple hours. I don't want just a solution. I want to understand how the system works. I'm gonna tinker with IPv6 like you said, to see what happens. Whether it works on rooter or not i'll be switching back to openwrt to see if i can replicate the success. Either way I'll be back on this post with a solution or with more questions. Thank you for your help and prompt responses. I been up for days trying to learn and get this thing to work so I'm gonna catch some Z's. In the words of The Governator "I'll be bach".