Is the dmesg different now with different image ? Does it says anything about lan ?
ip link
devstatus lan OR devstatus br-lan
According to the diagnostics your router has Internet access. Do you get Internet access on wifi?
I really don't see any issue with the config so far. I wonder why there's no internet access on LAN?
Edit: How do you connect to router from PC? Do you use static IP or DHCP? It could be an issue with DNS on your PC maybe. It would explain no internet connectivity on PC.
I do not know
I think that's part of default configuration and could be related to identifying the WAN interface with its default mac address. I have it in my router.
1 Like
ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 1000
link/ether ac:f1:df:2a brd ff:ff:ff:ff:ff:ff
inet6 fe80::aef1:dfff:fe2a:/64 scope link
valid_lft forever preferred_lft forever
3: wlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether ac:f1:df:2a:53:9a brd ff:ff:ff:ff:ff:ff
4: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether ae:f1:df:2a:53:9a brd ff:ff:ff:ff:ff:ff
inet 192.168.1.1/24 brd 192.168.1.255 scope global br-lan
valid_lft forever preferred_lft forever
inet6 fdc4:5579:da::1/60 scope global noprefixroute
valid_lft forever preferred_lft forever
inet6 fe80::acf1:dfff:fe2a:/64 scope link
valid_lft forever preferred_lft forever
5: eth0.1@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP group default qlen 1000
link/ether ae:f1:df:2a:53:9a brd ff:ff:ff:ff:ff:ff
6: eth0.2@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether ae:f1:df:2a:53:9b brd ff:ff:ff:ff:ff:ff
inet6 fe80::acf1:dfff:fe2a:539b/64 scope link
valid_lft forever preferred_lft forever
7: pppoe-wan: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1492 qdisc fq_codel state UNKNOWN group default qlen 3
link/ppp
inet 217.175.**.* peer 10.10.10.10/32 scope global pppoe-wan
valid_lft forever preferred_lft forever
root@OpenWrt:~# devstatus br-lan
{
"external": false,
"present": true,
"type": "bridge",
"up": true,
"carrier": true,
"bridge-members": [
"eth0.1"
],
"mtu": 1500,
"mtu6": 1500,
"macaddr": "ae:f1:df:2a:**:**",
"txqueuelen": 1000,
"ipv6": true,
"promisc": false,
"rpfilter": 0,
"acceptlocal": false,
"igmpversion": 0,
"mldversion": 0,
"neigh4reachabletime": 30000,
"neigh6reachabletime": 30000,
"neigh4gcstaletime": 60,
"neigh6gcstaletime": 60,
"neigh4locktime": 100,
"dadtransmits": 1,
"multicast": true,
"sendredirects": true,
"statistics": {
"collisions": 0,
"rx_frame_errors": 0,
"tx_compressed": 0,
"multicast": 0,
"rx_length_errors": 0,
"tx_dropped": 0,
"rx_bytes": 1175799,
"rx_missed_errors": 0,
"tx_errors": 0,
"rx_compressed": 0,
"rx_over_errors": 0,
"tx_fifo_errors": 0,
"rx_crc_errors": 0,
"rx_packets": 7899,
"tx_heartbeat_errors": 0,
"rx_dropped": 0,
"tx_aborted_errors": 0,
"tx_packets": 5140,
"rx_errors": 0,
"tx_bytes": 798670,
"tx_window_errors": 0,
"rx_fifo_errors": 0,
"tx_carrier_errors": 0
}
}
From OpenWrt and PC connected via OpenWrt:
traceroute example.org
I can not connect to Wi-Fi, because I am at a distance of 2000km to the router, but router has internet access, pings from ROUTER ok, pings from PC fail.
On PC I set static IP addres.
DNS nothing to do with, "ping -I enp1s7 8.8.8.8" from PC fail too
Set up a VPN on the router, connect to PC via VPN and collect diagnostics information.
from ROUTER:
root@OpenWrt:~# traceroute openwrt.org
traceroute to openwrt.org (139.59.209.225), 30 hops max, 38 byte packets
1 10.10.10.10 (10.10.10.10) 0.528 ms 0.517 ms 0.515 ms
2 87.255.238.98 (87.255.238.98) 1.422 ms 1.636 ms 1.271 ms
3 95.167.140.149 (95.167.140.149) 0.812 ms 1.490 ms 0.790 ms
4 95.167.95.103 (95.167.95.103) 65.640 ms 56.418 ms 56.240 ms
5 80.249.211.163 (80.249.211.163) 60.183 ms 60.955 ms 60.175 ms
6 138.197.244.68 (138.197.244.68) 56.604 ms 56.719 ms 138.197.250.71 (138.197.250.71) 55.023 ms
7 138.197.244.68 (138.197.244.68) 56.766 ms * *
8 * wiki-01.infra.openwrt.org (139.59.209.225) 60.567 ms 60.093 ms
root@OpenWrt:~#
from PC:
root@os ~ % traceroute -ienp1s7 openwrt.org
traceroute to openwrt.org (139.59.209.225), 30 hops max, 60 byte packets
1 _gateway (192.168.1.1) 0.609 ms 1.006 ms 1.402 ms
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *
root@os ~ %
1 Like
From OpenWrt and PC:
ip a; ip r; ip ru; iptables-save; sysctl net 2>/dev/null | grep forward
from PC:
root@os ~ % ip a; ip r; ip ru; iptables-save
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: enp1s6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 1000
link/ether 00:1d:60:cf:28:ec brd ff:ff:ff:ff:ff:ff
inet 10.1.10.9/24 brd 10.1.10.255 scope global enp1s6
valid_lft forever preferred_lft forever
3: enp1s7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether d8:5d:4c:82:59:f4 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.2/24 brd 192.168.1.255 scope global enp1s7
valid_lft forever preferred_lft forever
default via 10.1.10.1 dev enp1s6 proto static
default via 192.168.1.1 dev enp1s7 proto static
10.1.10.0/24 dev enp1s6 proto kernel scope link src 10.1.10.9
192.168.1.0/24 dev enp1s7 proto kernel scope link src 192.168.1.2
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
# Generated by iptables-save v1.6.2 on Sat Mar 16 21:36:28 2019
*mangle
:PREROUTING ACCEPT [577747:249348851]
:INPUT ACCEPT [570909:248774473]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [611933:721632549]
:POSTROUTING ACCEPT [611933:721632549]
COMMIT
# Completed on Sat Mar 16 21:36:28 2019
# Generated by iptables-save v1.6.2 on Sat Mar 16 21:36:28 2019
*filter
:INPUT DROP [1623:51936]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [611933:721632549]
:SSH - [0:0]
:interfaces - [0:0]
:open - [0:0]
-A INPUT -p icmp -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -j interfaces
-A INPUT -j open
-A INPUT -p tcp -j REJECT --reject-with tcp-reset
-A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable
-A interfaces -i lo -j ACCEPT
-A open -p tcp -m tcp --dport 49227 -j ACCEPT
-A open -p tcp -m tcp --dport 80 -j ACCEPT
-A open -p udp -m udp --dport 53 -j ACCEPT
-A open -p udp -m udp --dport 443 -j ACCEPT
-A open -p tcp -m tcp --dport 443 -j ACCEPT
COMMIT
# Completed on Sat Mar 16 21:36:28 2019
From ROUTER:
s
root@OpenWrt:~# ip a; ip r; ip ru; iptables-save
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 1000
link/ether ac:f1:df:2a:**:** brd ff:ff:ff:ff:ff:ff
inet6 fe80::aef1:dfff:fe2a:****/64 scope link
valid_lft forever preferred_lft forever
3: wlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether ac:f1:df:2a:**:** brd ff:ff:ff:ff:ff:ff
4: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether ae:f1:df:2a:**:** brd ff:ff:ff:ff:ff:ff
inet 192.168.1.1/24 brd 192.168.1.255 scope global br-lan
valid_lft forever preferred_lft forever
inet6 fdc4:5579:da96::1/60 scope global noprefixroute
valid_lft forever preferred_lft forever
inet6 fe80::acf1:dfff:fe2a:****/64 scope link
valid_lft forever preferred_lft forever
5: eth0.1@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP group default qlen 1000
link/ether ae:f1:df:2a:**:** brd ff:ff:ff:ff:ff:ff
6: eth0.2@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether ae:f1:df:2a:**:** brd ff:ff:ff:ff:ff:ff
inet6 fe80::acf1:dfff:fe2a:****/64 scope link
valid_lft forever preferred_lft forever
7: pppoe-wan: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1492 qdisc fq_codel state UNKNOWN group default qlen 3
link/ppp
inet 217.175.**.** peer 10.10.10.10/32 scope global pppoe-wan
valid_lft forever preferred_lft forever
default via 10.10.10.10 dev pppoe-wan proto static
10.10.10.10 dev pppoe-wan proto kernel scope link src 217.175.**.**
192.168.1.0/24 dev br-lan proto kernel scope link src 192.168.1.1
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
# Generated by iptables-save v1.6.2 on Sat Mar 16 18:36:26 2019
*nat
:PREROUTING ACCEPT [6220:775604]
:INPUT ACCEPT [53:3004]
:OUTPUT ACCEPT [678:49920]
:POSTROUTING ACCEPT [29:1976]
:postrouting_lan_rule - [0:0]
:postrouting_rule - [0:0]
:postrouting_wan_rule - [0:0]
:prerouting_lan_rule - [0:0]
:prerouting_rule - [0:0]
:prerouting_wan_rule - [0:0]
:zone_lan_postrouting - [0:0]
:zone_lan_prerouting - [0:0]
:zone_wan_postrouting - [0:0]
:zone_wan_prerouting - [0:0]
-A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
-A PREROUTING -i br-lan -m comment --comment "!fw3" -j zone_lan_prerouting
-A PREROUTING -i pppoe-wan -m comment --comment "!fw3" -j zone_wan_prerouting
-A PREROUTING -i eth0.2 -m comment --comment "!fw3" -j zone_wan_prerouting
-A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
-A POSTROUTING -o br-lan -m comment --comment "!fw3" -j zone_lan_postrouting
-A POSTROUTING -o pppoe-wan -m comment --comment "!fw3" -j zone_wan_postrouting
-A POSTROUTING -o eth0.2 -m comment --comment "!fw3" -j zone_wan_postrouting
-A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
-A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
-A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule
-A zone_wan_postrouting -m comment --comment "!fw3" -j MASQUERADE
-A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule
COMMIT
# Completed on Sat Mar 16 18:36:26 2019
# Generated by iptables-save v1.6.2 on Sat Mar 16 18:36:26 2019
*mangle
:PREROUTING ACCEPT [17538:2828742]
:INPUT ACCEPT [12071:1351530]
:FORWARD ACCEPT [5464:1477032]
:OUTPUT ACCEPT [8642:644026]
:POSTROUTING ACCEPT [12483:1999386]
-A FORWARD -o pppoe-wan -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -o eth0.2 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
COMMIT
# Completed on Sat Mar 16 18:36:26 2019
# Generated by iptables-save v1.6.2 on Sat Mar 16 18:36:26 2019
*filter
:INPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:forwarding_lan_rule - [0:0]
:forwarding_rule - [0:0]
:forwarding_wan_rule - [0:0]
:input_lan_rule - [0:0]
:input_rule - [0:0]
:input_wan_rule - [0:0]
:output_lan_rule - [0:0]
:output_rule - [0:0]
:output_wan_rule - [0:0]
:reject - [0:0]
:syn_flood - [0:0]
:zone_lan_dest_ACCEPT - [0:0]
:zone_lan_forward - [0:0]
:zone_lan_input - [0:0]
:zone_lan_output - [0:0]
:zone_lan_src_ACCEPT - [0:0]
:zone_wan_dest_ACCEPT - [0:0]
:zone_wan_dest_REJECT - [0:0]
:zone_wan_forward - [0:0]
:zone_wan_input - [0:0]
:zone_wan_output - [0:0]
:zone_wan_src_REJECT - [0:0]
-A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
-A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
-A INPUT -i br-lan -m comment --comment "!fw3" -j zone_lan_input
-A INPUT -i pppoe-wan -m comment --comment "!fw3" -j zone_wan_input
-A INPUT -i eth0.2 -m comment --comment "!fw3" -j zone_wan_input
-A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A FORWARD -i br-lan -m comment --comment "!fw3" -j zone_lan_forward
-A FORWARD -i pppoe-wan -m comment --comment "!fw3" -j zone_wan_forward
-A FORWARD -i eth0.2 -m comment --comment "!fw3" -j zone_wan_forward
-A FORWARD -m comment --comment "!fw3" -j reject
-A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -o br-lan -m comment --comment "!fw3" -j zone_lan_output
-A OUTPUT -o pppoe-wan -m comment --comment "!fw3" -j zone_wan_output
-A OUTPUT -o eth0.2 -m comment --comment "!fw3" -j zone_wan_output
-A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
-A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp-port-unreachable
-A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
-A syn_flood -m comment --comment "!fw3" -j DROP
-A zone_lan_dest_ACCEPT -o br-lan -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
-A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT
-A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
-A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
-A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
-A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_src_ACCEPT -i br-lan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_ACCEPT -o pppoe-wan -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
-A zone_wan_dest_ACCEPT -o pppoe-wan -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_ACCEPT -o eth0.2 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
-A zone_wan_dest_ACCEPT -o eth0.2 -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_REJECT -o pppoe-wan -m comment --comment "!fw3" -j reject
-A zone_wan_dest_REJECT -o eth0.2 -m comment --comment "!fw3" -j reject
-A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
-A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT
-A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule
-A zone_wan_input -p udp -m udp --dport 68 -m comment --comment "!fw3: Allow-DHCP-Renew" -j ACCEPT
-A zone_wan_input -p icmp -m icmp --icmp-type 8 -m comment --comment "!fw3: Allow-Ping" -j ACCEPT
-A zone_wan_input -p igmp -m comment --comment "!fw3: Allow-IGMP" -j ACCEPT
-A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_REJECT
-A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
-A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
-A zone_wan_src_REJECT -i pppoe-wan -m comment --comment "!fw3" -j reject
-A zone_wan_src_REJECT -i eth0.2 -m comment --comment "!fw3" -j reject
COMMIT
# Completed on Sat Mar 16 18:36:26 2019
root@OpenWrt:~#
1 Like
The issue is here.
Solution:
nmcli connection modify "enp1s6_connection_name" ipv4.route-metric "1024"
nmcli connection modify "enp1s6_connection_name" ipv4.never-default "yes"
1 Like
via enp1s6 internet ok, is it help for enp1s7?
Both default routes have the same metric in the same routing table.
It means the second route is ignored completely.
A question:
Router was talking only Ipv6 or wrong ipv4
While PC only ipv4 ?
On the interface connected to Router that I am assuming being enp1s7
How i can change route metric with systemd-networkd?
All modern OS prefer IPv6 provided enough connectivity.
OpenWrt router is not IPv4-only, it has LLA and ULA IPv6-connectivity:
https://en.wikipedia.org/wiki/Reserved_IP_addresses#IPv6
Routing for IPv4 an IPv6 works independently, so it may differ.
What is your current configuration for enp1s6-interface?
1 Like
Edited my question
I'm not use ip6 it switch off in kernel
[Match]
Name=enp1s7
[Network]
Address=192.168.1.2/24
Gateway=192.168.1.1