No route to host Lan Interface

Hi,

Just encountered the "No route to host" error on the Lan interfaces! I can login to Luci and ping outside the network but can not ping past the Lan interface on either my laptop or desktop machines.

Here is the network file let me know if I need to post more!


config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fdfa:37b4:6a72::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option ipaddr '192.168.2.1'

config interface 'wan'
	option device 'wan'
	option proto 'dhcp'

config interface 'wan6'
	option device 'wan'
	option proto 'dhcpv6'

config interface 'wwan'
	option proto 'dhcp'
	option device 'wlan0'

config interface 'relay'
	option proto 'relay'
	option ipaddr '10.1.1.42'
	list network 'lan'
	list network 'wwan'

config interface 'vpn'
	option proto 'dhcp'
	option device 'tun0'

Thanks,

Aaron

What is the output of

ping -c2 8.8.8.8
ping -c2 Google.com

Is this with a device wired to the lan interface?

Can you post the output of

cat /etc/config/firewall

After testing it is the WWAN interface, I ping the WWAN interface and it returned:

PING 10.1.1.42 (10.1.1.42) 56(84) bytes of data.
64 bytes from 10.1.1.42: icmp_seq=1 ttl=64 time=0.434 ms
64 bytes from 10.1.1.42: icmp_seq=2 ttl=64 time=0.287 ms
64 bytes from 10.1.1.42: icmp_seq=3 ttl=64 time=0.165 ms
64 bytes from 10.1.1.42: icmp_seq=4 ttl=64 time=0.255 ms

However, when I try to ping 8.8.8.8

PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
From 10.1.1.42 icmp_seq=1 Destination Port Unreachable

Firewall


config defaults
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option synflood_protect '1'

config zone 'lan'
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	list network 'lan'
	list device 'tun+'

config zone 'wan'
	option name 'wan'
	option output 'ACCEPT'
	option masq '1'
	option mtu_fix '1'
	list network 'wan'
	list network 'wan6'
	list network 'wwan'
	option input 'ACCEPT'
	option forward 'REJECT'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config zone
	option name 'relay'
	option input 'ACCEPT'
	option output 'ACCEPT'
	list network 'relay'
	option forward 'ACCEPT'

config rule 'ovpn'
	option name 'Allow-OpenVPN'
	option src 'wan'
	option dest_port '1190'
	option proto 'udp'
	option target 'ACCEPT'

config zone
	option name 'vpn'
	option input 'ACCEPT'
	option output 'ACCEPT'
	list network 'vpn'
	option forward 'ACCEPT'

config forwarding
	option src 'relay'
	option dest 'vpn'

config forwarding
	option src 'relay'
	option dest 'lan'

config forwarding
	option src 'relay'
	option dest 'wan'

config redirect
	option dest 'relay'
	option target 'DNAT'
	option name 'Printer'
	list proto 'tcp'
	option src 'relay'
	option src_dport '631'
	option dest_port '631'

config forwarding
	option src 'lan'
	option dest 'relay'

config forwarding
	option src 'vpn'
	option dest 'relay'

However, I can not access Luci using the Lan Address 192.168.2.1 it works using the WWAN address though (so does ssh).

It was the firewall! Removed the relay zone and put it back to lan to wan forwarding.


config defaults
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option synflood_protect '1'

config zone 'lan'
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	list network 'lan'
	list device 'tun+'

config zone 'wan'
	option name 'wan'
	option output 'ACCEPT'
	option masq '1'
	option mtu_fix '1'
	list network 'wan'
	list network 'wan6'
	list network 'wwan'
	option input 'ACCEPT'
	option forward 'REJECT'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config zone
	option name 'relay'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'

config rule 'ovpn'
	option name 'Allow-OpenVPN'
	option src 'wan'
	option dest_port '1190'
	option proto 'udp'
	option target 'ACCEPT'

config zone
	option name 'vpn'
	option input 'ACCEPT'
	option output 'ACCEPT'
	list network 'vpn'
	option forward 'ACCEPT'

config redirect
	option dest 'relay'
	option target 'DNAT'
	option name 'Printer'
	list proto 'tcp'
	option src 'relay'
	option src_dport '631'
	option dest_port '631'

config forwarding
	option src 'lan'
	option dest 'wan'

The relay interface does not need a firewall.

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.