nslookup openwrt.org 192.168.2.1
Server: OpenWrt.lan
Address: 192.168.2.1
*** OpenWrt.lan can't find openwrt.org: Query refused
nslookup openwrt.org
Server: OpenWrt.lan
Address: fd7d:3874:5a29::1
*** OpenWrt.lan can't find openwrt.org: Query refused
Windows Tracert:
tracert 8.8.4.4
Tracing route to 8.8.4.4 over a maximum of 30 hops
1 * * * Request timed out.
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
5 OpenWrt.lan [192.168.2.1] reports: Destination protocol unreachable.
Also still showing that there's no "internet connectivity" when connecting via wifi in windows
# OpenWrt
uci -q delete dhcp.@dnsmasq[0].noresolv
uci commit dhcp
service dnsmasq restart
# PC
nslookup example.org
1 Like
Okay, so I'm seeing some positive changes!
Still no connectivity BUT:
tracert 8.8.4.4
Tracing route to google-public-dns-b.google.com [8.8.4.4]
over a maximum of 30 hops:
1 * * * Request timed out.
2 * OpenWrt.lan [192.168.2.1] reports: Destination protocol unreachable.
Trace complete.
tracert google.com
Tracing route to google.com [172.217.6.46]
over a maximum of 30 hops:
1 <1 ms * * OpenWrt.lan [192.168.2.1]
2 * OpenWrt.lan [192.168.2.1] reports: Destination protocol unreachable.
Trace complete.
nslookup openwrt.org
Server: OpenWrt.lan
Address: fd7d:3874:5a29::1
Non-authoritative answer:
Name: openwrt.org
Addresses: 2a03:b0c0:3:d0::1af1:1
139.59.209.225
Let's see the updated diagnostics:
# OpenWrt
ip a; ip r; ip ru; iptables-save; sysctl net.ipv4 | grep -e forward
uci set firewall.@zone[1].masq="1"
uci set firewall.@zone[1].mtu_fix="1"
uci commit firewall
service firewall restart
done, rebooting and refreshing my connection now
ip a; ip r; ip ru; iptables-save; sysctl net.ipv4 | grep -e forward
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
link/ether ec:08:6b:ba:fd:41 brd ff:ff:ff:ff:ff:ff
inet6 fe80::ee08:6bff:feba:fd41/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
link/ether ec:08:6b:ba:fd:40 brd ff:ff:ff:ff:ff:ff
inet6 fe80::ee08:6bff:feba:fd40/64 scope link
valid_lft forever preferred_lft forever
7: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
link/ether ec:08:6b:ba:fd:40 brd ff:ff:ff:ff:ff:ff
inet 192.168.2.1/24 brd 192.168.2.255 scope global br-lan
valid_lft forever preferred_lft forever
inet6 fd7d:3874:5a29::1/60 scope global
valid_lft forever preferred_lft forever
inet6 fe80::ee08:6bff:feba:fd40/64 scope link
valid_lft forever preferred_lft forever
8: eth1.1@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP qlen 1000
link/ether ec:08:6b:ba:fd:40 brd ff:ff:ff:ff:ff:ff
9: eth0.2@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
link/ether ec:08:6b:ba:fd:41 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.69/24 brd 192.168.1.255 scope global eth0.2
valid_lft forever preferred_lft forever
inet6 fe80::ee08:6bff:feba:fd41/64 scope link
valid_lft forever preferred_lft forever
10: wlan1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP qlen 1000
link/ether ec:08:6b:ba:fd:40 brd ff:ff:ff:ff:ff:ff
inet6 fe80::ee08:6bff:feba:fd40/64 scope link
valid_lft forever preferred_lft forever
11: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP qlen 1000
link/ether ec:08:6b:ba:fd:3f brd ff:ff:ff:ff:ff:ff
inet6 fe80::ee08:6bff:feba:fd3f/64 scope link
valid_lft forever preferred_lft forever
12: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN qlen 100
link/[65534]
inet 10.8.3.17/24 brd 10.8.3.255 scope global tun0
valid_lft forever preferred_lft forever
inet6 fe80::172a:8539:b6fb:9882/64 scope link
valid_lft forever preferred_lft forever
0.0.0.0/1 via 10.8.3.1 dev tun0
default via 192.168.1.254 dev eth0.2 src 192.168.1.69
10.8.3.0/24 dev tun0 scope link src 10.8.3.17
104.200.132.172 via 192.168.1.254 dev eth0.2
128.0.0.0/1 via 10.8.3.1 dev tun0
192.168.1.0/24 dev eth0.2 scope link src 192.168.1.69
192.168.2.0/24 dev br-lan scope link src 192.168.2.1
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
# Generated by iptables-save v1.6.2 on Sun May 5 23:54:11 2019
*nat
:PREROUTING ACCEPT [2114:161566]
:INPUT ACCEPT [35:2866]
:OUTPUT ACCEPT [168:12958]
:POSTROUTING ACCEPT [1135:47117]
:postrouting_lan_rule - [0:0]
:postrouting_rule - [0:0]
:postrouting_vpn_rule - [0:0]
:postrouting_wan_rule - [0:0]
:prerouting_lan_rule - [0:0]
:prerouting_rule - [0:0]
:prerouting_vpn_rule - [0:0]
:prerouting_wan_rule - [0:0]
:zone_lan_postrouting - [0:0]
:zone_lan_prerouting - [0:0]
:zone_vpn_postrouting - [0:0]
:zone_vpn_prerouting - [0:0]
:zone_wan_postrouting - [0:0]
:zone_wan_prerouting - [0:0]
-A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
-A PREROUTING -i br-lan -m comment --comment "!fw3" -j zone_lan_prerouting
-A PREROUTING -i tun0 -m comment --comment "!fw3" -j zone_wan_prerouting
-A PREROUTING -i eth0.2 -m comment --comment "!fw3" -j zone_wan_prerouting
-A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
-A POSTROUTING -o br-lan -m comment --comment "!fw3" -j zone_lan_postrouting
-A POSTROUTING -o tun0 -m comment --comment "!fw3" -j zone_wan_postrouting
-A POSTROUTING -o eth0.2 -m comment --comment "!fw3" -j zone_wan_postrouting
-A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
-A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
-A zone_vpn_postrouting -m comment --comment "!fw3: Custom vpn postrouting rule chain" -j postrouting_vpn_rule
-A zone_vpn_postrouting -m comment --comment "!fw3" -j MASQUERADE
-A zone_vpn_prerouting -m comment --comment "!fw3: Custom vpn prerouting rule chain" -j prerouting_vpn_rule
-A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule
-A zone_wan_postrouting -m comment --comment "!fw3" -j MASQUERADE
-A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule
COMMIT
# Completed on Sun May 5 23:54:11 2019
# Generated by iptables-save v1.6.2 on Sun May 5 23:54:11 2019
*mangle
:PREROUTING ACCEPT [3178:358085]
:INPUT ACCEPT [1105:200041]
:FORWARD ACCEPT [1673:97824]
:OUTPUT ACCEPT [2144:308366]
:POSTROUTING ACCEPT [2146:309022]
-A FORWARD -o tun0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -o eth0.2 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
COMMIT
# Completed on Sun May 5 23:54:11 2019
# Generated by iptables-save v1.6.2 on Sun May 5 23:54:11 2019
*filter
:INPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:forwarding_lan_rule - [0:0]
:forwarding_rule - [0:0]
:forwarding_vpn_rule - [0:0]
:forwarding_wan_rule - [0:0]
:input_lan_rule - [0:0]
:input_rule - [0:0]
:input_vpn_rule - [0:0]
:input_wan_rule - [0:0]
:output_lan_rule - [0:0]
:output_rule - [0:0]
:output_vpn_rule - [0:0]
:output_wan_rule - [0:0]
:reject - [0:0]
:syn_flood - [0:0]
:zone_lan_dest_ACCEPT - [0:0]
:zone_lan_dest_DROP - [0:0]
:zone_lan_forward - [0:0]
:zone_lan_input - [0:0]
:zone_lan_output - [0:0]
:zone_lan_src_ACCEPT - [0:0]
:zone_vpn_dest_ACCEPT - [0:0]
:zone_vpn_dest_DROP - [0:0]
:zone_vpn_forward - [0:0]
:zone_vpn_input - [0:0]
:zone_vpn_output - [0:0]
:zone_vpn_src_DROP - [0:0]
:zone_wan_dest_ACCEPT - [0:0]
:zone_wan_dest_DROP - [0:0]
:zone_wan_forward - [0:0]
:zone_wan_input - [0:0]
:zone_wan_output - [0:0]
:zone_wan_src_DROP - [0:0]
-A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
-A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
-A INPUT -i br-lan -m comment --comment "!fw3" -j zone_lan_input
-A INPUT -i tun0 -m comment --comment "!fw3" -j zone_wan_input
-A INPUT -i eth0.2 -m comment --comment "!fw3" -j zone_wan_input
-A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A FORWARD -i br-lan -m comment --comment "!fw3" -j zone_lan_forward
-A FORWARD -i tun0 -m comment --comment "!fw3" -j zone_wan_forward
-A FORWARD -i eth0.2 -m comment --comment "!fw3" -j zone_wan_forward
-A FORWARD -m comment --comment "!fw3" -j reject
-A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -o br-lan -m comment --comment "!fw3" -j zone_lan_output
-A OUTPUT -o tun0 -m comment --comment "!fw3" -j zone_wan_output
-A OUTPUT -o eth0.2 -m comment --comment "!fw3" -j zone_wan_output
-A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
-A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp-port-unreachable
-A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
-A syn_flood -m comment --comment "!fw3" -j DROP
-A zone_lan_dest_ACCEPT -o br-lan -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_dest_DROP -o br-lan -m comment --comment "!fw3" -j DROP
-A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
-A zone_lan_forward -m comment --comment "!fw3: Zone lan to vpn forwarding policy" -j zone_vpn_dest_ACCEPT
-A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_DROP
-A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
-A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
-A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
-A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_src_ACCEPT -i br-lan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_vpn_forward -m comment --comment "!fw3: Custom vpn forwarding rule chain" -j forwarding_vpn_rule
-A zone_vpn_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_vpn_forward -m comment --comment "!fw3" -j zone_vpn_dest_DROP
-A zone_vpn_input -m comment --comment "!fw3: Custom vpn input rule chain" -j input_vpn_rule
-A zone_vpn_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_vpn_input -m comment --comment "!fw3" -j zone_vpn_src_DROP
-A zone_vpn_output -m comment --comment "!fw3: Custom vpn output rule chain" -j output_vpn_rule
-A zone_vpn_output -m comment --comment "!fw3" -j zone_vpn_dest_ACCEPT
-A zone_wan_dest_ACCEPT -o tun0 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
-A zone_wan_dest_ACCEPT -o tun0 -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_ACCEPT -o eth0.2 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
-A zone_wan_dest_ACCEPT -o eth0.2 -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_DROP -o tun0 -m comment --comment "!fw3" -j DROP
-A zone_wan_dest_DROP -o eth0.2 -m comment --comment "!fw3" -j DROP
-A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
-A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_DROP
-A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule
-A zone_wan_input -p udp -m udp --dport 68 -m comment --comment "!fw3: Allow-DHCP-Renew" -j ACCEPT
-A zone_wan_input -p icmp -m icmp --icmp-type 8 -m comment --comment "!fw3: Allow-Ping" -j ACCEPT
-A zone_wan_input -p igmp -m comment --comment "!fw3: Allow-IGMP" -j ACCEPT
-A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_DROP
-A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
-A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
-A zone_wan_src_DROP -i tun0 -m comment --comment "!fw3" -j DROP
-A zone_wan_src_DROP -i eth0.2 -m comment --comment "!fw3" -j DROP
COMMIT
# Completed on Sun May 5 23:54:11 2019
net.ipv4.conf.all.forwarding = 1
net.ipv4.conf.all.mc_forwarding = 0
net.ipv4.conf.br-lan.forwarding = 1
net.ipv4.conf.br-lan.mc_forwarding = 0
net.ipv4.conf.default.forwarding = 1
net.ipv4.conf.default.mc_forwarding = 0
net.ipv4.conf.eth0.forwarding = 1
net.ipv4.conf.eth0.mc_forwarding = 0
net.ipv4.conf.eth0.2.forwarding = 1
net.ipv4.conf.eth0.2.mc_forwarding = 0
net.ipv4.conf.eth1.forwarding = 1
net.ipv4.conf.eth1.mc_forwarding = 0
net.ipv4.conf.eth1.1.forwarding = 1
net.ipv4.conf.eth1.1.mc_forwarding = 0
net.ipv4.conf.lo.forwarding = 1
net.ipv4.conf.lo.mc_forwarding = 0
net.ipv4.conf.tun0.forwarding = 1
net.ipv4.conf.tun0.mc_forwarding = 0
net.ipv4.conf.wlan0.forwarding = 1
net.ipv4.conf.wlan0.mc_forwarding = 0
net.ipv4.conf.wlan1.forwarding = 1
net.ipv4.conf.wlan1.mc_forwarding = 0
net.ipv4.ip_forward = 1
net.ipv4.ip_forward_use_pmtu = 0
tracert 8.8.4.4
Tracing route to google-public-dns-b.google.com [8.8.4.4]
over a maximum of 30 hops:
1 1 ms * * OpenWrt.lan [192.168.2.1]
2 OpenWrt.lan [192.168.2.1] reports: Destination protocol unreachable.
Trace complete.
nslookup openwrt.org 192.168.2.1
Server: OpenWrt.lan
Address: 192.168.2.1
Non-authoritative answer:
Name: openwrt.org
Addresses: 2a03:b0c0:3:d0::1af1:1
139.59.209.225
uci set firewall.@forwarding[0].dest="wan"
uci commit firewall
/etc/init.d/firewall restart
1 Like
holy CRAP CAN I GIVE YOU A MILLION DOLLARS?!?!?!?!?!?!
THANK YOU!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
okay, now I probably shouldn't hazard a question like this but.... what the frick happened? I'm going to IMMEDIATELY back up my config files like yesterday, but I really would love to know what it was that was causing the issue, it's so confusing as I followed the entire process from the various tutorials to a T, and I really want to understand.
If it's too complicated, which wouldn't take much, I FULLY understand.
1 Like
You had conflicting dhcp, firewall and network settings.
2 Likes
ahhhh, okay. That makes sense!
Okay, well I can finally put this to rest now. I really greatly appreciate your help with this, I know you are doing this on your free time to help people like me, especially with my limited technical knowledge (to the point that I know enough to do damage, but not enough to recover from said damage!) and this has to be one of the most active and helpful technical forums I've ever had the pleasure of being a part of.
So again, thank you. So much. This has been a relatively stressful thing for me that's taken up hours of my time, so for you to come and spend all that time helping me... It means the world.
1 Like
system
May 16, 2019, 7:13am
36
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.