OpenWrt 19.07 upgrade from 14 - firewall trouble

I installed OpenWrt on my MLWG2, the initial ver. was 14.XX and it ran no issue from flash. I wanted to run the latest version of OpenWrt so, grabbed the verified .bin from the site and flashed the router. Intial thoughts was I bricked it.

After some fiddling... aka adding a header for USB - TTL connection to access the device (fun stuff). Found out that br-lan was not allowing connection??? So

ifconfig br-lan down

ifconfig eth0 up

and it worked... so I am under the impression that the issue is with the firewall, I am not overly confident with firewall rules (yet) and would like to understand better what the heck happened. AND how to set up the firewall for basic secure function until I can better get this working...

what I have done, for now... was to enable the interface eth0 and disable eth0.1 in br-lan, but I don't fully understand what was going on.

Screen Shot 2020-02-02 at 11.16.52

I can provide an config files if asked. Appreciate any help / guidance... cheers!

Forget your config files. Just reset to defaults (using either the LuCI option or the firstboot command via ssh).

Your old config files are not going to be compatible with v19, plain and simple. You might want to take a backup to use as a reference, but absolutely do not restore any of the files directly.

EDIT: Just to further elaborate... each successive major version typically has a few changes that make certain config files incompatible (in part or in whole) from version to version. While this is not always an issue, moving from v14 to v19 skips so many versions that there likely to be numerous significant changes that will make your old config files problematic. If you don't just simply reset to defaults and reconfigure the device manually, you will probably be chasing your tail with other various issues. Unless you had a particularly complex setup or had lots of packages installed, it will probably only take 10 minutes to get your router configured on the new version.


@psherman, thank you. I may have not been clear, after flashing to 19, there was no connection... for whatever reason, the new ver. had br-lan with eth0.1 and NOT eth0, therefore could not ssh in. Hence the reason I thought I bricked the router. Also, basic flash apparently has WiFi disabled :frowning: ... essentially I could not connect to the router.

The config files that I offer up are the current WIDE open fire wall (has an allow all... only way I could get to work for now) and what not.

Ya, I didn't really think about how jumping so many MAJOR ver. would affect the device, but it should have worked at least with basic WiFi and ethernet connection... but not in this case. Do you have some advice on how to set up the firewall with basic security? What I am looking for is perhaps 2 'zones' one for me and the kids and an Admin zone... that way if something goes wrong, I can always reconnect via hardwire eth0.

Appreciate anything...cheers!

So first thing first, did you attempt to keep the settings when you did the upgrade? If so, that is the first problem (see my earlier post). Resetting to defaults should fix that.

Wifi is indeed disabled for the default configuration -- this is for security (i.e. it is not secure to have a default configuration with wifi enabled and either no or a known password -- think of all the consumer routers out there and their insecure default configs).

By default, the configuration will be setup for a WAN and a LAN zone, with wifi disabled and no password to login (via a wired connection) using ssh or web (LuCI). You should have normal internet connectivity via the wired connection (unless you need to setup PPPoE, static IP, or VLAN on your WAN). Once you've setup your wifi, your wireless clients should also be online as usual. Be sure (for security purposes) to set the device admin password while you're doing your initial setup. If you have issues here, continue this thread with specific questions (but only after you have reset to defaults).

To setup additional zones such as one for the kids, search the forums for "guest network" or "guest wifi" or similar (you can do wifi only, or wifi + wired, depending on your needs). If those don't help, open a new thread with details about what you've done so far and where you are stuck (in that case, you'll probably also want to post your config files for /etc/config/network, /etc/config/firewall, /etc/config/dhcp and /etc/config/wireless).


I just realized that this device has only a single Ethernet port. You will want to setup your WiFi first and then verify you can login via wireless. It should be bridged, by default, to the lan.

From there, you can reassign the Ethernet port to the wan, assuming that is how you were previously connected.

After that is working, you can setup your additional zones and ssids


Thank you very much... I guess I messed it up with the flash. I have the device running now. I will try the

first boot && reboot

Start from there. THANKS!


firstboot && reboot

(The firstboot command is one word, just in case anyone sees this thread.)


This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.