Good day all you brainy ppl. I am brand new to openwrt (4days), default installation on raspberry pi 5 with plex in docker, i realized this morning that distrowatch.com is blocked. do you maybe have an idea where i can look for this problem or a workaround. thank you in advance. i had a look in firewall but do not find any white or black lists.
OpenWrt does not block anything by default when traversing from lan > wan. We can review your configuration if you'd like -- maybe there is a something wrong there.
What are the specific symptoms?
Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have:
ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall
I would suspect whatever you have setup for DNS services is the culprit here. Can you resolve the domain name using, for example:
$ nslookup distrowatch.com 9.9.9.9
root@OpenWrt:~# cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd4c:fff:a94e::/48'
option packet_steering '1'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0'
list ports 'eth2'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr 'xxx.xxx.xxx.xxx'
option netmask '255.255.255.0'
option ip6assign '60'
config interface 'wan'
option device 'eth1'
option proto 'dhcp'
config interface 'wan6'
option device 'eth1'
option proto 'dhcpv6'
config interface 'docker'
option device 'docker0'
option proto 'none'
option auto '0'
config device
option type 'bridge'
option name 'docker0'
--------------------------------------------------------------------------------------
root@OpenWrt:~# cat /etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option path 'platform/axi/1001100000.mmc/mmc_host/mmc1/mmc1:0001/mmc1:0001:1'
option band '2g'
option channel 'auto'
option country 'ZA'
option cell_density '0'
option disabled '1'
config wifi-iface 'default_radio0'
option device 'radio0'
option network 'lan'
option mode 'ap'
option ssid 'OpenWrt'
option encryption 'sae'
option key 'passwrdxxxxxxxxx'
option ocv '0'
option disabled '1'
--------------------------------------------------------------------------------------
root@OpenWrt:~# cat /etc/config/dhcp
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option cachesize '1000'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option localservice '1'
option ednspacket_max '1232'
config dhcp 'lan'
option interface 'lan'
option start '1'
option limit '200'
option leasetime '60m'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
list ra_flags 'managed-config'
list ra_flags 'other-config'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
option start '100'
option limit '150'
option leasetime '12h'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config host
option name 'HP-LaserJet-P2014'
list mac 'xx:xx:xx:xx:xx:xx'
option ip 'xxx.xxx.xxx.xxx'
config host
option name 'RAP2200E-2997E4'
option ip 'xxx.xxx.xxx.xxx'
list mac 'xx:xx:xx:xx:xx:xx'
config host
option name 'Canon-MF620CW'
list mac 'xx:xx:xx:xx:xx:xx'
option ip 'xxx.xxx.xxx.xxx'
config host
option name 'UNV-NVR'
list mac 'xx:xx:xx:xx:xx:xx'
option ip 'xxx.xxx.xxx.xxx'
config host
option name 'XigmaNAS'
list mac 'xx:xx:xx:xx:xx:xx'
option ip 'xxx.xxx.xxx.xxx'
--------------------------------------------------------------------------------------
root@OpenWrt:~# cat /etc/config/firewall
config defaults
option flow_offloading '1'
option syn_flood '1'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
option input 'REJECT'
option output 'ACCEPT'
option forward 'DROP'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config zone 'docker'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option name 'docker'
list network 'docker'
config include 'pbr'
option fw4_compatible '1'
option type 'script'
option path '/usr/share/pbr/firewall.include'
You have over-redacted -- there is no need to change the IP address used on your lan since it is (or should be) an RFC1918 address.
The change to your DHCP server could be responsible for some issues here, but it depends on the lan address.
Where is ubus call system board and the unconnectable access point?
2 Likes
root@OpenWrt:~# ubus list
block
container
dhcp
dnsmasq
dnsmasq.dns
file
hostapd
hostapd-auth
hotplug.block
hotplug.button
hotplug.dhcp
hotplug.ieee80211
hotplug.iface
hotplug.leds
hotplug.neigh
hotplug.net
hotplug.ntp
hotplug.openvpn
hotplug.tftp
hotplug.usb
iwinfo
log
luci
luci-rpc
luci.pbr
luci.upnp
luci.wireguard
lxc
network
network.device
network.interface
network.interface.docker
network.interface.lan
network.interface.loopback
network.interface.wan
network.interface.wan6
network.rrdns
qosify
rc
rpc-sys
service
session
system
uci
wpa_supplicant
@pierrej67 - 2 things:
First, this is not what was requested by @brada4. Please provide the output of:
Second, please use the "Preformatted text </>" button for logs, scripts, configs and general console output.
Please edit your post accordingly. Thank you! 
1 Like
root@OpenWrt:~# ubus call system board
{
"kernel": "6.12.40",
"hostname": "OpenWrt",
"system": "ARMv8 Processor rev 1",
"model": "Raspberry Pi 5 Model B Rev 1.0",
"board_name": "raspberrypi,5-model-b",
"rootfs_type": "ext4",
"release": {
"distribution": "OpenWrt",
"version": "SNAPSHOT",
"firmware_url": "https://downloads.openwrt.org/",
"revision": "r0-75cfaef",
"target": "bcm27xx/bcm2712",
"description": "OpenWrt SNAPSHOT r0-75cfaef",
"builddate": "1753451660"
}
}
It is a custom build, ask where you got it from, probably it includes some blocklists keeping normal sites away
3 Likes
As stated by @brada4 , it is clear that the build you are using did not come from the official OpenWrt project.
Your device is supported, though, so you should consider installing the official thing here:
1 Like
Noticed on my vpn its not responding, but off the vpn it works? interesting?
Report it to your VPN provider ?
1 Like
Thank you I see it is up again today.
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.