watz
June 18, 2021, 9:38am
1
Hey guys, i guess im somewhat close to success but need help getting there.
I configured OpenWRT on my Raspi 4 so that LAN is serving DHCP and using eth0, the internal NIC of the Pi.
For WAN i used the USB 3.0 Dongle and set it up with PPPoE.
Now im getting a PPPoE connection, both wan and wan_6 are connected and using the gui i can ping sites just fine.
The DHCP is working too, but the LAN devices dont get Internet access.
This is my network config:
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fde3:ab45:0bb8::/48'
config interface 'lan'
option proto 'static'
option ipaddr '192.168.2.2'
option netmask '255.255.255.0'
option ip6assign '60'
option device 'br-lan'
config interface 'wan'
option proto 'pppoe'
option username 'XXX'
option password 'XXX'
option ipv6 'auto'
option device 'eth1.7'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0'
How do i get Internet connectivity bridged to my LAN?
trendy
June 18, 2021, 10:04am
2
Did you delete the lan->wan forwarding in the firewall by any chance?
uci export firewall
kpoman
June 18, 2021, 10:05am
3
I'd say verify the rpi4 does ping internet, then verify you have firewall rules from zone LAN to WAN allowing input, output and forward ?
watz
June 18, 2021, 10:09am
4
Could it be something with the VLAN tagging of the WAN connection?
this is the content of "uci export firewall":
package firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'wan6'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config rule
option name 'Support-UDP-Traceroute'
option src 'wan'
option dest_port '33434:33689'
option proto 'udp'
option family 'ipv4'
option target 'REJECT'
option enabled 'false'
config include
option path '/etc/firewall.user'
trendy
June 18, 2021, 10:13am
5
Interfaces wan and wan_6 are missing from the wan firewall zone.
watz
June 18, 2021, 10:17am
6
mh, thats odd. i thought i assigned wan to the firewall. i added them now and will try it when i get home. thanks a lot, ill keep this updated if it works or i need more help
thanks!
1 Like