Hi,
Our device in which Two WIFI are available 2G and 5G which are connected in bridge mode and also the client connected is able to get the local IP address. In the WAN port we are able to get IP and able to ping to google.com. But the client connected to our device through WIFI is not able to get internet connection. What do we need to configure so that internet from WAN is routed to the WIFI bridge interface. Please let us know.
Thanks
Use ssh to connect to the device.
Please run the following commands (copy-paste the whole block) and paste the output here, using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have
ubus call system board; \
uci export network; uci export wireless; \
uci export dhcp; uci export firewall; \
head -n -0 /etc/firewall.user; \
ip -4 addr ; ip -4 ro li tab all ; ip -4 ru; \
ls -l /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/* ; head -n -0 /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/*
Sorry i have posted wrongly. Actually for us we should be able to ping to the gateway IP of the WAN from the WIFI bridge interface.
root@OpenWrt:~# uci export network; uci export wireless; \
> uci export dhcp; uci export firewall; \
> head -n -0 /etc/firewall.user; \
> ip -4 addr ; ip -4 ro li tab all ; ip -4 ru; \
> ls -l /etc/resolv. /tmp/resolv. /tmp/resolv.*/ ; head -n -0 /etc/resolv. /tmp
/resolv. /tmp/resolv.*/
uci: Parse error (EOF with unterminated ') at line 27, byte 32
package wireless
config wifi-device 'wifi0'
option type 'qcawificfg80211'
option channel 'auto'
option macaddr '00:03:7f:12:27:27'
option hwmode '11axg'
option disabled '0'
config wifi-iface
option device 'wifi0'
option network 'lan'
option mode 'ap'
option ssid 'IOT_2G'
option encryption 'none'
config wifi-device 'wifi1'
option type 'qcawificfg80211'
option channel 'auto'
option macaddr '00:03:7f:12:e7:e7'
option hwmode '11axa'
option disabled '0'
config wifi-iface
option device 'wifi1'
option network 'lan'
option mode 'ap'
option ssid 'IOT_5G'
option encryption 'none'
package dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
option localservice '1'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option force '1'
option dhcpv6 'server'
option ra 'server'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
package firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option disabled '0'
config zone
option name 'lan'
list network 'lan'
list network 'lan1'
list network 'lan2'
list network 'lan3'
list network 'lan4'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option masq '0'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'wan'
config forwarding
option src 'wan'
option dest 'lan'
config redirect
option src 'wan'
option proto 'all'
option dest 'lan'
option dest_ip '192.168.1.1'
option target 'DNAT'
config redirect
option src 'lan'
option src_ip '192.168.1.1'
option proto 'all'
option dest 'wan'
option target 'SNAT'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fe80::/10'
option src_port '547'
option dest_ip 'fe80::/10'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config rule
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include 'map'
option type 'script'
option path '/etc/firewall.d/map_firewall'
option family 'any'
option reload '1'
config include 'miniupnpd'
option type 'script'
option path '/usr/share/miniupnpd/firewall.include'
option family 'any'
option reload '1'
config include 'qcanssecm'
option type 'script'
option path '/etc/firewall.d/qca-nss-ecm'
option family 'any'
option reload '1'
# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.
# Internal uci firewall chains are flushed and recreated on reload, so
# put custom rules into the root chains e.g. INPUT or FORWARD or into the
# special user chains, e.g. input_wan_rule or postrouting_lan_rule.
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
inet 10.63.67.195/29 brd 10.63.67.199 scope global eth1
valid_lft forever preferred_lft forever
68: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
inet 192.168.1.1/32 brd 255.255.255.255 scope global br-lan
valid_lft forever preferred_lft forever
default via 10.63.67.193 dev eth1 proto static src 10.63.67.195
10.63.67.192/29 dev eth1 proto kernel scope link src 10.63.67.195
10.63.67.193 dev eth1 proto static scope link src 10.63.67.195
broadcast 10.63.67.192 dev eth1 table local proto kernel scope link src 10.63.67.195
local 10.63.67.195 dev eth1 table local proto kernel scope host src 10.63.67.195
broadcast 10.63.67.199 dev eth1 table local proto kernel scope link src 10.63.67.195
broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1
local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1
local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1
local 192.168.1.1 dev br-lan table local proto kernel scope host src 192.168.1.1
0: from all lookup 128
1: from all lookup local
32766: from all lookup main
32767: from all lookup default
ls: /etc/resolv.: No such file or directory
ls: /tmp/resolv.: No such file or directory
ls: /tmp/resolv.*/: No such file or directory
head: /etc/resolv.: No such file or directory
head: /tmp/resolv.: No such file or directory
head: /tmp/resolv.*/: No such file or directory
Without masquerade your clients cannot go very far.
This is also alarming.
Hi ,
I have corrected the same and now the changes are as below.
root@OpenWrt:~#
root@OpenWrt:~#
root@OpenWrt:~# uci export network; uci export wireless; \
> uci export dhcp; uci export firewall; \
> head -n -0 /etc/firewall.user; \
> ip -4 addr ; ip -4 ro li tab all ; ip -4 ru; \
> ls -l /etc/resolv. /tmp/resolv. /tmp/resolv.*/ ; head -n -0 /etc/resolv. /tmp
/resolv. /tmp/resolv.*/
package network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'auto'
config switch
option name 'switch0'
config interface 'lan'
option type 'bridge'
option proto 'static'
option ipaddr '192.168.1.1'
option ip6assign '60'
option multicast_querier '0'
option igmp_snooping '0'
config interface 'wan'
option ifname 'eth1'
option proto 'dhcp'
option multicast_querier '0'
option igmp_snooping '0'
package wireless
config wifi-device 'wifi0'
option type 'qcawificfg80211'
option channel 'auto'
option macaddr '00:03:7f:12:27:27'
option hwmode '11axg'
option disabled '0'
config wifi-iface
option device 'wifi0'
option network 'lan'
option mode 'ap'
option ssid 'IOT_2G'
option encryption 'none'
config wifi-device 'wifi1'
option type 'qcawificfg80211'
option channel 'auto'
option macaddr '00:03:7f:12:e7:e7'
option hwmode '11axa'
option disabled '0'
config wifi-iface
option device 'wifi1'
option network 'lan'
option mode 'ap'
option ssid 'IOT_5G'
option encryption 'none'
package dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
option localservice '1'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option force '1'
option dhcpv6 'server'
option ra 'server'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
package firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option disabled '0'
config zone
option name 'lan'
list network 'lan'
list network 'lan1'
list network 'lan2'
list network 'lan3'
list network 'lan4'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'wan'
config forwarding
option src 'wan'
option dest 'lan'
config redirect
option src 'wan'
option proto 'all'
option dest 'lan'
option dest_ip '192.168.1.1'
option target 'DNAT'
config redirect
option src 'lan'
option src_ip '192.168.1.1'
option proto 'all'
option dest 'wan'
option target 'SNAT'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fe80::/10'
option src_port '547'
option dest_ip 'fe80::/10'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config rule
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include 'map'
option type 'script'
option path '/etc/firewall.d/map_firewall'
option family 'any'
option reload '1'
config include 'miniupnpd'
option type 'script'
option path '/usr/share/miniupnpd/firewall.include'
option family 'any'
option reload '1'
config include 'qcanssecm'
option type 'script'
option path '/etc/firewall.d/qca-nss-ecm'
option family 'any'
option reload '1'
# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.
# Internal uci firewall chains are flushed and recreated on reload, so
# put custom rules into the root chains e.g. INPUT or FORWARD or into the
# special user chains, e.g. input_wan_rule or postrouting_lan_rule.
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
inet 10.63.67.195/29 brd 10.63.67.199 scope global eth1
valid_lft forever preferred_lft forever
71: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
inet 192.168.1.1/32 brd 255.255.255.255 scope global br-lan
valid_lft forever preferred_lft forever
default via 10.63.67.193 dev eth1 proto static src 10.63.67.195
10.63.67.192/29 dev eth1 proto kernel scope link src 10.63.67.195
10.63.67.193 dev eth1 proto static scope link src 10.63.67.195
broadcast 10.63.67.192 dev eth1 table local proto kernel scope link src 10.63.67.195
local 10.63.67.195 dev eth1 table local proto kernel scope host src 10.63.67.195
broadcast 10.63.67.199 dev eth1 table local proto kernel scope link src 10.63.67.195
broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1
local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1
local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1
local 192.168.1.1 dev br-lan table local proto kernel scope host src 192.168.1.1
0: from all lookup 128
1: from all lookup local
32766: from all lookup main
32767: from all lookup default
ls: /etc/resolv.: No such file or directory
ls: /tmp/resolv.: No such file or directory
ls: /tmp/resolv.*/: No such file or directory
head: /etc/resolv.: No such file or directory
head: /tmp/resolv.: No such file or directory
head: /tmp/resolv.*/: No such file or directory
root@OpenWrt:~#
There is no subnet mask and /32 is assumed.
Fix that first, then remove all this junk from firewall.
Also change wan zone INPUT and FORWARD to REJECT.
And that is as much as we can help with custom versions of OpenWrt.
How to set subnet mask in network config file
Also let me know , whether the subnet mask should be same as the eth1 interface ?
Check the loopback interface in the same file.
No, it is up to you.
In my case the i wanted to ping the gateway of my eth1 interface from the br-lan interface. what will br configuration required to perform this. any suggestion.
You should leave it to the default if you are not sure then.
You should probably reset your router to the default state.
Hi ,
By doing these configuration will i be able to ping the gateway IP of the WAN port from the br-lan interface which is having local IP address ?
br-lan IP address is 192.168.1.1 and the gateway IP of the WAN interface is 10.63.67.193. When i try to ping the gateway IP of WAN from br-lan using "ping -I br-lan 10.63.67.193" it is not able to ping the gateway IP from the br-lan interface. Any routing is required ?
To confirm, this is not the WAN address of the OpenWrt device, but rather it is the gateway for the network that includes your OpenWrt WAN, correct?
No special routing is required. However, I just tried this on my own OpenWrt router and it does not work with ping -I br-lan <IP.address.to.ping>. It does work if I put in the actual IP address of br-lan, though.
Do you mean ping to the gateway of the WAN will not work from br-lan interface ?
How to verify that my wifi device is able to get or send data to the WAN port
No. Let me address this in two parts:
br-lan as an interface binding doesn't work... however, the equivalent IP address that br-lan holds does.config device
option name 'br-lan'
option type 'bridge'
list ports 'eth1.1'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '10.0.20.1'
Here, my br-lan interface has the address 10.0.20.1. If I issue ping -I br-lan 8.8.8.8 nothing happens -- it just stalls. However, if I instead use ping -I 10.0.20.1 8.8.8.8 it works.
Hi ,
When try as you suggest am able to ping from my router. But same IP if i wanted to ping from my wifi client connected to the device. it is not able to ping
Please copy the output of the following commands and post it here using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have:
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall
root@OpenWrt:/#
root@OpenWrt:/# cat /etc/config/network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'auto'
config switch
option name 'switch0'
config interface 'lan'
option type 'bridge'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
option multicast_querier '0'
option igmp_snooping '0'
config interface 'wan'
option ifname 'eth1'
option proto 'dhcp'
option multicast_querier '0'
option igmp_snooping '0'
root@OpenWrt:/# cat /etc/config/wireless
config wifi-device wifi0
option type qcawificfg80211
option channel auto
option macaddr 00:03:7f:12:27:27
option hwmode 11axg
# REMOVE THIS LINE TO ENABLE WIFI:
option disabled 0
config wifi-iface
option device wifi0
option network lan
option mode ap
option ssid IOT_2G
option encryption none
config wifi-device wifi1
option type qcawificfg80211
option channel auto
option macaddr 00:03:7f:12:e7:e7
option hwmode 11axa
# REMOVE THIS LINE TO ENABLE WIFI:
option disabled 0
config wifi-iface
option device wifi1
option network lan
option mode ap
option ssid IOT_5G
option encryption none
root@OpenWrt:/# cat /etc/config/dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
option localservice '1'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option force '1'
option dhcpv6 'server'
option ra 'server'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
root@OpenWrt:/# cat /etc/config/firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option disabled '0'
config zone
option name 'lan'
list network 'lan'
list network 'lan1'
list network 'lan2'
list network 'lan3'
list network 'lan4'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fe80::/10'
option src_port '547'
option dest_ip 'fe80::/10'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config rule
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include 'map'
option type 'script'
option path '/etc/firewall.d/map_firewall'
option family 'any'
option reload '1'
config include 'miniupnpd'
option type 'script'
option path '/usr/share/miniupnpd/firewall.include'
option family 'any'
option reload '1'
config include 'qcanssecm'
option type 'script'
option path '/etc/firewall.d/qca-nss-ecm'
option family 'any'
option reload '1'
Where did these come from?
Can you provide the output of the following:
Please run the following commands (copy-paste the whole block) and paste the output here, using the "Preformatted text </> " button:
ubus call system board
Hi,
Actually internet we are receiving at wan6 . But in wifi if we try with internet at wan we are able to browse from wifi client. But When we enable internet in wan6 with ipv6 address and try to browse in wifi client it is not able to get internet connectivity.
Is there any setting required for ipv6 , please let us know based on your observation.