Our device in which Two WIFI are available 2G and 5G which are connected in bridge mode and also the client connected is able to get the local IP address. In the WAN port we are able to get IP and able to ping to google.com. But the client connected to our device through WIFI is not able to get internet connection. What do we need to configure so that internet from WAN is routed to the WIFI bridge interface. Please let us know.
Sorry i have posted wrongly. Actually for us we should be able to ping to the gateway IP of the WAN from the WIFI bridge interface.
root@OpenWrt:~# uci export network; uci export wireless; \
> uci export dhcp; uci export firewall; \
> head -n -0 /etc/firewall.user; \
> ip -4 addr ; ip -4 ro li tab all ; ip -4 ru; \
> ls -l /etc/resolv. /tmp/resolv. /tmp/resolv.*/ ; head -n -0 /etc/resolv. /tmp
/resolv. /tmp/resolv.*/
uci: Parse error (EOF with unterminated ') at line 27, byte 32
package wireless
config wifi-device 'wifi0'
option type 'qcawificfg80211'
option channel 'auto'
option macaddr '00:03:7f:12:27:27'
option hwmode '11axg'
option disabled '0'
config wifi-iface
option device 'wifi0'
option network 'lan'
option mode 'ap'
option ssid 'IOT_2G'
option encryption 'none'
config wifi-device 'wifi1'
option type 'qcawificfg80211'
option channel 'auto'
option macaddr '00:03:7f:12:e7:e7'
option hwmode '11axa'
option disabled '0'
config wifi-iface
option device 'wifi1'
option network 'lan'
option mode 'ap'
option ssid 'IOT_5G'
option encryption 'none'
package dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
option localservice '1'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option force '1'
option dhcpv6 'server'
option ra 'server'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
package firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option disabled '0'
config zone
option name 'lan'
list network 'lan'
list network 'lan1'
list network 'lan2'
list network 'lan3'
list network 'lan4'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option masq '0'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'wan'
config forwarding
option src 'wan'
option dest 'lan'
config redirect
option src 'wan'
option proto 'all'
option dest 'lan'
option dest_ip '192.168.1.1'
option target 'DNAT'
config redirect
option src 'lan'
option src_ip '192.168.1.1'
option proto 'all'
option dest 'wan'
option target 'SNAT'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fe80::/10'
option src_port '547'
option dest_ip 'fe80::/10'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config rule
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include 'map'
option type 'script'
option path '/etc/firewall.d/map_firewall'
option family 'any'
option reload '1'
config include 'miniupnpd'
option type 'script'
option path '/usr/share/miniupnpd/firewall.include'
option family 'any'
option reload '1'
config include 'qcanssecm'
option type 'script'
option path '/etc/firewall.d/qca-nss-ecm'
option family 'any'
option reload '1'
# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.
# Internal uci firewall chains are flushed and recreated on reload, so
# put custom rules into the root chains e.g. INPUT or FORWARD or into the
# special user chains, e.g. input_wan_rule or postrouting_lan_rule.
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
inet 10.63.67.195/29 brd 10.63.67.199 scope global eth1
valid_lft forever preferred_lft forever
68: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
inet 192.168.1.1/32 brd 255.255.255.255 scope global br-lan
valid_lft forever preferred_lft forever
default via 10.63.67.193 dev eth1 proto static src 10.63.67.195
10.63.67.192/29 dev eth1 proto kernel scope link src 10.63.67.195
10.63.67.193 dev eth1 proto static scope link src 10.63.67.195
broadcast 10.63.67.192 dev eth1 table local proto kernel scope link src 10.63.67.195
local 10.63.67.195 dev eth1 table local proto kernel scope host src 10.63.67.195
broadcast 10.63.67.199 dev eth1 table local proto kernel scope link src 10.63.67.195
broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1
local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1
local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1
local 192.168.1.1 dev br-lan table local proto kernel scope host src 192.168.1.1
0: from all lookup 128
1: from all lookup local
32766: from all lookup main
32767: from all lookup default
ls: /etc/resolv.: No such file or directory
ls: /tmp/resolv.: No such file or directory
ls: /tmp/resolv.*/: No such file or directory
head: /etc/resolv.: No such file or directory
head: /tmp/resolv.: No such file or directory
head: /tmp/resolv.*/: No such file or directory
I have corrected the same and now the changes are as below.
root@OpenWrt:~#
root@OpenWrt:~#
root@OpenWrt:~# uci export network; uci export wireless; \
> uci export dhcp; uci export firewall; \
> head -n -0 /etc/firewall.user; \
> ip -4 addr ; ip -4 ro li tab all ; ip -4 ru; \
> ls -l /etc/resolv. /tmp/resolv. /tmp/resolv.*/ ; head -n -0 /etc/resolv. /tmp
/resolv. /tmp/resolv.*/
package network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'auto'
config switch
option name 'switch0'
config interface 'lan'
option type 'bridge'
option proto 'static'
option ipaddr '192.168.1.1'
option ip6assign '60'
option multicast_querier '0'
option igmp_snooping '0'
config interface 'wan'
option ifname 'eth1'
option proto 'dhcp'
option multicast_querier '0'
option igmp_snooping '0'
package wireless
config wifi-device 'wifi0'
option type 'qcawificfg80211'
option channel 'auto'
option macaddr '00:03:7f:12:27:27'
option hwmode '11axg'
option disabled '0'
config wifi-iface
option device 'wifi0'
option network 'lan'
option mode 'ap'
option ssid 'IOT_2G'
option encryption 'none'
config wifi-device 'wifi1'
option type 'qcawificfg80211'
option channel 'auto'
option macaddr '00:03:7f:12:e7:e7'
option hwmode '11axa'
option disabled '0'
config wifi-iface
option device 'wifi1'
option network 'lan'
option mode 'ap'
option ssid 'IOT_5G'
option encryption 'none'
package dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
option localservice '1'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option force '1'
option dhcpv6 'server'
option ra 'server'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
package firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option disabled '0'
config zone
option name 'lan'
list network 'lan'
list network 'lan1'
list network 'lan2'
list network 'lan3'
list network 'lan4'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'wan'
config forwarding
option src 'wan'
option dest 'lan'
config redirect
option src 'wan'
option proto 'all'
option dest 'lan'
option dest_ip '192.168.1.1'
option target 'DNAT'
config redirect
option src 'lan'
option src_ip '192.168.1.1'
option proto 'all'
option dest 'wan'
option target 'SNAT'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fe80::/10'
option src_port '547'
option dest_ip 'fe80::/10'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config rule
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include 'map'
option type 'script'
option path '/etc/firewall.d/map_firewall'
option family 'any'
option reload '1'
config include 'miniupnpd'
option type 'script'
option path '/usr/share/miniupnpd/firewall.include'
option family 'any'
option reload '1'
config include 'qcanssecm'
option type 'script'
option path '/etc/firewall.d/qca-nss-ecm'
option family 'any'
option reload '1'
# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.
# Internal uci firewall chains are flushed and recreated on reload, so
# put custom rules into the root chains e.g. INPUT or FORWARD or into the
# special user chains, e.g. input_wan_rule or postrouting_lan_rule.
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
inet 10.63.67.195/29 brd 10.63.67.199 scope global eth1
valid_lft forever preferred_lft forever
71: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
inet 192.168.1.1/32 brd 255.255.255.255 scope global br-lan
valid_lft forever preferred_lft forever
default via 10.63.67.193 dev eth1 proto static src 10.63.67.195
10.63.67.192/29 dev eth1 proto kernel scope link src 10.63.67.195
10.63.67.193 dev eth1 proto static scope link src 10.63.67.195
broadcast 10.63.67.192 dev eth1 table local proto kernel scope link src 10.63.67.195
local 10.63.67.195 dev eth1 table local proto kernel scope host src 10.63.67.195
broadcast 10.63.67.199 dev eth1 table local proto kernel scope link src 10.63.67.195
broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1
local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1
local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1
local 192.168.1.1 dev br-lan table local proto kernel scope host src 192.168.1.1
0: from all lookup 128
1: from all lookup local
32766: from all lookup main
32767: from all lookup default
ls: /etc/resolv.: No such file or directory
ls: /tmp/resolv.: No such file or directory
ls: /tmp/resolv.*/: No such file or directory
head: /etc/resolv.: No such file or directory
head: /tmp/resolv.: No such file or directory
head: /tmp/resolv.*/: No such file or directory
root@OpenWrt:~#
In my case the i wanted to ping the gateway of my eth1 interface from the br-lan interface. what will br configuration required to perform this. any suggestion.
By doing these configuration will i be able to ping the gateway IP of the WAN port from the br-lan interface which is having local IP address ?
br-lan IP address is 192.168.1.1 and the gateway IP of the WAN interface is 10.63.67.193. When i try to ping the gateway IP of WAN from br-lan using "ping -I br-lan 10.63.67.193" it is not able to ping the gateway IP from the br-lan interface. Any routing is required ?
To confirm, this is not the WAN address of the OpenWrt device, but rather it is the gateway for the network that includes your OpenWrt WAN, correct?
No special routing is required. However, I just tried this on my own OpenWrt router and it does not work with ping -I br-lan <IP.address.to.ping>. It does work if I put in the actual IP address of br-lan, though.
I'm referring to the fact that br-lan as an interface binding doesn't work... however, the equivalent IP address that br-lan holds does.
For example:
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth1.1'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '10.0.20.1'
Here, my br-lan interface has the address 10.0.20.1. If I issue ping -I br-lan 8.8.8.8 nothing happens -- it just stalls. However, if I instead use ping -I 10.0.20.1 8.8.8.8 it works.
The other thing to say is that it doesn't really make much sense to bind to the br-lan interface/address for this ping test because you can just simply issue the unbound ping and get the same result (unless you have firewall rules that are supposed to block those connections). Why complicate things binding to your lan interface when you're actually trying to ping an address on the wan side of your network?
When try as you suggest am able to ping from my router. But same IP if i wanted to ping from my wifi client connected to the device. it is not able to ping
Actually internet we are receiving at wan6 . But in wifi if we try with internet at wan we are able to browse from wifi client. But When we enable internet in wan6 with ipv6 address and try to browse in wifi client it is not able to get internet connectivity.
Is there any setting required for ipv6 , please let us know based on your observation.