Ok, I had started configuring my router. And it's already having issues
I'm using OpenWrt 21.02-SNAPSHOT r15986-cc51d97200 and had set only wan and wan6 so far, and installed ip-full and iputils-ping. ping -I pppoe-wan -c 4 208.67.222.222
works, but ping -c 2 208.67.222.222
fails:
# ping -I pppoe-wan -c 4 208.67.222.222
PING 208.67.222.222 (208.67.222.222): 56 data bytes
64 bytes from 208.67.222.222: seq=0 ttl=54 time=26.376 ms
64 bytes from 208.67.222.222: seq=1 ttl=54 time=26.633 ms
64 bytes from 208.67.222.222: seq=2 ttl=54 time=26.390 ms
64 bytes from 208.67.222.222: seq=3 ttl=54 time=26.357 ms
--- 208.67.222.222 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 26.357/26.439/26.633 ms
# ping -c 2 208.67.222.222
PING 208.67.222.222 (208.67.222.222): 56 data bytes
--- 208.67.222.222 ping statistics ---
2 packets transmitted, 0 packets received, 100% packet loss
traceroute also isn't working
traceroute 208.67.222.222
traceroute to 208.67.222.222 (208.67.222.222), 30 hops max, 46 byte packets
1 * * *
2 * * *
3 * * *
4 * * *
Oddly, it works for IPv6.
ping -c 4 ipv6.google.com
PING ipv6.google.com(2800:3f0:4001:813::200e (2800:3f0:4001:813::200e)) 56 data bytes
64 bytes from 2800:3f0:4001:813::200e (2800:3f0:4001:813::200e): icmp_seq=1 ttl=116 time=21.5 ms
64 bytes from 2800:3f0:4001:813::200e (2800:3f0:4001:813::200e): icmp_seq=2 ttl=116 time=21.5 ms
64 bytes from 2800:3f0:4001:813::200e (2800:3f0:4001:813::200e): icmp_seq=3 ttl=116 time=21.4 ms
64 bytes from 2800:3f0:4001:813::200e (2800:3f0:4001:813::200e): icmp_seq=4 ttl=116 time=21.7 ms
--- ipv6.google.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3006ms
rtt min/avg/max/mdev = 21.417/21.525/21.666/0.090 ms
Configs are pretty basic, am I missing anything?
# cat /etc/config/network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fdfa::/48'
config interface 'self'
option ifname 'lo'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.255'
option gateway '192.168.1.1'
config interface 'lan'
option type 'bridge'
option ifname 'eth0'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
option ip6ifaceid '::1'
config interface 'wan'
option ifname 'eth3'
option proto 'pppoe'
option username 'cliente@cliente'
option password 'cliente'
option ipv6 'auto'
option delegate '0'
option metric '10'
config interface 'wan6'
option ifname '@wan'
option proto 'dhcpv6'
option reqaddress 'try'
option peerdns '0'
option metric '20'
option reqprefix '56'
config interface 'modem_telefk'
option proto 'static'
option ifname 'eth3'
option ipaddr '192.168.35.22'
option netmask '255.255.255.0'
# cat /etc/config/firewall
config defaults
option syn_flood 1
option input ACCEPT
option output ACCEPT
option forward REJECT
# Uncomment this line to disable ipv6 rules
# option disable_ipv6 1
config zone
option name lan
list network 'lan'
option input ACCEPT
option output ACCEPT
option forward ACCEPT
config zone
option name wan
option input REJECT
option output ACCEPT
option forward REJECT
option masq 1
option mtu_fix 1
list network 'wan'
list network 'wan6'
list network 'wan_6'
list network 'modem_telefk'
config forwarding
option src lan
option dest wan
# We need to accept udp packets on port 68,
# see https://dev.openwrt.org/ticket/4108
config rule
option name Allow-DHCP-Renew
option src wan
option proto udp
option dest_port 68
option target ACCEPT
option family ipv4
# Allow IPv4 ping
config rule
option name Allow-Ping
option src wan
option proto icmp
option icmp_type echo-request
option family ipv4
option target ACCEPT
config rule
option name Allow-IGMP
option src wan
option proto igmp
option family ipv4
option target ACCEPT
# Allow DHCPv6 replies
# see https://dev.openwrt.org/ticket/10381
config rule
option name Allow-DHCPv6
option src wan
option proto udp
option src_ip fc00::/6
option dest_ip fc00::/6
option dest_port 546
option family ipv6
option target ACCEPT
config rule
option name Allow-MLD
option src wan
option proto icmp
option src_ip fe80::/10
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family ipv6
option target ACCEPT
# Allow essential incoming IPv6 ICMP traffic
config rule
option name Allow-ICMPv6-Input
option src wan
option proto icmp
list icmp_type echo-request
list icmp_type echo-reply
list icmp_type destination-unreachable
list icmp_type packet-too-big
list icmp_type time-exceeded
list icmp_type bad-header
list icmp_type unknown-header-type
list icmp_type router-solicitation
list icmp_type neighbour-solicitation
list icmp_type router-advertisement
list icmp_type neighbour-advertisement
option limit 1000/sec
option family ipv6
option target ACCEPT
# Allow essential forwarded IPv6 ICMP traffic
config rule
option name Allow-ICMPv6-Forward
option src wan
option dest *
option proto icmp
list icmp_type echo-request
list icmp_type echo-reply
list icmp_type destination-unreachable
list icmp_type packet-too-big
list icmp_type time-exceeded
list icmp_type bad-header
list icmp_type unknown-header-type
option limit 1000/sec
option family ipv6
option target ACCEPT
config rule
option name Allow-IPSec-ESP
option src wan
option dest lan
option proto esp
option target ACCEPT
config rule
option name Allow-ISAKMP
option src wan
option dest lan
option dest_port 500
option proto udp
option target ACCEPT
# allow interoperability with traceroute classic
# note that traceroute uses a fixed port range, and depends on getting
# back ICMP Unreachables. if we're operating in DROP mode, it won't
# work so we explicitly REJECT packets on these ports.
config rule
option name Support-UDP-Traceroute
option src wan
option dest_port 33434:33689
option proto udp
option family ipv4
option target REJECT
option enabled false
# include a file with users custom iptables rules
config include
option path /etc/firewall.user
### EXAMPLE CONFIG SECTIONS
# do not allow a specific ip to access wan
#config rule
# option src lan
# option src_ip 192.168.45.2
# option dest wan
# option proto tcp
# option target REJECT
# block a specific mac on wan
#config rule
# option dest wan
# option src_mac 00:11:22:33:44:66
# option target REJECT
# block incoming ICMP traffic on a zone
#config rule
# option src lan
# option proto ICMP
# option target DROP
# port redirect port coming in on wan to lan
#config redirect
# option src wan
# option src_dport 80
# option dest lan
# option dest_ip 192.168.16.235
# option dest_port 80
# option proto tcp
# port redirect of remapped ssh port (22001) on wan
#config redirect
# option src wan
# option src_dport 22001
# option dest lan
# option dest_port 22
# option proto tcp
### FULL CONFIG SECTIONS
#config rule
# option src lan
# option src_ip 192.168.45.2
# option src_mac 00:11:22:33:44:55
# option src_port 80
# option dest wan
# option dest_ip 194.25.2.129
# option dest_port 120
# option proto tcp
# option target REJECT
#config redirect
# option src lan
# option src_ip 192.168.45.2
# option src_mac 00:11:22:33:44:55
# option src_port 1024
# option src_dport 80
# option dest_ip 194.25.2.129
# option dest_port 120
# option proto tcp
Some more info in case of needed
ip a show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 192.168.1.1/32 brd 255.255.255.255 scope global lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master br-lan state UP group default qlen 1000
link/ether a0:36:9f:aa:4b:68 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether a0:36:9f:aa:4b:69 brd ff:ff:ff:ff:ff:ff
4: eth2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether a0:36:9f:aa:4b:6a brd ff:ff:ff:ff:ff:ff
5: eth3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether a0:36:9f:aa:4b:6b brd ff:ff:ff:ff:ff:ff
inet 192.168.35.22/24 brd 192.168.35.255 scope global eth3
valid_lft forever preferred_lft forever
inet6 fe80::a236:------------/64 scope link
valid_lft forever preferred_lft forever
6: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether a0:36:9f:aa:4b:68 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.1/24 brd 192.168.1.255 scope global br-lan
valid_lft forever preferred_lft forever
inet6 2804:-----------::1/64 scope global dynamic noprefixroute
valid_lft 42643sec preferred_lft 42643sec
inet6 fdfa::1/60 scope global noprefixroute
valid_lft forever preferred_lft forever
inet6 fe80::a236:9fff:feaa:4b68/64 scope link
valid_lft forever preferred_lft forever
7: pppoe-wan: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1492 qdisc fq_codel state UNKNOWN group default qlen 3
link/ppp
inet x.x.x.x peer x.x.x.x/32 scope global pppoe-wan
valid_lft forever preferred_lft forever
inet6 2804:--------------------/64 scope global dynamic noprefixroute
valid_lft 259171sec preferred_lft 172771sec
inet6 fe80::f8bf:-----------------/128 scope link
valid_lft forever preferred_lft forever
# ip route show
default via 192.168.1.1 dev lo proto static
default via 179.x.x.21 dev pppoe-wan proto static metric 10
179.x.x.21 dev pppoe-wan proto kernel scope link src 179.y.y.50
192.168.1.0/24 dev br-lan proto kernel scope link src 192.168.1.1
192.168.35.0/24 dev eth3 proto kernel scope link src 192.168.35.22
nslookup google.com
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: google.com
Address 1: 172.217.162.142
Address 2: 2800:3f0:4001:81b::200e
traceroute -i pppoe-wan 208.67.222.222
traceroute to 208.67.222.222 (208.67.222.222), 30 hops max, 46 byte packets
1 * * *
2 ----------.net.br (----------) 2.463 ms ---------.net.br (187.115.223.47) 2.252 ms --------.com.br (152.255.176.107) 2.002 ms
3 --------------.com.br (--------------) 19.704 ms 19.582 ms 19.703 ms