Please Help My Router can't access the internet

Installing and Using OpenWrt Network and Wireless Configuration
#1

Hi, I'm new to OpenWRT, i've just install it on my TP-LINK WR1043NDv4, I've been tried to connect my openwrt router to my modem, My pc that connect with OpenWRT through LAN port can access my modem and the internet, but my router can't. i've been trying some of the solution on the forum with the related topic like this thread but still can't access the internet. i want to update opkg package and install some package for my final project, but i've been stuck with this for a while.
I connect my modem and my router through LAN port. ping always return bad address. the LAN interface i set to static but with IP gateway to my modem still didn't solve the problem.

#2

Are you aware of any MAC cloning your ISP requires?

Can your router ping an external IP address (e.g. 8.8.8.8)?

What's the output of the following command when given by SSH to the OpenWrt router? (You may mask out your MAC addresses). Please use Pre-formated text tool </> in the tool bar here to format the text.

cat /etc/config/network
cat /etc/config/firewall
cat /etc/config/dhcp
2 Likes
#3

Is this by any chance a cable/DOCSIS modem? In that case power down both the router and the modem, wait for say 5 minutes and power up both again; DOCSIS modems will only allow DHCP to the head-end for a short period around boot-up, so unless your router's MAC is registered with Modem/DHCP-Server in that time-window it will not get internet access.

2 Likes
#4

in addition many cable modems will only listen to the first MAC they hear. often when consumer routers power up they are in dumb switch mode, any frame sent gets flooded to all ports, including WAN.

to avoid this, power down modem and router, power up router and wait 30 seconds for boot to set up the switch properly, then power up modem, it will only hear the router.

6 Likes
#5

Also, on some FTTx ISPs, their OEM router sends a DHCP Client ID. This causes the device to be "locked" to the ONT for ~2 hours.

My ISP will not clear this DHCP lease upon request; so you must wait the 2 hours before connecting another router.

3 Likes
#6

It's kind of DSL modem FTT thing. I already try what you said, but it didn't work, thanks for answering. I also already try @dlakelan too but it still can't connect to the internet. however, i can ping my modem from openwrt router, and i can access internet from my PC that connect to openWRT router that connect to my modem. it's making me crazy !

#7

Well, i even tried to wait 1 day and still can't connect to itnernet. i even made the static address on openWRT LAN interface to match the IP that my modem 'give' to my router, but the result is negative.

#8
  • I'm not sure, but i think MAC cloning didnt required.
  • Actually, i can, but i can't ping to google.com or openwrt.org, i assume something wrong with dns or something?
root@OpenWrt:~# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: seq=0 ttl=119 time=28.095 ms
64 bytes from 8.8.8.8: seq=1 ttl=119 time=26.408 ms
64 bytes from 8.8.8.8: seq=2 ttl=119 time=27.192 ms
64 bytes from 8.8.8.8: seq=3 ttl=119 time=26.379 ms
^C
--- 8.8.8.8 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 26.379/27.018/28.095 ms
  • Here is the content of network, firewall, and dhcp
root@OpenWrt:~# cat /etc/config/network

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd96:2a59:0a17::/48'

config interface 'lan'
	option type 'bridge'
	option ifname 'eth0.1'
	option proto 'static'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option gateway '192.168.1.254' <- My modem IP
	option ipaddr '192.168.1.9'

config device 'lan_dev'
	option name 'eth0.1'
	option macaddr '98:de:xx:xx:xx:xx'

config interface 'wan'
	option ifname 'eth0.2'
	option proto 'static'
	option ipaddr '10.10.10.1'
	option netmask '255.255.255.0'

config device 'wan_dev'
	option name 'eth0.2'
	option macaddr '98:de:xx:xx:xx:xx'

config interface 'wan6'
	option ifname 'eth0.2'
	option proto 'dhcpv6'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '1 2 3 4 0t'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option ports '5 0t'

cat /etc/config/firewall
config defaults
	option syn_flood	1
	option input		ACCEPT
	option output		ACCEPT
	option forward		REJECT
# Uncomment this line to disable ipv6 rules
#	option disable_ipv6	1

config zone
	option name		lan
	list   network		'lan'
	option input		ACCEPT
	option output		ACCEPT
	option forward		ACCEPT

config zone
	option name		wan
	list   network		'wan'
	list   network		'wan6'
	option input		REJECT
	option output		ACCEPT
	option forward		REJECT
	option masq		1
	option mtu_fix		1

config forwarding
	option src		lan
	option dest		wan

# We need to accept udp packets on port 68,
# see https://dev.openwrt.org/ticket/4108
config rule
	option name		Allow-DHCP-Renew
	option src		wan
	option proto		udp
	option dest_port	68
	option target		ACCEPT
	option family		ipv4

# Allow IPv4 ping
config rule
	option name		Allow-Ping
	option src		wan
	option proto		icmp
	option icmp_type	echo-request
	option family		ipv4
	option target		ACCEPT

config rule
	option name		Allow-IGMP
	option src		wan
	option proto		igmp
	option family		ipv4
	option target		ACCEPT

# Allow DHCPv6 replies
# see https://dev.openwrt.org/ticket/10381
config rule
	option name		Allow-DHCPv6
	option src		wan
	option proto		udp
	option src_ip		fc00::/6
	option dest_ip		fc00::/6
	option dest_port	546
	option family		ipv6
	option target		ACCEPT

config rule
	option name		Allow-MLD
	option src		wan
	option proto		icmp
	option src_ip		fe80::/10
	list icmp_type		'130/0'
	list icmp_type		'131/0'
	list icmp_type		'132/0'
	list icmp_type		'143/0'
	option family		ipv6
	option target		ACCEPT

# Allow essential incoming IPv6 ICMP traffic
config rule
	option name		Allow-ICMPv6-Input
	option src		wan
	option proto	icmp
	list icmp_type		echo-request
	list icmp_type		echo-reply
	list icmp_type		destination-unreachable
	list icmp_type		packet-too-big
	list icmp_type		time-exceeded
	list icmp_type		bad-header
	list icmp_type		unknown-header-type
	list icmp_type		router-solicitation
	list icmp_type		neighbour-solicitation
	list icmp_type		router-advertisement
	list icmp_type		neighbour-advertisement
	option limit		1000/sec
	option family		ipv6
	option target		ACCEPT

# Allow essential forwarded IPv6 ICMP traffic
config rule
	option name		Allow-ICMPv6-Forward
	option src		wan
	option dest		*
	option proto		icmp
	list icmp_type		echo-request
	list icmp_type		echo-reply
	list icmp_type		destination-unreachable
	list icmp_type		packet-too-big
	list icmp_type		time-exceeded
	list icmp_type		bad-header
	list icmp_type		unknown-header-type
	option limit		1000/sec
	option family		ipv6
	option target		ACCEPT

config rule
	option name		Allow-IPSec-ESP
	option src		wan
	option dest		lan
	option proto		esp
	option target		ACCEPT

config rule
	option name		Allow-ISAKMP
	option src		wan
	option dest		lan
	option dest_port	500
	option proto		udp
	option target		ACCEPT

# include a file with users custom iptables rules
config include
	option path /etc/firewall.user


### EXAMPLE CONFIG SECTIONS
# do not allow a specific ip to access wan
#config rule
#	option src		lan
#	option src_ip	192.168.45.2
#	option dest		wan
#	option proto	tcp
#	option target	REJECT

# block a specific mac on wan
#config rule
#	option dest		wan
#	option src_mac	00:11:22:33:44:66
#	option target	REJECT

# block incoming ICMP traffic on a zone
#config rule
#	option src		lan
#	option proto	ICMP
#	option target	DROP

# port redirect port coming in on wan to lan
#config redirect
#	option src			wan
#	option src_dport	80
#	option dest			lan
#	option dest_ip		192.168.16.235
#	option dest_port	80
#	option proto		tcp

# port redirect of remapped ssh port (22001) on wan
#config redirect
#	option src		wan
#	option src_dport	22001
#	option dest		lan
#	option dest_port	22
#	option proto		tcp

### FULL CONFIG SECTIONS
#config rule
#	option src		lan
#	option src_ip	192.168.45.2
#	option src_mac	00:11:22:33:44:55
#	option src_port	80
#	option dest		wan
#	option dest_ip	194.25.2.129
#	option dest_port	120
#	option proto	tcp
#	option target	REJECT

#config redirect
#	option src		lan
#	option src_ip	192.168.45.2
#	option src_mac	00:11:22:33:44:55
#	option src_port		1024
#	option src_dport	80
#	option dest_ip	194.25.2.129
#	option dest_port	120
#	option proto	tcp

root@OpenWrt:~# cat /etc/config/dhcp

config dnsmasq
	option domainneeded '1'
	option boguspriv '1'
	option filterwin2k '0'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option nonegcache '0'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.auto'
	option nonwildcard '1'
	option localservice '1'

config dhcp 'lan'
	option interface 'lan'
	option dhcpv6 'server'
	option ra 'server'
	option ra_management '1'
	option ignore '1'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'
#9

In other words, what the ISP's marketing department might be called FTTC, is actually VDSL (using outdoor DSLAMs) at work.

1 Like
#10

You have forgot to set the dns option in the router itself. Thatswhy it does not resolve addresses but ping by numeric IP address works.
Likely should be the modem address

2 Likes
#11

If your router can ping an external IP, it means your DSL connection works. If in addition it can't ping domain names, I would assume it is a DNS lookup configuration problem. Please show the output of the following commands.

nslookup openwrt.org
nslookup openwrt.org 8.8.8.8
1 Like
#12

The result is like this:

root@OpenWrt:~# nslookup openwrt.org
;; connection timed out; no servers could be reached

root@OpenWrt:~# nslookup openwrt.org 8.8.8.8
Server:		8.8.8.8
Address:	8.8.8.8#53

Name:      openwrt.org
Address 1: 139.59.209.225
Address 2: 2a03:b0c0:3:d0::1af1:1
root@OpenWrt:~# ping 139.59.209.255
PING 139.59.209.255 (139.59.209.255): 56 data bytes
64 bytes from 139.59.209.255: seq=0 ttl=55 time=205.544 ms
64 bytes from 139.59.209.255: seq=1 ttl=55 time=205.274 ms
64 bytes from 139.59.209.255: seq=2 ttl=55 time=205.115 ms
^C
--- 139.59.209.255 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 205.115/205.311/205.544 ms

i think this is the problem of not configuring dns option like @hnyman said. i'll try if adding dns option can solve this problem.

#13

Yeah, the problem is like @hnyman said, i didn't configure the dns option on LAN interface on my router, that actually connect to internet but only to ip address rather than the domain name. so adding dns option with my modem ip address resolve the problem. Thank you to all of you guys for answering ! May you all have good day sir !

root@OpenWrt:~# nslookup openwrt.org
Server:		127.0.0.1
Address:	127.0.0.1#53

Name:      openwrt.org
Address 1: 139.59.209.225
Address 2: 2a03:b0c0:3:d0::1af1:1
root@OpenWrt:~# ping google.com 
PING google.com (216.58.216.110): 56 data bytes
64 bytes from 216.58.216.110: seq=0 ttl=46 time=224.776 ms
64 bytes from 216.58.216.110: seq=1 ttl=46 time=224.425 ms
64 bytes from 216.58.216.110: seq=2 ttl=46 time=224.055 ms
64 bytes from 216.58.216.110: seq=3 ttl=46 time=224.408 ms
64 bytes from 216.58.216.110: seq=4 ttl=46 time=225.255 ms
64 bytes from 216.58.216.110: seq=5 ttl=46 time=224.096 ms
64 bytes from 216.58.216.110: seq=6 ttl=46 time=224.706 ms
^C
--- google.com ping statistics ---
7 packets transmitted, 7 packets received, 0% packet loss
round-trip min/avg/max = 224.055/224.531/225.255 ms
#14

hmm, I think there is the problem. Can you post a picture/drawing of the network, with the modem, the openwrt router. Important are the use ports of the devices.
The cable from the modem is connected to one of the lan ports or to the wan port?

#15

I see your issue is solved, but it also appears that you have your OpenWrt router in switch mode, and I imagine you are connecting your main modem-router to the LAN port of OpenWrt router.

Nothing is wrong with that, as long as you are aware that this means you are relying on the Firewall of the main modem-router and not OpenWrt. It should be fine if your main modem-router is a recent model with up to date firmware, otherwise you may consider changing your setup a bit.

1 Like
#16

Well, the problem already solved, but thanks for asking. it's simple

Modem -> LAN Port -> UTP -> LAN Port -> OpenWRT Router -> LAN Port -> UTP -> LAN Port PC

@Hegabo
I only use this OpenWRT in my test lab for my final project and it's isolated. i only want to connect to internet first to update the opkg list then download and install the package that required for my test lab.

#17

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.