PPPOE routing device not resolving dhcp

Hello,

I have a Netgear WAX202 setup as PPPOE router, and DHCP server. All local devices have internet connection without issues, but the router itself seems to have DHCP resolution troubles.

I have tried everything I have imagined, including creating a firewall rule allowing 127.0.0.1

my setup:
root@OpenWrt:~# nslookup google.com

nslookup: write to '127.0.0.1': Connection refused
nslookup: write to '::1': Connection refused
;; connection timed out; no servers could be reached

root@OpenWrt:~# nslookup google.com 8.8.8.8

Server:         8.8.8.8
Address:        8.8.8.8:53

Non-authoritative answer:
Name:   google.com
Address: 216.58.215.142

Non-authoritative answer:
Name:   google.com
Address: 2a00:1450:4003:80c::200e

root@OpenWrt:~# cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option packet_steering '1'
        option ula_prefix 'fd9a:5e0e:aa9f::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option ipaddr '192.168.1.1'
        option defaultroute '0'
        list dns '8.8.8.8'
        list dns '9.9.9.9'
        option delegate '0'

config device
        option name 'wan'
        option macaddr '34:98:b5:0e:bf:30'

config interface 'wan'
        option proto 'pppoe'
        option username 'XXXXXXXX@digi'
        option password 'XXXXXXXX'
        option ipv6 'auto'
        option device 'wan.20'
        option peerdns '0'
        list dns '8.8.8.8'
        option delegate '0'

config device
        option type '8021q'
        option ifname 'wan'
        option vid '20'
        option name 'wan.20'

root@OpenWrt:~# cat /etc/config/dhcp

config dnsmasq
        option domainneeded '1'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option localservice '1'
        option ednspacket_max '1232'
        option localuse '1'
        option port '1'
        list server '9.9.9.9'
        option noresolv '1'
        option nohosts '1'

config dhcp 'lan'
        option interface 'lan'
        option dhcpv4 'server'
        option start '15'
        option limit '235'
        option leasetime '2m'
        option master '1'
        option ra_dns '0'
        list dhcp_option '6,8.8.8.8,8.8.4.4'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

root@OpenWrt:~# cat /etc/config/firewall

config defaults
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option synflood_protect '1'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        list network 'lan'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        list network 'wan'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'
        option src 'wan'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

• 127.0.0.1 is localhoat (i.e. itself). This traffic doesn't leave the machine (it appears you're showing the router querying the DNS (dnsmasq) instance
• When you say "DHCP resolution", do you mean client dont get IPs from the OpenWrt?
• Your DNS server should be configured on WAN, not LAN. It needs to be on the interface that actuall has Internet connectivity.

This is the reason why the LAN clients have access to the Internet.

This will cause dnsmasq to listen on port 1 instead of the default port 53.

This will cause dnsmasq to ignore upstream DNS servers.

2 minute lease time? Any particular reason?

This is wrong or useless and should be removed.

uci delete dhcp.@dnsmasq[0].port
uci delete dhcp.@dnsmasq[0].noresolv
uci set dhcp.lan.leasetime='12h'
uci delete network.lan.dns
uci delete network.lan.defaultroute
uci commit; /etc/init.d/network restart; /etc/init.d/dnsmasq restart

Thanks a lot, it worked like a charm.

I made this setup to be able to detect any problem in my DNS setup in a short time, not having problems in random devices the day after. Probably is better approach doing a release/renew instead.

The lessons I have learn are:

1. Not to mess the port.

2. The DNS server should be configured on WAN, not LAN.

The other "weird setup" was desperate attempts to get it to work.

Thanks a lot @pavelgl and @lleachii for the help. +1 in your karma

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.