Problems with Wifi upgrading

Im using a fritzbox 4040 and upgraded to the latest openwrt from 21.03 to 22.03 now the wifi doesnt work as before. People on this forum helped me set it up so that all wifi traffic is routed over tor which was excellent but now with the new firewall the nft one i run into an issue and it doesnt work.
changelog mentions something about firewall.user to be ignored if its not made compatible but doesnt say how to do so. when i do a fw4 reload this happens.

root@OpenWrt:~# fw4 reload
Section lan_wan is disabled, ignoring section
Section @redirect[0] (Privoxy HTTPS) is disabled, ignoring section
Section @redirect[1] (Privoxy) is disabled, ignoring section
Section dns_int (Intercept-DNS) is disabled, ignoring section
Section tcp_int (Intercept-TCP) option 'extra' is not supported by fw4
Section @include[0] is not marked as compatible with fw4, ignoring section
Section @include[0] requires 'option fw4_compatible 1' to be considered compatible
/dev/stdin:218:41-44: Error: transport protocol mapping is only valid after transport protocol match
                meta nfproto ipv4 counter redirect to 9040 comment "!fw4: Intercept-TCP"
                                          ~~~~~~~~    ^^^^

so hopefully someone can help me out get this setup working again.
thanks in advance.


This looks indeed more an firewall issue then Wifi? What is really wrong with your Wifi, as you only show a fw log?
And related to nftables instead of iptables within the firewall settings.

Did you read the changelog of v22.03:
There is stated: Sysupgrade can be used to upgrade a device from OpenWrt 21.02 to 22.03, and configuration will be preserved in most cases
Check your old and new /etc/config/network file.

First make sure all your hardware does what it should do after an upgrade, are all lan and wan ports available and check Wifi.
Then the software, like firewall etc.
My experience was that network was completely different from old config (missing lan ports), even vlans -swconfig- were gone (and not needed afterwards).
But this was not on a fritzbox 4040, although I'm planning to do so in coming weeks.


1 Like

Yes the wifi isnt the problem it works if i dont use the tor routing all the rules are there so that did get carried over it just doesnt work because of that issue its for sure the firewall as if i downgrade all works but i rather have this working i just dont know how to fix this or how to convert it think that actually isnt the issue either just that 1 last line seems to be causing the problem and failing.
so wifi does work if i have it set to "normal" but switching back to tor does not which is the issue.

Your custom firewall script needs to be migrated to the nftables system.

Are you sure that it is something that can't be implemented at high level with fw4 rules?

1 Like

I have no idea the forum in the past helped me set this up to route wifi over tor, pretty sure dgdodo
was also part of that to get that running back then.
this was a set of commands i put in using putty back then im not sure there is a script
or where it would be the firewall rules are still there in the webbrowser.

I don't know how this rule is created, but you need to specify the (tcp) protocol.

ip protocol tcp counter redirect to 9040


meta nfproto ipv4 tcp dport 0-65535 counter redirect to 9040

or best translate the iptables rule that is suggested in the guide

meta nfproto ipv4 tcp flags syn fib daddr type != { local, broadcast } counter redirect to 9040
1 Like

Everything got converted during the upgrade and got in the state of not working with that error.
i did the iptables-save > save.txt then have it translated to nft this didnt fix anything seemed all the same
same error to.ill try your comments and report back as soon i get to it.
does this command redirect it only for wifi? as i see no mention of any device or wifi just all traffic
atleast thats how i read it. dont want lan going over tor only wifi.

I was going over the gui and noticed in firewall portfforwards the 1 rule and external ports being empty
this was red so that box led to the error im sure so i put in what pavelgl typed as the range now all works.
wifi is going over tor and lan is not affected.

thank you all again for helping me out much appreciated.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.