Relayd - Unable to access LAN PC behind OpenWrt router

ade05fr · January 27, 2020, 11:54am

Hello
i have configure my Linksys EA9500 as a wireless bridge router with relayd (IP : 192.168.0.200 / 192.168.15.1), now i can connect to internet.
But there is still an issue, i cannot ping to my PC (192.168.0.127) or access it through another PC (example below 192.168.0.110)
There are on the same network. i fixed a static ip address to my PC, the gateway is the primary router.
Is there something that i missed ? another thing, on my Primary Router ( 192.168.0.1 ) i cant see my PC on the connected devices, i see only the IP address of the Linksys EA9500 (192.168.0.200) used as bridge.

ANy help ?
thanks

bill888 · January 27, 2020, 12:46pm

Can PC at 192.168.0.127 ping the other PC at 192.168.0.110 and main router 192.168.0.1 ?

Can PC at 192.168.0.110 access openwrt router at 192.168.0.200?

Suggest posting the contents of the /etc/config/network, /e/c/wireless, /e/c/firewall files along with OpenWrt version.

Perhaps compare it with working configs 'currently' discussed here:
https://forum.openwrt.org/t/relayd-not-forwarding-broadcast-bootp-dhcp-responses/53607

ade05fr · January 27, 2020, 2:48pm

i can ping from 192.168.0.127 to other PCs and the main router.
But the opposite is not possible, i can reach my router with IP 192.168.0.200 or my PC 192.168.0.127
Firewall issue ?
i will send my config files asap.
thanks

Hegabo · January 27, 2020, 3:38pm

I presume you meant to say you can't reach them (from 192.168.0.110).

ade05fr · January 27, 2020, 4:38pm

Yes you right my mistake

ade05fr · January 27, 2020, 5:25pm

/etc/config/firewall


config defaults
        option syn_flood '1'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        option network 'lan wwan relayd_wl_lan'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        option network 'wan wan6'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option src_ip 'fc00::/6'
        option dest_ip 'fc00::/6'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config include
        option path '/etc/firewall.user'

config include 'miniupnpd'
        option type 'script'
        option path '/usr/share/miniupnpd/firewall.include'
        option family 'any'
        option reload '1'

config include 'bcp38'
        option type 'script'
        option path '/usr/lib/bcp38/run.sh'
        option family 'IPv4'
        option reload '1'

/etc/config/network

root@OpenWrt:/etc/config# cat /etc/config/network

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd43:9bfa:3e5b::/48'

config interface 'lan'
        option type 'bridge'
        option ifname 'lan1 lan2 lan3 lan4 lan5 lan6 lan7 lan8 extsw eth2.101'
        option proto 'static'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option ipaddr '192.168.15.1'
        option gateway '192.168.0.1'
        list dns '192.168.0.1'

config interface 'wan'
        option type 'bridge'
        option ifname 'wan eth2.102'
        option proto 'dhcp'

config interface 'wan6'
        option ifname 'br-wan'
        option proto 'dhcpv6'

config interface 'wwan'
        option proto 'static'
        option ipaddr '192.168.0.200'
        option netmask '255.255.255.0'
        option gateway '192.168.0.1'
        list dns '192.168.0.1'

config interface 'relayd_wl_lan'
        option proto 'relay'
        option ipaddr '192.168.0.200'
        list network 'lan'
        list network 'wwan'

/etc/config/wireless


config wifi-device 'radio0'
        option type 'mac80211'
        option channel '36'
        option hwmode '11a'
        option path '18000000.axi/bcma0:7/pci0000:00/0000:00:00.0/0000:01:00.0/0000:02:01.0/0000:03:00.0'
        option htmode 'VHT80'
        option disabled '1'

config wifi-device 'radio1'
        option type 'mac80211'
        option channel '11'
        option hwmode '11g'
        option path '18000000.axi/bcma0:7/pci0000:00/0000:00:00.0/0000:01:00.0/0000:02:02.0/0000:04:00.0'
        option htmode 'HT20'
        option disabled '1'

config wifi-device 'radio2'
        option type 'mac80211'
        option hwmode '11a'
        option path '18000000.axi/bcma0:8/pci0001:00/0001:00:00.0/0001:01:00.0'
        option htmode 'VHT80'
        option channel '108'

config wifi-iface 'wifinet0'
        option device 'radio2'
        option mode 'sta'
        option network 'wwan'
        option ssid 'ASUS92-5Ghz'
        option key 'yas0210rahmane01'
        option encryption 'psk2'

bill888 · January 27, 2020, 5:51pm

At first glance, I would correct the lan zone as shown below

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        option network 'lan wwan'

I would also delete the 'wan' zone, and recommend removing all the rules and port forwards to clean up the file. See the example of a clean firewall file
https://forum.openwrt.org/t/relayd-not-forwarding-broadcast-bootp-dhcp-responses/53607/9

The following looks a bit odd to me. What's going on here?

config interface 'lan'
        
        option ifname 'lan1 lan2 lan3 lan4 lan5 lan6 lan7 lan8 extsw eth2.101'

I would also delete the 'wan' and 'wan6' zone to clean it up.

ade05fr · January 28, 2020, 7:25pm

with these modifications still same problems

 cat network

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd43:9bfa:3e5b::/48'

config interface 'lan'
        option type 'bridge'
        option ifname 'lan1 lan2 lan3 lan4 lan5 lan6 lan7 lan8 extsw eth2.101'
        option proto 'static'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option ipaddr '192.168.15.1'
        option gateway '192.168.0.1'
        list dns '192.168.0.1'

config interface 'wwan'
        option proto 'static'
        option ipaddr '192.168.0.200'
        option netmask '255.255.255.0'
        option gateway '192.168.0.1'
        list dns '192.168.0.1'

config interface 'relayd_wl_lan'
        option proto 'relay'
        option ipaddr '192.168.0.200'
        list network 'lan'
        list network 'wwan'

 cat firewall

config defaults
        option syn_flood '1'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        option network 'lan wwan'

config include
        option path '/etc/firewall.user'
root@OpenWrt:/etc/config#

bill888 · January 29, 2020, 4:04am

I'm out of ideas. I can only think there may be an issue with ARP somewhere.

(I note the EA9500 is a Broadcom based router. I thought there was no or very limited support for broadcom wifi)

Hegabo · January 29, 2020, 6:01am

You could also try trelay instead.

However, if your devices support WDS and are compatible, it's a better solution that is less problematic.

ade05fr · January 30, 2020, 12:57pm

Hi there
i have another question about my config. in fact when i do an ipconfig on my PC client i have an IPV6 address with my ipv4. how can i disable this to only obtain ipv4 address ?

thanks

Hegabo · January 30, 2020, 4:07pm

Go to http://192.168.1.1/cgi-bin/luci/admin/network/network

Then got the LAN interface settings, navigate to DHCP Server > IPv6 Settings and disable it from there.

ade05fr · February 2, 2020, 7:17am

Hi everyone i disable the ipv6 but still the problem to ping my pc on lan from another device on the same network (192.16.0.1/254)

what is wrong ?

66enligne · February 9, 2020, 4:08pm

Hi,
Using relay d since a while on RAMIPS and ATH79 based access points without problem for accessing PC both ends of the network. I just see some differences betwwen your and my config.

in your config I assume that the 192.18.0.1 machine is the main router.
As said in a previous comment, delete both wan and wan6 interfaces which are useless
in the 'lan' config I assume that bridging 'lan1 lan2......' is made to obtain a simple switch like lan behavior. Can you confirm that these names are valid names (using ip a)?
in my config wwan is proto dhcp. Dont know if it is of any concern but as the Access poin cannot be accessed using this address I don't care to make it static.
Here are the only changes I can see
BR

66enligne · February 9, 2020, 4:15pm

Sorry I forgot also to say that
both relayd bridge interface IP and wwan interface IP are different.
Does this helps?
BR