Router can’t connect to internet

I have a new link says 8450 which I flashed to openwrt. After flashing the wan port does not talk to the internet. Ultimately I would like to use this as a wire guard client but trying to get it working as a regular router before proceeding. Any help would be greatly appreciated

BusyBox v1.35.0 (2022-10-07 23:34:56 UTC) built-in shell (ash)

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 -----------------------------------------------------
 OpenWrt 22.03.1, r19777-2853b6d652
 -----------------------------------------------------
root@OpenWrt:~# ubus call system board
{
        "kernel": "5.10.146",
        "hostname": "OpenWrt",
        "system": "ARMv8 Processor rev 4",
        "model": "Linksys E8450 (UBI)",
        "board_name": "linksys,e8450-ubi",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "22.03.1",
                "revision": "r19777-2853b6d652",
                "target": "mediatek/mt7622",
                "description": "OpenWrt 22.03.1 r19777-2853b6d652"
        }
}
root@OpenWrt:~# cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd15:7ff6:f3b9::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'
        list ports 'lan4'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config interface 'wan'
        option proto 'dhcp'
        option device 'wan'

config interface 'wan6'
        option device 'wan'
        option proto 'dhcpv6'
        option reqaddress 'try'
        option reqprefix 'auto'

root@OpenWrt:~# cat/etc/config/firewall
-ash: cat/etc/config/firewall: not found
root@OpenWrt:~# cat /etc/config/firewall

config defaults
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option synflood_protect '1'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        option masq '1'
        list network 'lan'

config zone
        option name 'wan'
        option output 'ACCEPT'
        option mtu_fix '1'
        option input 'ACCEPT'
        option forward 'ACCEPT'
        option masq '1'
        list network 'wan6'
        list network 'wan'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config forwarding
        option src 'wan'
        option dest 'lan'

root@OpenWrt:~#

How is it supposed to connect to internet ?
What's your setup.

There are a few serious issues with your firewall. Most are unrelated to your specific issue, but they need to be fixed immediately.

on the wan zone, input and forwared should always be set to REJECT unless the wan is actually part of at trusted network (the internet is inherently untrusted).

Delete this rule. You do not want the wan to be able to reach the lan.

This one could possilby be involved in the issue, but regardless: turn off masquerading on the lan zone.

Meanwhile, what is upstream of your 8450? Is it a cable/dsl modem or ont? is it a combo modem+router unit?

If it is a combo modem+router, you likely have an overlapping subnet on the wan and lan... you'll need to change the lan address to another subnet (for example, 192.168.5.1).

If you have a cable modem, you may need to reboot the modem (possibly a few times) to clear the previous "lerned MAC" that it was using.

There could be other things, but we'll start here.

Thanks for the reply. The 8450 is connected to isp modem…I have rebooted a few times. I made the following changes per your prior message.

config zone
        option name 'Lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        list network 'lan'



config defaults
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option synflood_protect '1'

config zone
        option name 'wan'
        option output 'ACCEPT'
        option mtu_fix '1'
        option masq '1'
        list network 'wan6'
        list network 'wan'
        option input 'REJECT'
        option forward 'REJECT'

cable? dsl? Is the physical link happening? If you connect a computer directly to the ISP modem, does it get an IP?

Firewall looks good now.

Ethernet cable DSL, I have other a separate modem that I am switching back and forth with the 8450

What's the IP on the WAN port of the device you're switching with E8450 ?

192.168 Is receiving

This is an RFC1918 address... but it doesn't conflict with the default 192.168.1.0/24 network for OpenWrt.

If you plug a computer into that alternate router, what address does the computer get?

Getting 192.168.

ok... so, if you connect your equipment like this:

ISP modem > other router > openwrt router > computer

you would need to change your openwrt lan address (so maybe 192.168.5.1)... but once that is done (and the computer's DHCP lease force renewed), you should see that the OpenWrt router is functioning properly.

Yes what computer is seeing

I am not using other router in series, more like swapping them with each other

can you clarify/verify: the 136. address is the computer's IP when it is connected directly to the modem?

Is this a DHCP assigned address or does it require PPPoE?

I connected computer to alt router with Ethernet and it has this ip the computer shows.

I do not think it is PPPOE (Based on my limited knowledge this is using login to the ISP?) as I have never inputted the credentials.

Ok... so try using the computer to release the DHCP lease. Then immediately unplug the ethernet cable from the comptuer and plug it into the OpenWrt router (i.e. modem > OpenWrt router > computer)

Ok so I tried modem->alt router->computer to get connection then immediately did modem->8450->computer without luck

What about if you disconnect the alternate router and connect the modem directly to your computer? Does ithe computer get an address immediately?

Yes got a ip immediately

I'm honestly not sure why there would be a problem...

Try this:
Change the OpenWrt lan address to 192.168.5.1 (instructions)
Then, connect your OpenWrt router's wan port to the alternate router's lan port (and connect your alternate router's wan into the internet connection).

Does a computer behind the OpenWrt router get normal internet connectivity (yes, it'll be double-NAT, but should work).