Hi Guys,
I've just started using OpenWRT for my home network.
Situation:
I've 2 wifi networks and each of them is assigned to a separate vlan.
Let's call them general and iot.
In the Firewall section I defined that traffic from general network can be FWD to iot but not the other way around.
I've a DHCP server running in my iot network that assigns addresses from .3 to .93
Apart from that I've a bunch of iot devices that have a static IP assigned as they work a little bit faster in that use config and they have addresses over .200.
Problem:
So if I try to reach from the general network any device that has IP assigned by DHCP all works fine but if I try to reach a device that has a static IP assigned from the outside of DHCP pool then it's unreachable.
Question:
What's wrong and how to make the whole /24 subnet reachable from the general network?
trendy
July 27, 2021, 9:06pm
2
Are you trying to reach them by IP or hostname?
1 Like
I'm trying to reach them using their IP address.
When I connect to iot network they are perfectly reachable but not from the general network
faser
July 28, 2021, 12:15am
4
Is your DHCP config and your static configs configuring the same gateway?
1 Like
Please copy the output of the following commands and post it here using the "Preformatted text </>
" button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have:
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall
1 Like
Yup. They both mention my router IP address as a GW and they have no issues reaching the Internet
# cat /etc/config/network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd1e:f58a:7273::/48'
config interface 'lan'
option type 'bridge'
option ifname 'eth0.1'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.254.1'
config interface 'wan'
option ifname 'eth1.2'
option proto 'dhcp'
config interface 'wan6'
option ifname 'eth1.2'
option proto 'dhcpv6'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option vid '1'
option ports '5t 3t 2 1 0'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '6t 4'
option vid '2'
config interface 'wwan'
option proto 'dhcp'
config interface 'sensors'
option proto 'static'
option ipaddr '192.168.200.1'
option netmask '255.255.255.0'
option type 'bridge'
option ifname 'eth0.10'
config switch_vlan
option device 'switch0'
option vlan '3'
option vid '10'
option ports '5t 3t'
# cat /etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option hwmode '11a'
option path 'soc/soc:pcie/pci0000:00/0000:00:01.0/0000:01:00.0'
option country 'FR'
option htmode 'VHT80'
option channel '36'
config wifi-iface 'default_radio0'
option device 'radio0'
option network 'lan'
option mode 'ap'
option ssid 'trust_me_I'\''m_an_engineer_5G'
option key '<password>'
option encryption 'psk2+ccmp'
option ft_over_ds '0'
option ft_psk_generate_local '1'
option ieee80211r '1'
config wifi-device 'radio1'
option type 'mac80211'
option channel '11'
option hwmode '11g'
option path 'soc/soc:pcie/pci0000:00/0000:00:02.0/0000:02:00.0'
option htmode 'HT20'
option disabled '1'
config wifi-iface 'default_radio1'
option device 'radio1'
option network 'lan'
option mode 'ap'
option ssid 'OpenWrt'
option encryption 'none'
config wifi-device 'radio2'
option type 'mac80211'
option path 'platform/soc/soc:internal-regs/f10d8000.sdhci/mmc_host/mmc0/mmc0:0001/mmc0:0001:1'
option hwmode '11g'
option htmode 'HT40'
option channel '11'
option noscan '1'
config wifi-iface 'wifinet2'
option ssid 'trust_my_sensors'
option encryption 'psk2'
option device 'radio2'
option mode 'ap'
option network 'sensors'
option key '<password2>'
config wifi-iface 'wifinet3'
option ssid 'trust_me_I'\''m_an_engineer'
option encryption 'psk2'
option device 'radio2'
option mode 'ap'
option network 'lan'
option key '<password>'
# cat /etc/config/dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
config dhcp 'lan'
option interface 'lan'
option limit '150'
option dhcpv6 'server'
option ra 'server'
option leasetime '24h'
option ra_management '1'
option start '3'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config dhcp 'sensors'
option interface 'sensors'
option leasetime '24h'
option limit '90'
option start '3'
# cat /etc/config/firewall
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
option name 'lan'
config zone
option name 'sensors'
list network 'sensors'
option output 'ACCEPT'
option forward 'ACCEPT'
option input 'REJECT'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'wan'
list network 'wan6'
list network 'wwan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config forwarding
option dest 'wan'
option src 'sensors'
config forwarding
option dest 'sensors'
option src 'lan'
config forwarding
option dest 'wan'
option src 'lan'
config rule
option dest_port '67'
option src 'sensors'
option name 'SensorsDHCP'
option target 'ACCEPT'
list proto 'udp'
config rule
option dest_port '53'
option src 'sensors'
option name 'SensorsDNS'
option target 'ACCEPT'
trendy
July 28, 2021, 8:39am
8
Install tcpdump and run the following command:
tcpdump -i any -evn host 192.168.200.20X
Change the address to one of your static, run some tests to let it collect some packets, stop it with Ctrl-c
and paste here the output.