afnan
January 31, 2019, 4:24pm
1
Hi,
I have run into a bit of routing problem using my Raspberry Pi with a Sierra Wireless MC7455 connected through USB.
I am able to get internet access to the Raspberry Pi but the Pi is not able to route that connection to my LAN side which means that anything that is connected to it locally does not have internet access.
Here is what my network config looks like for now:
root@OpenWrt:~# cat /etc/config/network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fxxx:xxxx:xxxx::/48'
config interface 'lan'
option type 'bridge'
option ifname 'eth0'
option proto 'dhcp'
config interface 'wwan'
option proto 'qmi'
option device '/dev/cdc-wdm0'
option ifname 'wwan0'
option apn 'data641003'
option type 'bridge'
Also this is how I know that I am getting data through the cell:
root@OpenWrt:~# ping -I wwan0 www.google.ca
PING www.google.ca (172.217.12.163): 56 data bytes
64 bytes from 172.217.12.163: seq=0 ttl=50 time=89.238 ms
64 bytes from 172.217.12.163: seq=1 ttl=50 time=80.653 ms
64 bytes from 172.217.12.163: seq=2 ttl=50 time=102.277 ms
64 bytes from 172.217.12.163: seq=3 ttl=50 time=118.494 ms
64 bytes from 172.217.12.163: seq=4 ttl=50 time=94.663 ms
Sorry I am a noob to this environment. Any help would be greatly appreciated.
Thanks
afnan
January 31, 2019, 7:29pm
3
I had done it before but then removed it. Is there any specifics I need to be aware of while assigning the interface to WAN firewall?
You simply need to place any Interfaces into a firewall zone. If you place WWAN into a zone, you can then proceed to ALLOW traffic from zone-WAN to zone-LAN.
afnan
January 31, 2019, 7:58pm
5
Hey I tried it and it's the same. I set up the firewall in LUCI but Below are my settings for through the terminal:
root@OpenWrt:/etc/config# cat firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'lan'
config zone
option name 'wan'
option output 'ACCEPT'
option input 'ACCEPT'
option forward 'ACCEPT'
option network 'wwan'
option family 'ipv4'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config include 'miniupnpd'
option type 'script'
option path '/usr/share/miniupnpd/firewall.include'
option family 'any'
option reload '1'
config forwarding
option dest 'lan'
option src 'wan'
config forwarding
option dest 'wan'
option src 'lan'
What am I missing here?
Thanks once again!
You're missing an enabled Masquerade on WAN.
1 Like
afnan
January 31, 2019, 8:49pm
7
That still does not change anything. I still cannot route my WWAN to WLAN or LAN.
ip a; ip r; head -n -0 /etc/resolv.conf /tmp/resolv.conf.auto
sysctl net.ipv4 | grep forward
iptables-save
afnan
February 6, 2019, 7:16pm
9
Hey guys Thank you for your help. I did some reconfiguration and basically removed the bridge from most interfaces and looks like I have internet connectivity through wwan. The ping and trace route work perfectly fine through the host devices BUT going onto a webpage still does not bring anything up. Here is my config for the network:
root@OpenWrt:~# cat /etc/config/network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fxxx:xxxx:xxxx::/48'
config interface 'lan'
option ifname 'eth0'
option proto 'dhcp'
config interface 'wwan'
option ifname 'wwan0'
option proto 'qmi'
option device '/dev/cdc-wdm0'
option apn 'data641003'
config interface 'STATICLAN'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option gateway '192.168.1.1'
option type 'bridge'
What could be wrong now?
afnan
February 6, 2019, 8:43pm
12
Hey vgaetera,
I changed that accordingly but unfortunately this does not resolve the issue. One thing I should mention is that while I am on my phone, opening some apps that need internet work perfectly fine while others do not work whatsoever. Do you think this is still a firewall problem?
uci show network; uci show firewall
afnan
February 6, 2019, 8:54pm
14
Here it is:
root@OpenWrt:~# uci show network; uci show firewall
network.loopback=interface
network.loopback.ifname='lo'
network.loopback.proto='static'
network.loopback.ipaddr='127.0.0.1'
network.loopback.netmask='255.0.0.0'
network.globals=globals
network.globals.ula_prefix='fxxx:xxxx:xxxx::/48'
network.lan=interface
network.lan.ifname='eth0'
network.lan.proto='dhcp'
network.wwan=interface
network.wwan.ifname='wwan0'
network.wwan.proto='qmi'
network.wwan.device='/dev/cdc-wdm0'
network.wwan.apn='data641003'
network.dhcplan=interface
network.dhcplan.proto='static'
network.dhcplan.ipaddr='192.168.1.1'
network.dhcplan.netmask='255.255.255.0'
network.dhcplan.type='bridge'
network.dhcplan.ifname='eth0'
firewall.@defaults[0]=defaults
firewall.@defaults[0].input='ACCEPT'
firewall.@defaults[0].output='ACCEPT'
firewall.@defaults[0].forward='ACCEPT'
firewall.@zone[0]=zone
firewall.@zone[0].name='lan'
firewall.@zone[0].input='ACCEPT'
firewall.@zone[0].output='ACCEPT'
firewall.@zone[0].forward='ACCEPT'
firewall.@zone[0].masq='1'
firewall.@zone[0].network='lan dhcplan'
firewall.@zone[1]=zone
firewall.@zone[1].name='wan'
firewall.@zone[1].output='ACCEPT'
firewall.@zone[1].input='ACCEPT'
firewall.@zone[1].forward='ACCEPT'
firewall.@zone[1].family='ipv4'
firewall.@zone[1].masq='1'
firewall.@zone[1].network='STATICLAN wwan'
firewall.@rule[0]=rule
firewall.@rule[0].name='Allow-DHCP-Renew'
firewall.@rule[0].src='wan'
firewall.@rule[0].proto='udp'
firewall.@rule[0].dest_port='68'
firewall.@rule[0].target='ACCEPT'
firewall.@rule[0].family='ipv4'
firewall.@rule[1]=rule
firewall.@rule[1].name='Allow-Ping'
firewall.@rule[1].src='wan'
firewall.@rule[1].proto='icmp'
firewall.@rule[1].icmp_type='echo-request'
firewall.@rule[1].family='ipv4'
firewall.@rule[1].target='ACCEPT'
firewall.@rule[2]=rule
firewall.@rule[2].name='Allow-IGMP'
firewall.@rule[2].src='wan'
firewall.@rule[2].proto='igmp'
firewall.@rule[2].family='ipv4'
firewall.@rule[2].target='ACCEPT'
firewall.@rule[3]=rule
firewall.@rule[3].name='Allow-DHCPv6'
firewall.@rule[3].src='wan'
firewall.@rule[3].proto='udp'
firewall.@rule[3].src_ip='fxxx:xxxx::/6'
firewall.@rule[3].dest_ip='fxxx:xxxx::/6'
firewall.@rule[3].dest_port='546'
firewall.@rule[3].family='ipv6'
firewall.@rule[3].target='ACCEPT'
firewall.@rule[4]=rule
firewall.@rule[4].name='Allow-MLD'
firewall.@rule[4].src='wan'
firewall.@rule[4].proto='icmp'
firewall.@rule[4].src_ip='fxxx:xxxx::/10'
firewall.@rule[4].icmp_type='130/0' '131/0' '132/0' '143/0'
firewall.@rule[4].family='ipv6'
firewall.@rule[4].target='ACCEPT'
firewall.@rule[5]=rule
firewall.@rule[5].name='Allow-ICMPv6-Input'
firewall.@rule[5].src='wan'
firewall.@rule[5].proto='icmp'
firewall.@rule[5].icmp_type='echo-request' 'echo-reply' 'destination-unreachable ' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type' 'router-so licitation' 'neighbour-solicitation' 'router-advertisement' 'neighbour-advertise ment'
firewall.@rule[5].limit='1000/sec'
firewall.@rule[5].family='ipv6'
firewall.@rule[5].target='ACCEPT'
firewall.@rule[6]=rule
firewall.@rule[6].name='Allow-ICMPv6-Forward'
firewall.@rule[6].src='wan'
firewall.@rule[6].dest='*'
firewall.@rule[6].proto='icmp'
firewall.@rule[6].icmp_type='echo-request' 'echo-reply' 'destination-unreachable ' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type'
firewall.@rule[6].limit='1000/sec'
firewall.@rule[6].family='ipv6'
firewall.@rule[6].target='ACCEPT'
firewall.@rule[7]=rule
firewall.@rule[7].name='Allow-IPSec-ESP'
firewall.@rule[7].src='wan'
firewall.@rule[7].dest='lan'
firewall.@rule[7].proto='esp'
firewall.@rule[7].target='ACCEPT'
firewall.@rule[8]=rule
firewall.@rule[8].name='Allow-ISAKMP'
firewall.@rule[8].src='wan'
firewall.@rule[8].dest='lan'
firewall.@rule[8].dest_port='500'
firewall.@rule[8].proto='udp'
firewall.@rule[8].target='ACCEPT'
firewall.@include[0]=include
firewall.@include[0].path='/etc/firewall.user'
firewall.miniupnpd=include
firewall.miniupnpd.type='script'
firewall.miniupnpd.path='/usr/share/miniupnpd/firewall.include'
firewall.miniupnpd.family='any'
firewall.miniupnpd.reload='1'
firewall.@forwarding[0]=forwarding
firewall.@forwarding[0].dest='lan'
firewall.@forwarding[0].src='wan'
firewall.@forwarding[1]=forwarding
firewall.@forwarding[1].dest='wan'
firewall.@forwarding[1].src='lan'
firewall.@redirect[0]=redirect
firewall.@redirect[0].target='DNAT'
firewall.@redirect[0].src='wan'
firewall.@redirect[0].dest='lan'
firewall.@redirect[0].proto='tcp'
firewall.@redirect[0].src_dport='422'
firewall.@redirect[0].dest_ip='192.168.1.1'
firewall.@redirect[0].dest_port='22'
firewall.@redirect[0].name='SSH'
afnan
February 19, 2019, 9:06pm
15
Hey guys,
I finally had it sorted out. The wrong firmware was loaded onto the USB modem. This was quite bizzare!
Now I am trying to sort out the GPS on the modem. Does anyone know which packages I will need on my OpenWRT to get GPS coordinates of the modem? Any links for the instructions?
Help would be appreciated.
Thanks
tmomas
February 19, 2019, 9:30pm
16
@afnan If your problem is solved, please consider marking this topic as [Solved]. (Click the pencil behind the topic...)
Please open a new topic for any questions not related to this topic.