We‘re getting closer to a solution. I can ping google from my ssh session on the router but can‘t access it from my laptop (attention: I masqueraded lan as suggested before)
Edit: Also after disabling lan -> wan masquerading again I still can‘t access google.com from my laptop connected to eth1
I‘m currently resetting the router configuration to start up again as you suggested. Just to understand the system: What is the difference between assigning the wan firewall zone to my interface named whatever I like (that‘s what I did and is documented in the screenshots above) vs. naming the interface „wan“ and not doing anything else?
It's just fewer steps. Not knowing what else you may have tried, and since this use case is so close to the default configuration anyway, I suggested starting over.
Thank you. I did what you suggested. I observe the exactly same behavior as before: I do have internet (I can ping google.com) from my ssh session on the router (I opened the ssh session to the authentication server from the router). But I can‘t ping google from my laptop connected to eth1 (the bridge device, eth0 is the wan device).
Edit 1:
Maybe @frollic can help, his guidance led to the same result.
I don‘t really understand how the bridge device works, but as I removed the eth0 from it, don‘t I run two completely separated networks now?
Edit 2:
I can also open an ssh authentication session from my laptop but I still only have internet on the router – not on the laptop.
Yes. I authenticated via laptop —> ssh root@192.168.1.1 —> ssh user@ip and also directly via laptop —> ssh user@ip
Both times I do have internet and working DNS on the router (I‘m connected via ssh from my laptop to the router) but I don‘t have internet on my laptop
Edit 1:
This means I can connect to the „outside“ from my laptop to the auth host (laptop coming in at lan and going out at wan to the auth)
On the laptop, run a traceroute to any numeric Internet IP such as 8.8.8.4. Also run a ping to the ISP's first router (the gateway that you configured).
I suspect you may be being blocked inside the ISP by some feature they have designed to block usage of routers.
For authentication I‘m currently running an ssh session on my laptop. I can ping 8.8.8.8 from the router (obviously, I could also ping using a domain name) and I can also ping 8.8.8.8 from my laptop (but I can‘t resolve the DNS query for google)
Yes I am. When not using OpenWrt but configuring my MacBook directly it works as well by just keeping an ssh session open in a terminal window in the background.
When I was not using OpenWrt but connecting my MaxBook directly. Interesting fact: The laptop doesn‘t get a DNS server from the router (it did before, you asked me that earlier)
Edit 1:
Before I reset the configuration (and also when bridge was eth0 and eth1) the laptop got 192.168.1.1 as DNS server
The default configuration will have the router advertise itself (192.168.1.1) as DNS server for LAN DHCP clients. Make sure the laptop is set to be fully automatic DHCP with nothing manually configured.