Release: 23.05.5
Problem: I am not able to make the clients connected to the router visible.
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option cachesize '1000'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option localservice '1'
option ednspacket_max '1232'
option noresolv '1'
list server '192.168.1.1#5353'
config redirect
option target 'DNAT'
option name 'DNS redir'
option src 'lan'
option src_dport '53'
option family 'ipv4'
Any idea?
brada4
October 14, 2024, 3:35pm
2
Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
ubus call system board
cat /etc/config/network
cat /etc/config/dhcp
cat /etc/config/firewall
opkg list-installed adguardhome
{
"kernel": "5.15.167",
"hostname": "RT3200",
"system": "ARMv8 Processor rev 4",
"model": "Linksys E8450 (UBI)",
"board_name": "linksys,e8450-ubi",
"rootfs_type": "squashfs",
"release": {
"distribution": "OpenWrt",
"version": "23.05.5",
"revision": "r24106-10cc5fcd00",
"target": "mediatek/mt7622",
"description": "OpenWrt 23.05.5 r24106-10cc5fcd00"
}
}
root@RT3200:~# cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd4f:fce3:d5d8::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr 'router'
option netmask '255.255.255.0'
option ip6assign '60'
config interface 'wan'
option device 'wan'
option proto 'dhcp'
config interface 'wan6'
option device 'wan'
option proto 'dhcpv6'
root@RT3200:~# cat /etc/config/dhcp
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option cachesize '1000'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option localservice '1'
option ednspacket_max '1232'
option noresolv '1'
list server 'router#5353'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
option ra_slaac '1'
list ra_flags 'managed-config'
list ra_flags 'other-config'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
root@RT3200:~# cat /etc/config/firewall
config defaults
option syn_flood '1'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config redirect
option target 'DNAT'
option name 'DNS Umleitung'
option src 'lan'
option src_dport '53'
root@RT3200:~# opkg list-installed adguardhome
adguardhome - 0.107.46-1
You need to completely replace dnsmasq with AGH as DNS, right now you're simply forwarding all queries from dnsmasq.
2 Likes
neurotransmitter:
option ipaddr 'router'
Just to be clear, redacting RFC1918 addresses does not provide any additional privacy, but it does make it harder for us to help you.
Try running this from the command line:
sed -i 's/port\:.*/port\:53/g' /etc/adguardhome.yaml
router=$(uci get network.lan.ipaddr)
uci set dhcp.@dnsmasq[0].noresolv="0"
uci set dhcp.@dnsmasq[0].cachesize="1000"
uci set dhcp.@dnsmasq[0].rebind_protection='0'
uci set dhcp.@dnsmasq[0].port="54"
uci -q delete dhcp.@dnsmasq[0].server
uci add_list dhcp.@dnsmasq[0].server="$router"
uci add_list dhcp.lan.dhcp_option="6,$router"
uci commit dhcp
rn=$(uci show firewall | grep 'DNS Umleitung' | cut -d "[" -f2 | cut -d "]" -f1)
uci del firewall.@redirect[$rn]
uci commit firewall
/etc/init.d/firewall restart
/etc/init.d/dnsmasq restart
/etc/init.d/adguardhome restart
EDIT:sed command, sorry.
sed -i 's/port\:.*/port\: 53/g' /etc/adguardhome.yaml
/etc/init.d/adguardhome restart
Thanks for response...on the other hand some guys from support announce to make IPs, PW and other personal information unreadable...
I will implement it as communicated...feedback later.
thx
Thank you Pavel, it works and I can see my clients.
root@RT3200:~# /etc/init.d/dnsmasq restart
udhcpc: started, v1.36.1
udhcpc: broadcasting discover
udhcpc: no lease, failing
That's unfair !what to do, @pavelgl "only" told you how to do it
1 Like
SORRRRIIIII
...but @pavelgl he gave me a hint to understand...you gave me a high level description which I mention with the link I found in Wiki...
neuro
frollic
October 15, 2024, 10:00am
11
it's OK, that's why the smiley's there
as for how and why, you can never know what level a poster is on, knowledge wise. some would have settled with the info I provided, some need additional info, like the guidance @pavelgl provided.
just make sure opkg still works on your router, it usually breaks after you've installed AGH, using the default AGH settings.
2 Likes
thanks, I'll keep that in mind...
pavelgl
October 15, 2024, 10:31am
13
It seems confusing, but it's normal.
This is the (positive) result of a test, which aims to verify that there is no other active DHCP server(s) on the network.
1 Like
I have to stop by again...
@pavelgl , @frollic on question pls...
Everything is fine, running and working...but...I see localhost 127.0.0.1 when for example the banip feeds are downloading but I don't see when AGH is downloading blocklists...why not?
frollic
October 20, 2024, 9:31pm
15
Banip uses AGH, AGH itself uses upstream DNS ?
GM,
system
October 31, 2024, 6:11am
17
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.
let me ask I received an error message:
