Sim router ipv6 only, no lan access to internet

Installing and Using OpenWrt
1

Hi, first time posting because i'm struggling to get lan access to internet with new setup.
Previous setup, Vodafone router IPv4 -> Linksys EA8500 with openwrt, LAN access to internet working.
New setup, Sim router 'Telonika RUTX09' IPv6 only -> Linksys EA8500 with openwrt, no lan internet access. But I can from Luci - Diagnostics window - IPv6 ping & IPv6 traceroute and receive responses. IPv4 does not work.
IPv6 prefix delegation is used and i can see IPv6 address's on my LAN devices.
All of my LAN devices will not access the internet. My assumption is I have a firewall issue but i have been unsuccessful in figuring it out and would like some help.

/etc/config/network

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth1.1'

config device
	option name 'eth1.1'
	option macaddr 'c0:56:27:36:30:e6'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr '192.168.10.1'
	option netmask '255.255.255.0'
	option ip6assign '64'
	option delegate '0'
	option ip6ifaceid '::99'

config device
	option name 'eth0.2'
	option macaddr 'c0:56:27:36:30:e6'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '6t 1 2 3'
	option vid '1'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option ports '0t 5'
	option vid '2'

config interface 'wan_usb0'
	option proto 'dhcp'
	option device 'usb0'
	option metric '10'

config switch_vlan
	option device 'switch0'
	option vlan '3'
	option ports '0t 4'
	option vid '3'

config interface 'wan_usb1'
	option proto 'dhcp'
	option device 'usb1'
	option metric '15'

config interface 'wan'
	option proto 'dhcp'
	option device 'eth0.2'
	option metric '5'

config interface 'wan6'
	option proto 'dhcpv6'
	option device 'eth0.2'
	option reqaddress 'try'
	option reqprefix 'auto'

config interface 'wan_eth03'
	option proto 'dhcp'
	option device 'eth0.3'

/etc/config/firewall

config defaults
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option synflood_protect '1'

config zone 'lan'
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	list network 'lan'

config zone 'wan'
	option name 'wan'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'
	list network 'wan'
	list network 'wan6'
	list network 'wan_usb0'
	list network 'wan_usb1'
	list network 'wan_eth03'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option family 'ipv6'
	option target 'ACCEPT'
	list src_ip 'fe80::/10'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'
	list icmp_type 'bad-header'
	list icmp_type 'destination-unreachable'
	list icmp_type 'echo-reply'
	list icmp_type 'echo-request'
	list icmp_type 'neighbour-advertisement'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'packet-too-big'
	list icmp_type 'router-advertisement'
	list icmp_type 'router-solicitation'
	list icmp_type 'time-exceeded'
	list icmp_type 'unknown-header-type'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option proto 'icmp'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'
	list icmp_type 'bad-header'
	list icmp_type 'destination-unreachable'
	list icmp_type 'echo-reply'
	list icmp_type 'echo-request'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'unknown-header-type'
	option dest '*'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config redirect
	option dest 'lan'
	option target 'DNAT'
	option name 'ext-vnc'
	option src 'wan'
	option src_dport 'xxxx'
	option dest_ip 'xx.xx.xx.xx'
	option dest_port '5900'

config redirect
	option dest 'lan'
	option target 'DNAT'
	option name 'ext-ssh'
	option src 'wan'
	option src_dport 'xxxxx'
	option dest_ip 'xx.xx.xx.xx'
	option dest_port '22'

config rule 'wg'
	option name 'Allow-WireGuard'
	option src 'wan'
	option dest_port '51820'
	option proto 'udp'
	option target 'ACCEPT'

/etc/config/dhcp

config dnsmasq
	option domainneeded '1'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option cachesize '1000'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option localservice '1'
	option ednspacket_max '1232'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'server'
	option dhcpv6 'server'
	option ra 'server'
	list ra_flags 'managed-config'
	list ra_flags 'other-config'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

config host
	option name 'ReadyNAS-102'
	option ip '192.168.10.175'
	option mac '28:C6:8E:36:58:C7'

config host
	option name 'mythtvserver'
	option ip '192.168.10.178'
	option mac '68:1D:EF:2B:90:01'
2 
ifstatus lan
ifstatus wan
ifstatus wan6
nslookup ipv4only.arpa.
ping openwrt.de
1 Like
3

All obtained from ssh into router

ifstatus lan
{
	"up": true,
	"pending": false,
	"available": true,
	"autostart": true,
	"dynamic": false,
	"uptime": 567,
	"l3_device": "br-lan",
	"proto": "static",
	"device": "br-lan",
	"updated": [
		"addresses"
	],
	"metric": 0,
	"dns_metric": 0,
	"delegation": false,
	"ipv4-address": [
		{
			"address": "192.168.10.1",
			"mask": 24
		}
	],
	"ipv6-address": [
		
	],
	"ipv6-prefix": [
		
	],
	"ipv6-prefix-assignment": [
		{
			"address": "fd2c:cd52:458f:4::",
			"mask": 64,
			"preferred": 42636,
			"valid": 42636,
			"local-address": {
				"address": "fd2c:cd52:458f:4::99",
				"mask": 64
			}
		}
	],
	"route": [
		
	],
	"dns-server": [
		
	],
	"dns-search": [
		
	],
	"neighbors": [
		
	],
	"inactive": {
		"ipv4-address": [
			
		],
		"ipv6-address": [
			
		],
		"route": [
			
		],
		"dns-server": [
			
		],
		"dns-search": [
			
		],
		"neighbors": [
			
		]
	},
	"data": {
		
	}
}

ifstatus wan
{
	"up": true,
	"pending": false,
	"available": true,
	"autostart": true,
	"dynamic": false,
	"uptime": 612,
	"l3_device": "eth0.2",
	"proto": "dhcp",
	"device": "eth0.2",
	"updated": [
		"addresses",
		"routes",
		"data"
	],
	"metric": 5,
	"dns_metric": 0,
	"delegation": true,
	"ipv4-address": [
		{
			"address": "192.168.6.101",
			"mask": 24
		}
	],
	"ipv6-address": [
		
	],
	"ipv6-prefix": [
		
	],
	"ipv6-prefix-assignment": [
		
	],
	"route": [
		{
			"target": "0.0.0.0",
			"mask": 0,
			"nexthop": "192.168.6.1",
			"source": "192.168.6.101/32"
		}
	],
	"dns-server": [
		"192.168.6.1"
	],
	"dns-search": [
		"lan"
	],
	"neighbors": [
		
	],
	"inactive": {
		"ipv4-address": [
			
		],
		"ipv6-address": [
			
		],
		"route": [
			
		],
		"dns-server": [
			
		],
		"dns-search": [
			
		],
		"neighbors": [
			
		]
	},
	"data": {
		"dhcpserver": "192.168.6.1",
		"hostname": "OpenWrt",
		"leasetime": 43200
	}
}

ifstatus wan6
{
	"up": true,
	"pending": false,
	"available": true,
	"autostart": true,
	"dynamic": false,
	"uptime": 654,
	"l3_device": "eth0.2",
	"proto": "dhcpv6",
	"device": "eth0.2",
	"metric": 0,
	"dns_metric": 0,
	"delegation": true,
	"ipv4-address": [
		
	],
	"ipv6-address": [
		{
			"address": "2a00:23ee:1c60:354::7f6",
			"mask": 128,
			"preferred": 42543,
			"valid": 42543
		},
		{
			"address": "fd2c:cd52:458f::7f6",
			"mask": 128,
			"preferred": 42543,
			"valid": 42543
		},
		{
			"address": "2a00:23ee:1c60:354:c256:27ff:fe36:30e6",
			"mask": 64
		},
		{
			"address": "fd2c:cd52:458f:0:c256:27ff:fe36:30e6",
			"mask": 64
		}
	],
	"ipv6-prefix": [
		{
			"address": "fd2c:cd52:458f:4::",
			"mask": 62,
			"preferred": 42543,
			"valid": 42543,
			"class": "wan6",
			"assigned": {
				"lan": {
					"address": "fd2c:cd52:458f:4::",
					"mask": 64
				}
			}
		}
	],
	"ipv6-prefix-assignment": [
		
	],
	"route": [
		{
			"target": "2a00:23ee:1c60:354::",
			"mask": 64,
			"nexthop": "::",
			"metric": 256,
			"source": "::/0"
		},
		{
			"target": "fd2c:cd52:458f::",
			"mask": 64,
			"nexthop": "::",
			"metric": 256,
			"source": "::/0"
		},
		{
			"target": "2a00:23ee:1c60:354::",
			"mask": 62,
			"nexthop": "fe80::21e:42ff:fe2a:75c0",
			"metric": 512,
			"valid": 1720,
			"source": "fd2c:cd52:458f:4::/62"
		},
		{
			"target": "2a00:23ee:1c60:354::",
			"mask": 62,
			"nexthop": "fe80::21e:42ff:fe2a:75c0",
			"metric": 512,
			"valid": 1720,
			"source": "2a00:23ee:1c60:354:c256:27ff:fe36:30e6/64"
		},
		{
			"target": "2a00:23ee:1c60:354::",
			"mask": 62,
			"nexthop": "fe80::21e:42ff:fe2a:75c0",
			"metric": 512,
			"valid": 1720,
			"source": "fd2c:cd52:458f:0:c256:27ff:fe36:30e6/64"
		},
		{
			"target": "2a00:23ee:1c60:354::",
			"mask": 62,
			"nexthop": "fe80::21e:42ff:fe2a:75c0",
			"metric": 512,
			"valid": 1720,
			"source": "2a00:23ee:1c60:354::7f6/128"
		},
		{
			"target": "2a00:23ee:1c60:354::",
			"mask": 62,
			"nexthop": "fe80::21e:42ff:fe2a:75c0",
			"metric": 512,
			"valid": 1720,
			"source": "fd2c:cd52:458f::7f6/128"
		},
		{
			"target": "fd2c:cd52:458f::",
			"mask": 48,
			"nexthop": "fe80::21e:42ff:fe2a:75c0",
			"metric": 512,
			"valid": 1720,
			"source": "fd2c:cd52:458f:4::/62"
		},
		{
			"target": "fd2c:cd52:458f::",
			"mask": 48,
			"nexthop": "fe80::21e:42ff:fe2a:75c0",
			"metric": 512,
			"valid": 1720,
			"source": "2a00:23ee:1c60:354:c256:27ff:fe36:30e6/64"
		},
		{
			"target": "fd2c:cd52:458f::",
			"mask": 48,
			"nexthop": "fe80::21e:42ff:fe2a:75c0",
			"metric": 512,
			"valid": 1720,
			"source": "fd2c:cd52:458f:0:c256:27ff:fe36:30e6/64"
		},
		{
			"target": "fd2c:cd52:458f::",
			"mask": 48,
			"nexthop": "fe80::21e:42ff:fe2a:75c0",
			"metric": 512,
			"valid": 1720,
			"source": "2a00:23ee:1c60:354::7f6/128"
		},
		{
			"target": "fd2c:cd52:458f::",
			"mask": 48,
			"nexthop": "fe80::21e:42ff:fe2a:75c0",
			"metric": 512,
			"valid": 1720,
			"source": "fd2c:cd52:458f::7f6/128"
		},
		{
			"target": "::",
			"mask": 0,
			"nexthop": "fe80::21e:42ff:fe2a:75c0",
			"metric": 512,
			"valid": 1720,
			"source": "fd2c:cd52:458f:4::/62"
		},
		{
			"target": "::",
			"mask": 0,
			"nexthop": "fe80::21e:42ff:fe2a:75c0",
			"metric": 512,
			"valid": 1720,
			"source": "2a00:23ee:1c60:354:c256:27ff:fe36:30e6/64"
		},
		{
			"target": "::",
			"mask": 0,
			"nexthop": "fe80::21e:42ff:fe2a:75c0",
			"metric": 512,
			"valid": 1720,
			"source": "fd2c:cd52:458f:0:c256:27ff:fe36:30e6/64"
		},
		{
			"target": "::",
			"mask": 0,
			"nexthop": "fe80::21e:42ff:fe2a:75c0",
			"metric": 512,
			"valid": 1720,
			"source": "2a00:23ee:1c60:354::7f6/128"
		},
		{
			"target": "::",
			"mask": 0,
			"nexthop": "fe80::21e:42ff:fe2a:75c0",
			"metric": 512,
			"valid": 1720,
			"source": "fd2c:cd52:458f::7f6/128"
		}
	],
	"dns-server": [
		"fd2c:cd52:458f::1"
	],
	"dns-search": [
		
	],
	"neighbors": [
		
	],
	"inactive": {
		"ipv4-address": [
			
		],
		"ipv6-address": [
			
		],
		"route": [
			
		],
		"dns-server": [
			
		],
		"dns-search": [
			
		],
		"neighbors": [
			
		]
	},
	"data": {
		"passthru": "00170010fd2ccd52458f00000000000000000001"
	}
}

nslookup ipv4only.arpa.
Server:		127.0.0.1
Address:	127.0.0.1:53

Non-authoritative answer:
Name:	ipv4only.arpa
Address: 192.0.0.171
Name:	ipv4only.arpa
Address: 192.0.0.170

Non-authoritative answer:
Name:	ipv4only.arpa
Address: 64:ff9b::c000:aa
Name:	ipv4only.arpa
Address: 64:ff9b::c000:ab

ping openwrt.de
PING openwrt.de (64:ff9b::40be:3f6f): 56 data bytes
64 bytes from 64:ff9b::40be:3f6f: seq=0 ttl=49 time=64.243 ms
64 bytes from 64:ff9b::40be:3f6f: seq=1 ttl=49 time=65.641 ms
64 bytes from 64:ff9b::40be:3f6f: seq=2 ttl=49 time=64.147 ms
64 bytes from 64:ff9b::40be:3f6f: seq=3 ttl=49 time=59.663 ms
64 bytes from 64:ff9b::40be:3f6f: seq=4 ttl=49 time=68.863 ms
^C
--- openwrt.de ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 59.663/64.511/68.863 ms
4

repeat of last two commands from LAN connected laptop.

nslookup ipv4only.arpa.
Server:		127.0.0.53
Address:	127.0.0.53#53

Non-authoritative answer:
Name:	ipv4only.arpa
Address: 192.0.0.170
Name:	ipv4only.arpa
Address: 192.0.0.171
Name:	ipv4only.arpa
Address: 64:ff9b::c000:aa
Name:	ipv4only.arpa
Address: 64:ff9b::c000:ab

ping openwrt.de
PING openwrt.de (64.190.63.111) 56(84) bytes of data.
From 192.168.6.1 (192.168.6.1) icmp_seq=29 Destination Net Unreachable
^C
--- openwrt.de ping statistics ---
33 packets transmitted, 0 received, +1 errors, 100% packet loss, time 32781ms
5

You do not have a prefix from upstream, so you need to configure a relay, see https://openwrt.org/docs/guide-user/network/ipv6/configuration

Once you have IPv6 available in LAN (with global addresses), you should be able to access both v6 and v4 hostnames as you already have DNS64/NAT64 working.

To access IPv4 literals you will need to install 464xlat.

1 Like
6

Thanks for your help.
I'll post an update later once i have tried your suggestions.

7

After lots of messing about. I got IPv6 on my LAN to connect to WAN and therefore internet.
I had to use Relay mode.
This youtube video helped a lot explaining the steps and clearly showing the settings in Luci. IPv6 with OpenWrt
Watching from 19:53 onwards.

8

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.