[Solved]Can't deal with openwrt 22.03 firewall

Installing and Using OpenWrt Network and Wireless Configuration
1

For some reason I need my sceond openwrt router to connect internet ( just act as a PC if setup static ip ,It has internet)
Before openwrt 22.03 ,everything is ok.after my sceond openwrt upgrade to openwrt 22.03.it will not get internet, I guess it caused by firewall 4,but have no ideal to figure it out.

if I roll back to openwrt 21.02,everything is ok again

here are the settings on my sceond openwrt router (same settings on openwrt 21.02 and openwrt 22.03 via luci web)
main router dhcp on,and second router dhcp off.second op only have 1 network port(lan port) which connect to main router's lan port

For openwrt 21.02

network:
config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd86:e33f:a6fc::/48'
        option packet_steering '1'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option gateway '192.168.100.88'
        option dns '192.168.100.88'
        option ipaddr '192.168.100.250'

firewall
config defaults
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option flow_offloading '1'
        option syn_flood '0'

config zone
        option name 'lan'
        list network 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'

config include
        option path '/etc/firewall.user'


For openwrt 22.03
network
config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd1f:7fe6:5da4::/48'
        option packet_steering '1'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0'
        
config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option gateway '192.168.100.88'
        list dns '192.168.100.88'
        option ipaddr '192.168.100.250'

firewall
config defaults
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option flow_offloading '1'

config zone
        option name 'lan'
        list network 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'

OP
OP751×236 27.3 KB

2

can't have same subnet on wan and lan side of the openwrt router (well, probably any router, really).

1 Like
3

forgot to say :
main router dhcp on,and second router dhcp off.second op only have 1 network port and connect to main router's lan port

4

then I guess it should be set up as https://openwrt.org/docs/guide-user/network/wifi/dumbap, is it ?

1 Like
5

Second op router just like a PC if it setup static ip ,It has internet
then if I ssh into Second op router.I can ping google.com

thanks

6

is that a question, or a statement ?

7

a question,need to be solved.
my network need second openwrt run progam on it to achieve some function

8

Did you turn off the dhcp server on the openwrt lan?

9

based on -^ I'd say it's actually working ...
what doesn't work ?

10

Yes,dhcp is off on op

11

so what exactly is not working?

1 Like
12

After my sceond openwrt upgrade from 21.02 to openwrt 22.03.sceond openwrt will not get internet

thanks

13

sceond openwrt will not get internet after upgrade to openwrt 22.03.

14

Are you talking about the router itself, or clients connected to it?

Please run two sets of tests:

  • First from the 2nd router itself (via ssh)
  • Then from a host that is connected to the 2nd router via wifi
ping 192.168.100.250
ping 192.168.100.88
ping 8.8.8.8
ping google.com
15

root@openwrt:~# ping 192.168.100.250
PING 192.168.100.250 (192.168.100.250): 56 data bytes
64 bytes from 192.168.100.250: seq=0 ttl=64 time=0.362 ms
64 bytes from 192.168.100.250: seq=1 ttl=64 time=0.169 ms
64 bytes from 192.168.100.250: seq=2 ttl=64 time=0.162 ms
64 bytes from 192.168.100.250: seq=3 ttl=64 time=0.174 ms
z^Z[1]+ Stopped ping 192.168.100.250
root@openwrt:~# ping 192.168.100.88
PING 192.168.100.88 (192.168.100.88): 56 data bytes
64 bytes from 192.168.100.88: seq=0 ttl=64 time=0.560 ms
64 bytes from 192.168.100.88: seq=1 ttl=64 time=0.510 ms
64 bytes from 192.168.100.88: seq=2 ttl=64 time=0.435 ms
^Z[2]+ Stopped ping 192.168.100.88
root@openwrt:~# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: seq=0 ttl=110 time=86.840 ms
64 bytes from 8.8.8.8: seq=1 ttl=110 time=59.677 ms
64 bytes from 8.8.8.8: seq=2 ttl=110 time=63.948 ms
^Z[3]+ Stopped ping 8.8.8.8
root@openwrt:~# ping google.com
ping: bad address 'google.com'

16

so it is a DNS issue.
This is your problem here:

It should probably be:

	list dns '192.168.100.88'
17

I just did it.but no help
before I setup dns via luci-web network-interface-advance ,the config file will be option dns '192.168.100.88'

and if change to list dns '192.168.100.88' via vi /etc/config/network ,then restart network ,it still does't work

18

Are you positive that 192.168.100.88 is serving DNS? what if you change the DNS server to 8.8.8.8?

19

I will try
I was wrong ,sorry.you are rignt,shoud be list dns '192.168.100.88'

before I setup dns via commend line ,the config file will be option dns '192.168.100.88'
and if change via luci web.it wil be list dns '192.168.100.88',then restart network ,it still does't work

20

change the DNS server to 8.8.8.8 is still not working